[isar-cip-core,v2,2/2] scripts/repro-tests.sh: Update script to check wic file reproducibility

Commit Message

Adithya Balakumar Feb. 26, 2025, 8:32 a.m. UTC

From: Adithya Balakumar <adithya.balakumar@toshiba-tsip.com>

Running diffoscope on the full wic image can be problematic as diffoscope
has issues with high memory consumption and jobs could fail in the CI [1]

Instead check the hash values of the wic files and if found
non-reproducible then run diffoscope on the individual partition images.

[1] https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/383

Signed-off-by: Adithya Balakumar <adithya.balakumar@toshiba-tsip.com>
---
 scripts/repro-tests.sh | 92 ++++++++++++++++++++++++++++--------------
 1 file changed, 61 insertions(+), 31 deletions(-)

Patch

diff --git a/scripts/repro-tests.sh b/scripts/repro-tests.sh
index 8bdb34b..b717a20 100755
--- a/scripts/repro-tests.sh
+++ b/scripts/repro-tests.sh
@@ -14,11 +14,12 @@  set -e
 
 usage()
 {
-	echo "usage: repro-tests.sh [--release RELEASE] [--target TARGET] artfacts1 artifacts2"
+	echo "usage: repro-tests.sh [--release RELEASE] [--target TARGET] artifacts1 artifacts2"
 	echo ""
 	echo " Optional arguments:"
-	echo "  --release RELEASE: debian distro releases e.g. buster, bullseye, etc. (default: buster)"
+	echo "  --release RELEASE: debian distro releases e.g. buster, bullseye, etc. (default: bookworm)"
 	echo "  --target TARGET: e.g. qemu-amd64, qemu-arm64, qemu-arm (default: qemu-amd64)"
+	echo "  --extension EXTENSION: e.g. security (default: "")"
 	echo ""
 	echo " Mandatory arguments:"
 	echo "  artifacts1 and artifacts2 paths to test the artifacts reproducibility"
@@ -29,7 +30,7 @@  RED='\033[0;31m'
 NC='\033[0m'
 GREEN='\033[0;32m'
 IMAGE_BASE="cip-core-image-cip-core"
-RELEASE="bullseye"
+RELEASE="bookworm"
 TARGET="qemu-amd64"
 EXTENSION=""
 DIFFOSCOPE="diffoscope"
@@ -59,6 +60,7 @@  while [ "$1" != "" ]; do
 	esac
 done
 
+# shellcheck disable=SC2086
 set -- $remaining_vars
 artifacts1="$1"
 artifacts2="$2"
@@ -72,35 +74,63 @@  if [ "${EXTENSION}" = "security" ]; then
 	IMAGE_BASE="cip-core-image-security-cip-core"
 fi
 
-# Define files in the artifacts for checking the reproducibility
-set -- \
-	"${IMAGE_BASE}-${RELEASE}-${TARGET}.swu" \
-	"${IMAGE_BASE}-${RELEASE}-${TARGET}.wic.p0" \
-	"${IMAGE_BASE}-${RELEASE}-${TARGET}.wic.p1" \
-	"${IMAGE_BASE}-${RELEASE}-${TARGET}.wic.p2" \
-	"${IMAGE_BASE}-${RELEASE}-${TARGET}.wic.p3" \
-	"${IMAGE_BASE}-${RELEASE}-${TARGET}.wic.p4" \
-	"${IMAGE_BASE}-${RELEASE}-${TARGET}.wic.p5" \
-	"${IMAGE_BASE}-${RELEASE}-${TARGET}.wic.p6" \
-	"${IMAGE_BASE}-${RELEASE}-${TARGET}.wic.p7"
+run_diffoscope() {
+    file="$1"
+    artifacts1_dir="$2"
+    artifacts2_dir="$3"
+    label=""
+    fstype=""
+    res=0
 
