[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#978946: gfxboot: reproducible builds: Embeds user id and group id in cpio files

On 2020-12-31, Vagrant Cascadian wrote:
> On 2020-12-31, Vagrant Cascadian wrote:
>> Various cpio archives shipped in gfxboot contain the user id and group
>> id of the build user:
>>
>>   https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/gfxboot.html
>>
>>   etc/bootsplash/example_01/cdrom/bootlogo
>>
>>   -rw-r--r--···1·····1111·····1111····42639·2020-12-24·13:17:48.000000·init
>>   vs.
>>   -rw-r--r--···1·····2222·····2222····42639·2022-01-26·19:45:05.000000·init
>>
>>
>> The attached patch fixes this by passing the owner argument to the cpio
>> calls when creating the archives.
>
> This is fixed upstream:
>
>   https://github.com/openSUSE/gfxboot/pull/35
>
>> Unfortunately, the cpio archives also embed the timestamps of the files
>> included, which will likely vary between builds, so this does not
>> resolve all reproducibility issues with these archives.
>
> Timestamp issues also fixed upstream in the same pull request.

The first two patches are the above mentioned patches from upstream, and
fix the themes shipped in gfxboot-themes package.


> I think applying similar patches to themes/examples* may still be
> needed.

The remaining patches apply similar fixes to the gfxboot script and to
the themes/examples* which are included in the gfxboot-dev package.

One of the patches removes directories from the cpio archive, as the
example themes only included a "." directory with timestamps. This patch
needs further testing to ensure it behaves properly.


With these patches and the locale patch from #979125, gfxboot should be
reproducible.


live well,
  vagrant


From 2dfa8c4db749531e819fd5901593bec14546e388 Mon Sep 17 00:00:00 2001
From: Steffen Winterfeldt <wfeldt@opensuse.org>
Date: Tue, 5 Feb 2019 11:37:39 +0100
Subject: [PATCH 1/6] ensure theme builds are reproducible (bsc #1124165)

Themes contains two cpio archives. Ensure they are identical in each
build.
---
 themes/openSUSE/Makefile | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/themes/openSUSE/Makefile b/themes/openSUSE/Makefile
index 3a71f9b..3f13519 100644
--- a/themes/openSUSE/Makefile
+++ b/themes/openSUSE/Makefile
@@ -55,8 +55,8 @@ bootlogo: src/main.bin src/gfxboot.cfg help-install/.ready po/.ready fonts/.read
 ifdef DEFAULT_LANG
 	@echo $(DEFAULT_LANG) >bootlogo.dir/lang
 endif
-	@sh -c 'cd bootlogo.dir; chmod +t * ; chmod -t init languages'
-	@sh -c 'cd bootlogo.dir; echo * | sed -e "s/ /\n/g" | cpio --quiet -o >../bootlogo'
+	@sh -c 'cd bootlogo.dir; chmod +t * ; chmod -t init languages ; touch -r ../src/main.bc *'
+	@sh -c 'cd bootlogo.dir; echo * | sed -e "s/ /\n/g" | cpio --quiet --reproducible --owner=+0:+0 -o >../bootlogo'
 
 message: src/main.bin src/gfxboot.cfg help-boot/.ready po/.ready fonts/.ready
 	@rm -rf message.dir
@@ -71,7 +71,8 @@ ifdef DEFAULT_LANG
 	@echo $(DEFAULT_LANG) >message.dir/lang
 	@echo $(DEFAULT_LANG) >>message.dir/languages
 endif
-	@sh -c 'cd message.dir; echo * | sed -e "s/ /\n/g" | cpio --quiet -o >../message'
+	@sh -c 'cd message.dir; touch -r ../src/main.bc *'
+	@sh -c 'cd message.dir; echo * | sed -e "s/ /\n/g" | cpio --quiet --reproducible --owner=+0:+0 -o >../message'
 
 clean:
 	@for i in $(SUBDIRS) ; do [ ! -f $$i/Makefile ] ||  make -C $$i clean || break ; done
-- 
2.30.0


