[Reproducible-builds] [PATCH] Reproducible U-Boot build support, using SOURCE_DATE_EPOCH

Paul Kocialkowski contact at paulk.fr
Mon Jul 27 17:36:32 UTC 2015


Le lundi 20 juillet 2015 à 17:13 +0200, Heiko Schocher a écrit :
> Hello Paul,
> 
> Am 20.07.2015 um 15:30 schrieb Paul Kocialkowski:
> >> I am just on the jump into my holidays, so I have not yet the time
> >> to test it ... I want to try it for all builds with the scripts
> >> I posted with my v2 ... but a first fast look into your patch looks
> >> nice, if it works, it is ok with me ... I am back aprox. july 5th.
> >
> > Okay, maybe I'll have a go at your scripts then! The idea to coordinate
> 
> Uh.. I am just a script beginner, they are not perfect ...

I got around testing your scripts with the latest version of my patch
yesterday. The scripts look good, they get the job done.

I tried building on all the supported ARM boards (grep CONFIG_ARM in
configs/) and all boards appear to be reproducible.

However, it turns out that when build with the -C and O= arguments (to
indicate the source directory and to output objects in a separate
directory), the binaries differed. However, running the second call of
your scripts after moving the directory didn't result in a change.

I have yet to figure out exactly what the differences are and what they
are caused by.

> Maybe this can be done/added at travis.org ?
> See u-boot builds there:
> https://travis-ci.org/u-boot/u-boot/
> 
> > with Debian developers would be to use their infrastructure to
> > automatically test as many u-boot targets as possible in an automated
> > and periodical manner (e.g. once a month), so that we can easily spot
> > which target is broken or which commit introduced a regression.
> 
> This sounds good ... feel free to trigger me, if I can help.
> 
> bye,
> Heiko
> >
> >> maybe a README entry would be fine ;-)
> >
> > Good point, that makes sense. I'll craft that in v2. I'll just wait for
> > some more feedback before sending a new version.
> >
> > Thanks!
> >
> >>> It would be nice to have this tested on as many boards as possible to
> >>> spot other areas that make the binaries not reproducible. However, I
> >>> doubt this patch will evolve much and other fixes should be sent in
> >>> subsequent patches.
> >>>
> >>>> Signed-off-by: Paul Kocialkowski <contact at paulk.fr>
> >>>> ---
> >>>>    Makefile              |  7 ++++---
> >>>>    tools/default_image.c | 21 ++++++++++++++++++++-
> >>>>    2 files changed, 24 insertions(+), 4 deletions(-)
> >>>>
> >>>> diff --git a/Makefile b/Makefile
> >>>> index 37cc4c3..71aeac7 100644
> >>>> --- a/Makefile
> >>>> +++ b/Makefile
> >>>> @@ -1231,9 +1231,10 @@ define filechk_version.h
> >>>>    endef
> >>>>
> >>>>    define filechk_timestamp.h
> >>>> -	(LC_ALL=C date +'#define U_BOOT_DATE "%b %d %C%y"'; \
> >>>> -	LC_ALL=C date +'#define U_BOOT_TIME "%T"'; \
> >>>> -	LC_ALL=C date +'#define U_BOOT_TZ "%z"')
> >>>> +	(SOURCE_DATE="$${SOURCE_DATE_EPOCH:+@$$SOURCE_DATE_EPOCH}"; \
> >>>> +	LC_ALL=C date -u -d "$${SOURCE_DATE:-now}" +'#define U_BOOT_DATE "%b %d %C%y"'; \
> >>>> +	LC_ALL=C date -u -d "$${SOURCE_DATE:-now}" +'#define U_BOOT_TIME "%T"'; \
> >>>> +	LC_ALL=C date -u -d "$${SOURCE_DATE:-now}" +'#define U_BOOT_TZ "%z"' )
> >>>>    endef
> >>>>
> >>>>    $(version_h): include/config/uboot.release FORCE
> >>>> diff --git a/tools/default_image.c b/tools/default_image.c
> >>>> index cf5c0d4..18940af 100644
> >>>> --- a/tools/default_image.c
> >>>> +++ b/tools/default_image.c
> >>>> @@ -88,6 +88,9 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
> >>>>    				struct image_tool_params *params)
> >>>>    {
> >>>>    	uint32_t checksum;
> >>>> +	char *source_date_epoch;
> >>>> +	struct tm *time_universal;
> >>>> +	time_t time;
> >>>>
> >>>>    	image_header_t * hdr = (image_header_t *)ptr;
> >>>>
> >>>> @@ -96,9 +99,25 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
> >>>>    				sizeof(image_header_t)),
> >>>>    			sbuf->st_size - sizeof(image_header_t));
> >>>>
> >>>> +	source_date_epoch = getenv("SOURCE_DATE_EPOCH");
> >>>> +	if (source_date_epoch != NULL) {
> >>>> +		time = (time_t) strtol(source_date_epoch, NULL, 10);
> >>>> +
> >>>> +		time_universal = gmtime(&time);
> >>>> +		if (time_universal == NULL) {
> >>>> +			fprintf(stderr, "%s: SOURCE_DATE_EPOCH is not valid\n",
> >>>> +				__func__);
> >>>> +			time = 0;
> >>>> +		} else {
> >>>> +			time = mktime(time_universal);
> >>>> +		}
> >>>> +	} else {
> >>>> +		time = sbuf->st_mtime;
> >>>> +	}
> >>>> +
> >>>>    	/* Build new header */
> >>>>    	image_set_magic(hdr, IH_MAGIC);
> >>>> -	image_set_time(hdr, sbuf->st_mtime);
> >>>> +	image_set_time(hdr, time);
> >>>>    	image_set_size(hdr, sbuf->st_size - sizeof(image_header_t));
> >>>>    	image_set_load(hdr, params->addr);
> >>>>    	image_set_ep(hdr, params->ep);
> >>>
> >>
> >
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150727/1bd39fb8/attachment.sig>


More information about the Reproducible-builds mailing list