| Message ID | 20230703062231.18183-7-venkata.pyla@toshiba-tsip.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [isar-cip-core,v2,1/6] .reproducible-check-ci.yml: Include swupdate artifacts in reproducible check | expand |
On 03.07.23 08:22, venkata.pyla@toshiba-tsip.com wrote: > From: venkata pyla <venkata.pyla@toshiba-tsip.com> > > The generated .swu file is not reproducible due to its file contents are > copied with its build time stamps, so set all file timestamps to > SOURCE_DATE_EPOCH value if it is set. > > Closes #69 > > Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com> > --- > classes/swupdate.bbclass | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass > index ac59c00..3d2b5f0 100644 > --- a/classes/swupdate.bbclass > +++ b/classes/swupdate.bbclass > @@ -115,6 +115,10 @@ IMAGE_CMD:swu() { > done > cd "${PP_WORK}/swu" > for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do > + # Set file timestamps for reproducible builds > + if [ -n "${SOURCE_DATE_EPOCH}" ]; then > + touch -d@"${SOURCE_DATE_EPOCH}" "$file" > + fi Does this work for SWU_ADDITIONAL_FILES as well? If I read the code correctly, those are just symbolic links. Jan > echo "$file" > if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then > if [ "${SWU_SIGNATURE_TYPE}" = "rsa" ]; then > @@ -129,9 +133,13 @@ IMAGE_CMD:swu() { > -inkey "${PP_WORK}/dev.key" \ > -outform DER -nosmimecap -binary > fi > + # Set file timestamps for reproducible builds > + if [ -n "${SOURCE_DATE_EPOCH}" ]; then > + touch -d@"${SOURCE_DATE_EPOCH}" "$file.${SWU_SIGNATURE_EXT}" > + fi > echo "$file.${SWU_SIGNATURE_EXT}" > fi > - done | cpio -ovL -H crc > "${SWU_BUILDCHROOT_IMAGE_FILE}"' > + done | cpio -ovL --reproducible -H crc > "${SWU_BUILDCHROOT_IMAGE_FILE}"' > } > > python do_check_swu_partition_uuids() {
>-----Original Message----- >From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of >Jan Kiszka via lists.cip-project.org >Sent: Monday, July 3, 2023 4:26 PM >To: pyla venkata(TSIP TMIEC ODG Porting) <Venkata.Pyla@toshiba- >tsip.com>; cip-dev@lists.cip-project.org >Cc: dinesh kumar(TSIP TMIEC ODG Porting) <dinesh.kumar@toshiba- >tsip.com>; hayashi kazuhiro(林 和宏 DME ○DIG□MPS○MP4) ><kazuhiro3.hayashi@toshiba.co.jp> >Subject: Re: [cip-dev] [isar-cip-core v2 6/6] swupdate.bbclass: Fix file timestamps >are not reproducible in swu file > >On 03.07.23 08:22, venkata.pyla@toshiba-tsip.com wrote: >> From: venkata pyla <venkata.pyla@toshiba-tsip.com> >> >> The generated .swu file is not reproducible due to its file contents >> are copied with its build time stamps, so set all file timestamps to >> SOURCE_DATE_EPOCH value if it is set. >> >> Closes #69 >> >> Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com> >> --- >> classes/swupdate.bbclass | 10 +++++++++- >> 1 file changed, 9 insertions(+), 1 deletion(-) >> >> diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index >> ac59c00..3d2b5f0 100644 >> --- a/classes/swupdate.bbclass >> +++ b/classes/swupdate.bbclass >> @@ -115,6 +115,10 @@ IMAGE_CMD:swu() { >> done >> cd "${PP_WORK}/swu" >> for file in "${SWU_DESCRIPTION_FILE}" >> ${SWU_ADDITIONAL_FILES}; do >> + # Set file timestamps for reproducible builds >> + if [ -n "${SOURCE_DATE_EPOCH}" ]; then >> + touch -d@"${SOURCE_DATE_EPOCH}" "$file" >> + fi > >Does this work for SWU_ADDITIONAL_FILES as well? If I read the code correctly, >those are just symbolic links. Yes, it works because the touch command (without -h option) changes the original file timestamp instead of the symbolic link file. > >Jan > >> echo "$file" >> if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then >> if [ "${SWU_SIGNATURE_TYPE}" = "rsa" ]; then @@ >> -129,9 +133,13 @@ IMAGE_CMD:swu() { >> -inkey "${PP_WORK}/dev.key" \ >> -outform DER -nosmimecap -binary >> fi >> + # Set file timestamps for reproducible builds >> + if [ -n "${SOURCE_DATE_EPOCH}" ]; then >> + touch -d@"${SOURCE_DATE_EPOCH}" >"$file.${SWU_SIGNATURE_EXT}" >> + fi >> echo "$file.${SWU_SIGNATURE_EXT}" >> fi >> - done | cpio -ovL -H crc > "${SWU_BUILDCHROOT_IMAGE_FILE}"' >> + done | cpio -ovL --reproducible -H crc > >"${SWU_BUILDCHROOT_IMAGE_FILE}"' >> } >> >> python do_check_swu_partition_uuids() { > >-- >Siemens AG, Technology >Competence Center Embedded Linux
diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index ac59c00..3d2b5f0 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -115,6 +115,10 @@ IMAGE_CMD:swu() { done cd "${PP_WORK}/swu" for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do + # Set file timestamps for reproducible builds + if [ -n "${SOURCE_DATE_EPOCH}" ]; then + touch -d@"${SOURCE_DATE_EPOCH}" "$file" + fi echo "$file" if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then if [ "${SWU_SIGNATURE_TYPE}" = "rsa" ]; then @@ -129,9 +133,13 @@ IMAGE_CMD:swu() { -inkey "${PP_WORK}/dev.key" \ -outform DER -nosmimecap -binary fi + # Set file timestamps for reproducible builds + if [ -n "${SOURCE_DATE_EPOCH}" ]; then + touch -d@"${SOURCE_DATE_EPOCH}" "$file.${SWU_SIGNATURE_EXT}" + fi echo "$file.${SWU_SIGNATURE_EXT}" fi - done | cpio -ovL -H crc > "${SWU_BUILDCHROOT_IMAGE_FILE}"' + done | cpio -ovL --reproducible -H crc > "${SWU_BUILDCHROOT_IMAGE_FILE}"' } python do_check_swu_partition_uuids() {