Control: tag -1 patch Benjamin Cama <benjamin.cama@telecom-bretagne.eu> (2013-03-28): > I don't really know where to file that; please reassign if I'm wrong. No worries; it finally landed in the debian-installer territory, where it belongs. > I noticed, after unpacking it and checking for the sums, hoping that > they will be the same as if I downloaded all the files individually, > that they all validate except one: the initrd.gz for this installer. (I > checked the sum of the .tar.gz itself, and it's OK). > > The sums are, e.g., here: > http://debian.univ-nantes.fr/debian/dists/wheezy/main/installer-amd64/current/images/SHA256SUMS > > When getting directly the initrd.gz from > http://debian.univ-nantes.fr/debian/dists/wheezy/main/installer-amd64/current/images/netboot/gtk/debian-installer/amd64/initrd.gz > I correctly get > f8971317915ed2ce8358b24ca88ea95c75ebe97a1e0a95f60c7977da368b3352 > But when extracting it from the archive, I get > c2103b9533baa88814e770b493e5ba93f3043f3d73ce6e018addcd7c84b22cd4 > > By looking closer, the uncompressed initrd from both files is the same. > Only the date (from the gzip header) differs by a couple of seconds. And > this only happens for the GTK installer, not the text one, once again… > > Furthermore, I also realized that Ubuntu is affected, too (!); the sum > for the GTK installer of Precise Pangolin has the same problem. > > There must be a small packaging bug somewhere… The timestamp issue was indeed a nice clue. gzip has -n to avoid storing such information, improving build reproducibility: | -n --no-name | When compressing, do not save the original file name and time | stamp by default. (The original name is always saved if the name | had to be truncated.) When decompressing, do not restore the | original file name if present (remove only the gzip suffix from | the compressed file name) and do not restore the original time | stamp if present (copy it from the compressed file). This option | is the default when decompressing. I shall note pigz needs has -n and -T: | -n --no-name | Do not store or restore file name in/from header. | -T --no-time | Do not store or restore mod time in/from header. But why do we need that, you ask? Let's mention the md5sum of each generated initrd.gz during a full build: | MD5SUM: c47a2e5b24eb72737e566c0fee4bc2fe ./tmp/cdrom_gtk/initrd.gz | MD5SUM: 3767e38d0790c2a89f5ccacc7f4845af ./tmp/cdrom_isolinux/initrd.gz | MD5SUM: 99646ced5c6045386c4ebbac9334bee7 ./tmp/cdrom_gtk/initrd.gz | MD5SUM: 73902a6e23b5c281172182a19633cf4d ./tmp/cdrom_gtk/initrd.gz | MD5SUM: bb6a60f95815569a5cc41fe9466e9d97 ./tmp/netboot/initrd.gz | MD5SUM: 4707ee1a9a643e4513723029129e07dd ./tmp/netboot-gtk/initrd.gz [1] | MD5SUM: 6614937379a7f83a95f8741a63f00394 ./tmp/netboot-gtk/initrd.gz [2] | MD5SUM: 586b60ef353423481f828ee03927a682 ./tmp/hd-media_gtk/initrd.gz | MD5SUM: 0e3bfa9304fbcf9a1081e6746866bb7f ./tmp/hd-media/initrd.gz | MD5SUM: 5a5f192055293b6042463650dfa1a0b4 ./tmp/hd-media_gtk/initrd.gz Let's look at the file extracted from netboot.tar.gz: | 4707ee1a9a643e4513723029129e07dd ./foo/debian-installer/amd64/initrd.gz Let's look at the MD5SUMS file: | 6614937379a7f83a95f8741a63f00394 ./netboot/gtk/debian-installer/amd64/initrd.gz So netboot.tar.gz contains the initrd.gz that was generated on a first pass, while the MD5SUMS (generated at the end of the build process, through “make release”) contains the checksum of the one generated on a second pass. Adding -n/-T to gzip/pigz makes both initrd.gz identical so this issue goes away. Tagging with patch as the solution has been identified; I haven't committed a proper patch yet though. Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature