Re: [ptxdist] [PATCH 2/3] barebox: add option for building barebox reproducibly

["Baeuerle, Florian" <Florian.Baeuerle@allegion.com>]

I tested this for phycore-am335x and phycard-imx27 bootloaders. I get the same
binaries from different machines, but I think anyone using that feature should
first test it before putting any trust into it.

This is a quick implementation that I primarily need for my RAUC bundles (for
not overwriting unchanged bootloaders).

I think this could me implemented as a ptxdist- or platform option that would
theoretically allow building every package reproducibly.

Some packages need special treatment of course, but that could be done with:

ifdef PTXDIST_REPRODUCIBLE
PKG_ENV := $(PKG_ENV) SOME_OTHER_VAR=1
endif

or a new variable:

PKG_REPRODUCIBLE_ENV := ...

Any thoughts or ideas on this?


-Florian

Am Donnerstag, den 11.10.2018, 14:19 +0000 schrieb Baeuerle, Florian:
> Inject fake timestamps into the build via faketime to produce the exact
> same binaries.
> 
> Signed-off-by: Florian Bäuerle <florian.baeuerle@allegion.com>
> ---
>  platforms/barebox.in | 10 ++++++++++
>  rules/barebox.make   | 16 +++++++++++++++-
>  2 files changed, 25 insertions(+), 1 deletion(-)
> 
> diff --git a/platforms/barebox.in b/platforms/barebox.in
> index 645366e93..5bc2f08b6 100644
> --- a/platforms/barebox.in
> +++ b/platforms/barebox.in
> @@ -13,6 +13,7 @@ menuconfig BAREBOX
>  	select HOST_OPENSSL if BAREBOX_NEEDS_HOST_OPENSSL
>  	select HOST_IMX_CST if BAREBOX_NEEDS_HOST_IMX_CST
>  	select HOST_LZOP if BAREBOX_NEEDS_HOST_LZOP
> +	select HOST_FAKETIME if BAREBOX_REPRODUCIBLE
>  	prompt "barebox                       "
>  	bool
>  	help
> @@ -50,6 +51,15 @@ config BAREBOX_EXTRA_ENV_PATH
>  	  Directories and files to add to the builtin barebox environment.
>  	  Relative paths must be relative to the platformconfigdir.
>  
> +config BAREBOX_REPRODUCIBLE
> +	prompt "build reproducibly"
> +	bool
> +	default n
> +	help
> +	  With this, fake timestamps are injected to the barebox build, so the
> +	  resulting barebox images are identical when the sources haven't been
> +	  changed.
> +
>  config BAREBOX_BAREBOXENV
>  	prompt "install 'bareboxenv'"
>  	bool
> diff --git a/rules/barebox.make b/rules/barebox.make
> index a6ec3c394..ad160b3ba 100644
> --- a/rules/barebox.make
> +++ b/rules/barebox.make
> @@ -45,6 +45,20 @@ BAREBOX_ENV := \
>  	KCONFIG_NOTIMESTAMP=1 \
>  	pkg_wrapper_blacklist="$(BAREBOX_WRAPPER_BLACKLIST)"
>  
> +ifdef PTXCONF_BAREBOX_REPRODUCIBLE
> +BAREBOX_FAKE_TIMESTAMP := \
> +	$(shell echo $(BAREBOX_VERSION) | \
> +		sed -E "s/([0-9]{4})\.([0-9]{1,2}).*/\1-\2-01 00:00:00/")
> +BAREBOX_FAKETIME := faketime -f "$(BAREBOX_FAKE_TIMESTAMP)"
> +BAREBOX_ENV := $(BAREBOX_ENV) \
> +	KBUILD_BUILD_TIMESTAMP="$(BAREBOX_FAKE_TIMESTAMP)" \
> +	KBUILD_BUILD_VERSION="0" \
> +	KBUILD_BUILD_USER="ptxdist" \
> +	KBUILD_BUILD_HOST="ptxdist"
> +else
> +BAREBOX_FAKETIME :=
> +endif
> +
>  BAREBOX_MAKEVARS := \
>  	V=$(PTXDIST_VERBOSE) \
>  	HOSTCC=$(HOSTCC) \
> @@ -113,7 +127,7 @@ ifdef PTXCONF_BAREBOX_EXTRA_ENV
>  endif
>  
>  	@+cd $(BAREBOX_DIR) && $(BAREBOX_PATH) $(BAREBOX_ENV) \
> -		$(MAKE) $(BAREBOX_MAKEVARS)
> +		$(BAREBOX_FAKETIME) $(MAKE) $(BAREBOX_MAKEVARS)
>  	@$(call touch)
>  
>  # -------------------------------------------------------------------------
> ---
> -- 
> 2.19.0
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de