-# compare artifacts
-res=0
-for file in "$@"; do
-	if [ -f "${artifacts1}/${file}" ] && [ -f "${artifacts2}/${file}" ]; then
-		label=$(blkid -s LABEL -o value ${artifacts1}/${file} || true)
-		fstype=$(blkid -s TYPE -o value ${artifacts1}/${file} || true)
-		if $DIFFOSCOPE --text "${file}.diffoscope_output.txt" \
-			--html-dir diffoscope_output \
-			--html "${file}.diffoscope_output.html" \
-			"${artifacts1}/${file}" \
-			"${artifacts2}/${file}" > /dev/null 2>&1; then
-			echo "${file}($label,$fstype): ${GREEN}Reproducible${NC}" | tee -a diffoscope_output.txt
-		else
-			echo "${file}($label,$fstype): ${RED}Not-Reproducible${NC}" | tee -a diffoscope_output.txt
-			res=1
+    # Get partition label and filesystem type
+    label=$(blkid -s LABEL -o value "${artifacts1_dir}"/"${file}" || true)
+    fstype=$(blkid -s TYPE -o value "${artifacts2_dir}"/"${file}" || true)
+
+    # Run diffoscope comparison
+    if $DIFFOSCOPE --text "${file}.diffoscope_output.txt" \
+        --html-dir diffoscope_output \
+        --html "${file}.diffoscope_output.html" \
+        "${artifacts1_dir}/${file}" \
+        "${artifacts2_dir}/${file}" > /dev/null 2>&1; then
+        echo "${file}($label,$fstype): ${GREEN}Reproducible${NC}" | tee -a diffoscope_output.txt
+    else
+        echo "${file}($label,$fstype): ${RED}Not-Reproducible${NC}" | tee -a diffoscope_output.txt
+        res=1
+    fi
+
+    return $res
+}
+
+# compare swu file
+res_swu=0
+swu_file="${IMAGE_BASE}-${RELEASE}-${TARGET}.swu"
+if [ -f "${artifacts1}/${swu_file}" ] && [ -f "${artifacts2}/${swu_file}" ]; then
+	swu1_sha256sum=$(sha256sum "${artifacts1}/${IMAGE_BASE}-${RELEASE}-${TARGET}.swu" | awk '{ print $1 }')
+	swu2_sha256sum=$(sha256sum "${artifacts2}/${IMAGE_BASE}-${RELEASE}-${TARGET}.swu" | awk '{ print $1 }')
+	if [ "$swu1_sha256sum" != "$swu2_sha256sum" ]; then
+		if ! run_diffoscope "$swu_file" "$artifacts1" "$artifacts2"; then
+			res_swu=1
 		fi
+	else
+		echo "${IMAGE_BASE}-${RELEASE}-${TARGET}.swu: ${GREEN}Reproducible${NC}" | tee -a diffoscope_output.txt
 	fi
-done
+fi
 
-exit $res
+# compare wic files
+res_wic=0
+image1_sha256sum=$(sha256sum "${artifacts1}/${IMAGE_BASE}-${RELEASE}-${TARGET}.wic" | awk '{ print $1 }')
+image2_sha256sum=$(sha256sum "${artifacts2}/${IMAGE_BASE}-${RELEASE}-${TARGET}.wic" | awk '{ print $1 }')
+if [ "$image1_sha256sum" != "$image2_sha256sum" ]; then
+	echo "${IMAGE_BASE}-${RELEASE}-${TARGET}.wic: ${RED}Not-Reproducible${NC}"
+	res_wic=1
+	echo "Running diffoscope on individual partitions..."
+	for part_num in $(seq 0 7); do
+		part_file=${IMAGE_BASE}-${RELEASE}-${TARGET}.wic.p${part_num}
+		if [ -f "${artifacts1}/${part_file}" ] && [ -f "${artifacts2}/${part_file}" ]; then
+			run_diffoscope "$part_file" "$artifacts1" "$artifacts2"
+		fi
+	done
+else
+	echo "${IMAGE_BASE}-${RELEASE}-${TARGET}.wic: ${GREEN}Reproducible${NC}" | tee -a diffoscope_output.txt
+fi
+exit $(( res_swu || res_wic ))
\ No newline at end of file