From ed66277ddff593ec565a245c74944f1a2c7344bd Mon Sep 17 00:00:00 2001
From: Steffen Winterfeldt <wfeldt@opensuse.org>
Date: Tue, 5 Feb 2019 13:19:01 +0100
Subject: [PATCH 2/6] adjust unpack_bootlogo script

---
 bin/unpack_bootlogo | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/unpack_bootlogo b/bin/unpack_bootlogo
index ec83d0b..851a601 100755
--- a/bin/unpack_bootlogo
+++ b/bin/unpack_bootlogo
@@ -21,7 +21,7 @@ sub unpack_bootlogo
 
   @files = `cpio --quiet -t <$dir/bootlogo`;
 
-  system "cd $tmp; cpio --quiet -i <../bootlogo";
+  system "cd $tmp; cpio --quiet --preserve-modification-time -i <../bootlogo";
 
   for (@files) {
     chomp;
@@ -48,7 +48,7 @@ sub unpack_bootlogo
     }
   }
 
-  open P, "| cd $tmp; cpio --quiet -o >../bootlogo";
+  open P, "| cd $tmp; cpio --quiet --reproducible --owner=+0:+0 -o >../bootlogo";
   print P "$_\n" for grep $_, @files;
   if($xdir) { print P "$_\n" for @ext }
   close P;
-- 
2.30.0


From 82bbe3441842dea44396dc5905923d4145be3c72 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 1 Jan 2021 03:38:21 +0000
Subject: [PATCH 4/6] gfxboot: pass --reproducible and --owner to cpio.

---
 gfxboot | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gfxboot b/gfxboot
index f7cda36..48e5707 100755
--- a/gfxboot
+++ b/gfxboot
@@ -2597,7 +2597,7 @@ sub pack_archive
     }
 
     if(@pack_list) {
-      open $f, "| ( cd $dir ; cpio --quiet -o ) >$file/$archive";
+      open $f, "| ( cd $dir ; cpio --quiet --reproducible --owner=+0:+0 -o ) >$file/$archive";
       print $f join("\n", @pack_list);
       close $f;
     }
@@ -2606,7 +2606,7 @@ sub pack_archive
   else {
     $file = $gfxboot_tmp->file;
 
-    $i = system "cd $dir ; find . | cpio --quiet -o >$file 2>/dev/null";
+    $i = system "cd $dir ; find . | cpio --quiet --reproducible --owner=+0:+0 -o >$file 2>/dev/null";
     die "$file: failed to create archive\n" if $i;
   }
 
-- 
2.30.0


From a94c1e737b8575e44a04d6030801d28763bda983 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Sun, 3 Jan 2021 03:21:23 +0000
Subject: [PATCH 5/6] gfxboot: do not include directory in cpio archive.

---
 gfxboot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gfxboot b/gfxboot
index 48e5707..bb5767f 100755
--- a/gfxboot
+++ b/gfxboot
@@ -2606,7 +2606,7 @@ sub pack_archive
   else {
     $file = $gfxboot_tmp->file;
 
-    $i = system "cd $dir ; find . | cpio --quiet --reproducible --owner=+0:+0 -o >$file 2>/dev/null";
+    $i = system "cd $dir ; find . -type f | cpio --quiet --reproducible --owner=+0:+0 -o >$file 2>/dev/null";
     die "$file: failed to create archive\n" if $i;
   }
 
-- 
2.30.0


From 7c83e791ec4b2f3220516de1ce619123174832e2 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 1 Jan 2021 04:09:40 +0000
Subject: [PATCH 6/6] themes/example*/Makefile: Set time on files in example
 themes using Makefile as a reference time.

---
 themes/example_01/Makefile | 1 +
 themes/example_02/Makefile | 1 +
 themes/example_03/Makefile | 1 +
 themes/example_04/Makefile | 1 +
 themes/example_05/Makefile | 1 +
 themes/example_06/Makefile | 1 +
 themes/example_07/Makefile | 1 +
 7 files changed, 7 insertions(+)

diff --git a/themes/example_01/Makefile b/themes/example_01/Makefile
index a3d1be4..c54659d 100644
--- a/themes/example_01/Makefile
+++ b/themes/example_01/Makefile
@@ -12,6 +12,7 @@ bootlogo: example_*.bc
 	@rm -rf $@.dir
 	@mkdir $@.dir
 	$(GFXBOOT_COMPILE) $(BFLAGS) -l $@.log -c $< $@.dir/init
+	touch --reference Makefile $@.dir/*
 	$(GFXBOOT) --archive $@.dir --pack-archive $@
 
 clean:
diff --git a/themes/example_02/Makefile b/themes/example_02/Makefile
index c0d551d..5eb150c 100644
--- a/themes/example_02/Makefile
+++ b/themes/example_02/Makefile
@@ -13,6 +13,7 @@ bootlogo: example_*.bc font
 	@mkdir $@.dir
 	$(GFXBOOT_COMPILE) $(BFLAGS) -l $@.log -c $< $@.dir/init
 	@cp font.fnt $@.dir
+	touch --reference Makefile $@.dir/*
 	$(GFXBOOT) --archive $@.dir --pack-archive $@
 
 font:
diff --git a/themes/example_03/Makefile b/themes/example_03/Makefile
index 4e18e35..2c7de7c 100644
--- a/themes/example_03/Makefile
+++ b/themes/example_03/Makefile
@@ -13,6 +13,7 @@ bootlogo: example_*.bc font
 	@mkdir $@.dir
 	$(GFXBOOT_COMPILE) $(BFLAGS) -l $@.log -c $< $@.dir/init
 	@cp clouds.jpg font.fnt $@.dir
+	touch --reference Makefile $@.dir/*
 	$(GFXBOOT) --archive $@.dir --pack-archive $@
 
 font:
diff --git a/themes/example_04/Makefile b/themes/example_04/Makefile
index e54c817..b3bcd70 100644
--- a/themes/example_04/Makefile
+++ b/themes/example_04/Makefile
@@ -13,6 +13,7 @@ bootlogo: example_*.bc font
 	@mkdir $@.dir
 	$(GFXBOOT_COMPILE) $(BFLAGS) -l $@.log -c $< $@.dir/init
 	@cp clouds.jpg font.fnt $@.dir
+	touch --reference Makefile $@.dir/*
 	$(GFXBOOT) --archive $@.dir --pack-archive $@
 
 font:
diff --git a/themes/example_05/Makefile b/themes/example_05/Makefile
index e54c817..b3bcd70 100644
--- a/themes/example_05/Makefile
+++ b/themes/example_05/Makefile
@@ -13,6 +13,7 @@ bootlogo: example_*.bc font
 	@mkdir $@.dir
 	$(GFXBOOT_COMPILE) $(BFLAGS) -l $@.log -c $< $@.dir/init
 	@cp clouds.jpg font.fnt $@.dir
+	touch --reference Makefile $@.dir/*
 	$(GFXBOOT) --archive $@.dir --pack-archive $@
 
 font:
diff --git a/themes/example_06/Makefile b/themes/example_06/Makefile
index 0a3c7cd..88c0b08 100644
--- a/themes/example_06/Makefile
+++ b/themes/example_06/Makefile
@@ -16,6 +16,7 @@ bootlogo: example_*.bc font
 	@mkdir $@.dir
 	$(GFXBOOT_COMPILE) $(BFLAGS) -l $@.log -c $< $@.dir/init
 	@cp $(FILES) $@.dir
+	touch --reference Makefile $@.dir/*
 	$(GFXBOOT) --archive $@.dir --pack-archive $@
 	@ln -snf bootlogo message
 
diff --git a/themes/example_07/Makefile b/themes/example_07/Makefile
index 0a3c7cd..88c0b08 100644
--- a/themes/example_07/Makefile
+++ b/themes/example_07/Makefile
@@ -16,6 +16,7 @@ bootlogo: example_*.bc font
 	@mkdir $@.dir
 	$(GFXBOOT_COMPILE) $(BFLAGS) -l $@.log -c $< $@.dir/init
 	@cp $(FILES) $@.dir
+	touch --reference Makefile $@.dir/*
 	$(GFXBOOT) --archive $@.dir --pack-archive $@
 	@ln -snf bootlogo message
 
-- 
2.30.0

Attachment: signature.asc
Description: PGP signature

Reply to: