diff options
author | Francis Rowe <fchmmr@minifree.lan> | 2015-12-04 14:03:52 (EST) |
---|---|---|
committer | Francis Rowe <fchmmr@minifree.lan> | 2015-12-04 14:08:06 (EST) |
commit | 26d16fa5cdc9e351fcb582104cf8c7b3bf9ddaf0 (patch) | |
tree | 06502e98de84f539fd001d6bd64cb71f8cb8e0a7 | |
parent | 2e7fde09174aed5f3cc7d714dbe32e451873f3c9 (diff) | |
download | libreboot-26d16fa5cdc9e351fcb582104cf8c7b3bf9ddaf0.zip libreboot-26d16fa5cdc9e351fcb582104cf8c7b3bf9ddaf0.tar.gz libreboot-26d16fa5cdc9e351fcb582104cf8c7b3bf9ddaf0.tar.bz2 |
grub: build reproducibly
11 files changed, 406 insertions, 0 deletions
diff --git a/resources/grub/patch/reproducible/[PATCH v3 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml b/resources/grub/patch/reproducible/[PATCH v3 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml new file mode 100644 index 0000000..78d9f3d --- /dev/null +++ b/resources/grub/patch/reproducible/[PATCH v3 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml @@ -0,0 +1,141 @@ +Return-path: <grub-devel-bounces+info=gluglug.org.uk@gnu.org>
+Envelope-to: info@gluglug.org.uk
+Delivery-date: Fri, 04 Dec 2015 19:32:11 +0100
+Received: from lists.gnu.org ([2001:4830:134:3::11])
+ by web006.ispnoc.net with esmtps (TLSv1:AES256-SHA:256)
+ (Exim 4.85)
+ (envelope-from <grub-devel-bounces+info=gluglug.org.uk@gnu.org>)
+ id 1a4v9P-00031J-Do
+ for info@gluglug.org.uk; Fri, 04 Dec 2015 19:32:11 +0100
+Received: from localhost ([::1]:42381 helo=lists.gnu.org)
+ by lists.gnu.org with esmtp (Exim 4.71)
+ (envelope-from <grub-devel-bounces+info=gluglug.org.uk@gnu.org>)
+ id 1a4vA8-0001AP-Nv
+ for info@gluglug.org.uk; Fri, 04 Dec 2015 13:32:56 -0500
+Received: from eggs.gnu.org ([2001:4830:134:3::10]:47237)
+ by lists.gnu.org with esmtp (Exim 4.71)
+ (envelope-from <lynxis@fe80.eu>) id 1a4v9t-00019X-Nm
+ for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:42 -0500
+Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
+ (envelope-from <lynxis@fe80.eu>) id 1a4v9s-0005RN-RM
+ for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:41 -0500
+Received: from mail.base45.de ([2001:67c:2050:310::a:2]:47554)
+ by eggs.gnu.org with esmtp (Exim 4.71)
+ (envelope-from <lynxis@fe80.eu>) id 1a4v9s-0005R9-Kq
+ for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:40 -0500
+Received: from [2001:1a80:2259:2b1a:6042:6096:1de7:42c6] (helo=lazus.yip)
+ by mail.base45.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA256:128)
+ (Exim 4.82) (envelope-from <lynxis@fe80.eu>)
+ id 1a4v9n-0005Bc-ER; Fri, 04 Dec 2015 19:32:36 +0100
+From: Alexander Couzens <lynxis@fe80.eu>
+To: grub-devel@gnu.org
+Subject: [PATCH v3 1/3] mkstandalone: add argument --fixed-time to override
+ mtime of files
+Date: Fri, 4 Dec 2015 19:32:20 +0100
+Message-Id: <1449253942-29510-2-git-send-email-lynxis@fe80.eu>
+X-Mailer: git-send-email 2.6.3
+In-Reply-To: <1449253942-29510-1-git-send-email-lynxis@fe80.eu>
+References: <1449253942-29510-1-git-send-email-lynxis@fe80.eu>
+In-Reply-To: <1449245444-17579-1-git-send-email-lynxis@fe80.eu>
+References: <1449245444-17579-1-git-send-email-lynxis@fe80.eu>
+X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
+X-Received-From: 2001:67c:2050:310::a:2
+Cc: Alexander Couzens <lynxis@fe80.eu>
+X-BeenThere: grub-devel@gnu.org
+X-Mailman-Version: 2.1.14
+Precedence: list
+Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
+List-Id: The development of GNU GRUB <grub-devel.gnu.org>
+List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
+ <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
+List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
+List-Post: <mailto:grub-devel@gnu.org>
+List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
+List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
+ <mailto:grub-devel-request@gnu.org?subject=subscribe>
+MIME-Version: 1.0
+Content-Type: text/plain; charset="us-ascii"
+Content-Transfer-Encoding: 7bit
+Errors-To: grub-devel-bounces+info=gluglug.org.uk@gnu.org
+Sender: grub-devel-bounces+info=gluglug.org.uk@gnu.org
+
+mkstandalone adds several files to an archive. Doing this it uses the
+mtime to give these files a timestamp.
+--fixed-time <TIME_EPOCH> overrides these timestamps with a given.
+
+Replacing all timestamps with a specific one is required
+to get reproducible builds. See source epoch specification of
+reproducible-builds.org
+---
+ util/grub-mkstandalone.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
+index 4907d44..779c13c 100644
+--- a/util/grub-mkstandalone.c
++++ b/util/grub-mkstandalone.c
+@@ -30,6 +30,7 @@
+ #pragma GCC diagnostic error "-Wmissing-prototypes"
+ #pragma GCC diagnostic error "-Wmissing-declarations"
+
++static time_t fixed_time;
+ static char *output_image;
+ static char **files;
+ static int nfiles;
+@@ -48,6 +49,7 @@ static struct argp_option options[] = {
+ 0, N_("save output in FILE [required]"), 2},
+ {"format", 'O', N_("FILE"), 0, 0, 2},
+ {"compression", 'C', "xz|none|auto", OPTION_HIDDEN, 0, 2},
++ {"fixed-time", 0, N_("TIMEEPOCH"), 0, N_("Use a fixed timestamp to override mtime of all files. Time since epoch is used."), 2},
+ {0, 0, 0, 0, 0, 0}
+ };
+
+@@ -72,6 +74,7 @@ help_filter (int key, const char *text, void *input __attribute__ ((unused)))
+ static error_t
+ argp_parser (int key, char *arg, struct argp_state *state)
+ {
++ char *b;
+ if (key == 'C')
+ key = GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS;
+
+@@ -80,6 +83,14 @@ argp_parser (int key, char *arg, struct argp_state *state)
+
+ switch (key)
+ {
++ case 't':
++ fixed_time = strtoll (arg, &b, 10);
++ if (*b !='\0') {
++ printf (_("invalid fixed time number: %s\n"), arg);
++ argp_usage (state);
++ exit (1);
++ }
++ break;
+
+ case 'o':
+ if (output_image)
+@@ -192,7 +203,8 @@ add_tar_file (const char *from,
+ if (grub_util_is_special_file (from))
+ return;
+
+- mtime = grub_util_get_mtime (from);
++ /* use fixed_time if given for mtime */
++ mtime = fixed_time != -1 ? fixed_time : grub_util_get_mtime (from);
+
+ optr = tcn = xmalloc (strlen (to) + 1);
+ for (iptr = to; *iptr == '/'; iptr++);
+@@ -293,6 +305,7 @@ main (int argc, char *argv[])
+ const char *pkglibdir;
+ int i;
+
++ fixed_time = -1;
+ grub_util_host_init (&argc, &argv);
+ grub_util_disable_fd_syncs ();
+
+--
+2.6.3
+
+
+_______________________________________________
+Grub-devel mailing list
+Grub-devel@gnu.org
+https://lists.gnu.org/mailman/listinfo/grub-devel
diff --git a/resources/grub/patch/reproducible/[PATCH v3 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml b/resources/grub/patch/reproducible/[PATCH v3 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml new file mode 100644 index 0000000..aba3421 --- /dev/null +++ b/resources/grub/patch/reproducible/[PATCH v3 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml @@ -0,0 +1,136 @@ +Return-path: <grub-devel-bounces+info=gluglug.org.uk@gnu.org>
+Envelope-to: info@gluglug.org.uk
+Delivery-date: Fri, 04 Dec 2015 19:32:23 +0100
+Received: from lists.gnu.org ([2001:4830:134:3::11])
+ by web006.ispnoc.net with esmtps (TLSv1:AES256-SHA:256)
+ (Exim 4.85)
+ (envelope-from <grub-devel-bounces+info=gluglug.org.uk@gnu.org>)
+ id 1a4v9b-00031k-C8
+ for info@gluglug.org.uk; Fri, 04 Dec 2015 19:32:23 +0100
+Received: from localhost ([::1]:42383 helo=lists.gnu.org)
+ by lists.gnu.org with esmtp (Exim 4.71)
+ (envelope-from <grub-devel-bounces+info=gluglug.org.uk@gnu.org>)
+ id 1a4vAK-0001dX-UT
+ for info@gluglug.org.uk; Fri, 04 Dec 2015 13:33:08 -0500
+Received: from eggs.gnu.org ([2001:4830:134:3::10]:47323)
+ by lists.gnu.org with esmtp (Exim 4.71)
+ (envelope-from <lynxis@fe80.eu>) id 1a4v9w-0001Aj-CB
+ for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:45 -0500
+Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
+ (envelope-from <lynxis@fe80.eu>) id 1a4v9v-0005SE-Ei
+ for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:44 -0500
+Received: from mail.base45.de ([2001:67c:2050:310::a:2]:41968)
+ by eggs.gnu.org with esmtp (Exim 4.71)
+ (envelope-from <lynxis@fe80.eu>) id 1a4v9v-0005SA-8Z
+ for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:43 -0500
+Received: from [2001:1a80:2259:2b1a:6042:6096:1de7:42c6] (helo=lazus.yip)
+ by mail.base45.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA256:128)
+ (Exim 4.82) (envelope-from <lynxis@fe80.eu>)
+ id 1a4v9p-0005Bc-Qw; Fri, 04 Dec 2015 19:32:38 +0100
+From: Alexander Couzens <lynxis@fe80.eu>
+To: grub-devel@gnu.org
+Subject: [PATCH v3 2/3] mkrescue: add argument --fixed-time to get
+ reproducible uuids
+Date: Fri, 4 Dec 2015 19:32:21 +0100
+Message-Id: <1449253942-29510-3-git-send-email-lynxis@fe80.eu>
+X-Mailer: git-send-email 2.6.3
+In-Reply-To: <1449253942-29510-1-git-send-email-lynxis@fe80.eu>
+References: <1449253942-29510-1-git-send-email-lynxis@fe80.eu>
+In-Reply-To: <1449245444-17579-1-git-send-email-lynxis@fe80.eu>
+References: <1449245444-17579-1-git-send-email-lynxis@fe80.eu>
+X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
+X-Received-From: 2001:67c:2050:310::a:2
+Cc: Alexander Couzens <lynxis@fe80.eu>
+X-BeenThere: grub-devel@gnu.org
+X-Mailman-Version: 2.1.14
+Precedence: list
+Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
+List-Id: The development of GNU GRUB <grub-devel.gnu.org>
+List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
+ <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
+List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
+List-Post: <mailto:grub-devel@gnu.org>
+List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
+List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
+ <mailto:grub-devel-request@gnu.org?subject=subscribe>
+MIME-Version: 1.0
+Content-Type: text/plain; charset="us-ascii"
+Content-Transfer-Encoding: 7bit
+Errors-To: grub-devel-bounces+info=gluglug.org.uk@gnu.org
+Sender: grub-devel-bounces+info=gluglug.org.uk@gnu.org
+
+The uuid generation is based on the time.
+---
+ util/grub-mkrescue.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c
+index 4511826..1af1da2 100644
+--- a/util/grub-mkrescue.c
++++ b/util/grub-mkrescue.c
+@@ -52,6 +52,7 @@ static int xorriso_arg_alloc;
+ static char **xorriso_argv;
+ static char *iso_uuid;
+ static char *iso9660_dir;
++static time_t fixed_time;
+
+ static void
+ xorriso_push (const char *val)
+@@ -110,6 +111,7 @@ static struct argp_option options[] = {
+ {"product-version", OPTION_PRODUCT_VERSION, N_("STRING"), 0, N_("use STRING as product version"), 2},
+ {"sparc-boot", OPTION_SPARC_BOOT, 0, 0, N_("enable sparc boot. Disables HFS+, APM, ARCS and boot as disk image for i386-pc"), 2},
+ {"arcs-boot", OPTION_ARCS_BOOT, 0, 0, N_("enable ARCS (big-endian mips machines, mostly SGI) boot. Disables HFS+, APM, sparc64 and boot as disk image for i386-pc"), 2},
++ {"fixed-time", 0, N_("TIMEEPOCH"), 0, N_("use a fixed timestamp for uuid generation"), 2},
+ {0, 0, 0, 0, 0, 0}
+ };
+
+@@ -153,6 +155,8 @@ enum {
+ static error_t
+ argp_parser (int key, char *arg, struct argp_state *state)
+ {
++ char *b;
++
+ if (grub_install_parse (key, arg))
+ return 0;
+ switch (key)
+@@ -212,6 +216,15 @@ argp_parser (int key, char *arg, struct argp_state *state)
+ xorriso = xstrdup (arg);
+ return 0;
+
++ case 't':
++ fixed_time = strtoll (arg, &b, 10);
++ if (*b !='\0') {
++ printf (_("invalid fixed time number: %s\n"), arg);
++ argp_usage (state);
++ exit (1);
++ }
++ return 0;
++
+ default:
+ return ARGP_ERR_UNKNOWN;
+ }
+@@ -431,6 +444,7 @@ main (int argc, char *argv[])
+
+ pkgdatadir = grub_util_get_pkgdatadir ();
+
++ fixed_time = -1;
+ product_name = xstrdup (PACKAGE_NAME);
+ product_version = xstrdup (PACKAGE_VERSION);
+ xorriso = xstrdup ("xorriso");
+@@ -541,7 +555,7 @@ main (int argc, char *argv[])
+ {
+ time_t tim;
+ struct tm *tmm;
+- tim = time (NULL);
++ tim = fixed_time != -1 ? fixed_time : time (NULL);
+ tmm = gmtime (&tim);
+ iso_uuid = xmalloc (55);
+ grub_snprintf (iso_uuid, 50,
+--
+2.6.3
+
+
+_______________________________________________
+Grub-devel mailing list
+Grub-devel@gnu.org
+https://lists.gnu.org/mailman/listinfo/grub-devel
diff --git a/resources/grub/patch/reproducible/[PATCH v3 3_3] Makefile_coreboot use SOURCE_DATE_EPOCH as time source if set.eml b/resources/grub/patch/reproducible/[PATCH v3 3_3] Makefile_coreboot use SOURCE_DATE_EPOCH as time source if set.eml new file mode 100644 index 0000000..941c3c8 --- /dev/null +++ b/resources/grub/patch/reproducible/[PATCH v3 3_3] Makefile_coreboot use SOURCE_DATE_EPOCH as time source if set.eml @@ -0,0 +1,92 @@ +Return-path: <grub-devel-bounces+info=gluglug.org.uk@gnu.org>
+Envelope-to: info@gluglug.org.uk
+Delivery-date: Fri, 04 Dec 2015 19:32:34 +0100
+Received: from lists.gnu.org ([2001:4830:134:3::11])
+ by web006.ispnoc.net with esmtps (TLSv1:AES256-SHA:256)
+ (Exim 4.85)
+ (envelope-from <grub-devel-bounces+info=gluglug.org.uk@gnu.org>)
+ id 1a4v9m-00031s-OY
+ for info@gluglug.org.uk; Fri, 04 Dec 2015 19:32:34 +0100
+Received: from localhost ([::1]:42385 helo=lists.gnu.org)
+ by lists.gnu.org with esmtp (Exim 4.71)
+ (envelope-from <grub-devel-bounces+info=gluglug.org.uk@gnu.org>)
+ id 1a4vAW-0001tH-Ey
+ for info@gluglug.org.uk; Fri, 04 Dec 2015 13:33:20 -0500
+Received: from eggs.gnu.org ([2001:4830:134:3::10]:47408)
+ by lists.gnu.org with esmtp (Exim 4.71)
+ (envelope-from <lynxis@fe80.eu>) id 1a4v9y-0001Ff-QQ
+ for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:47 -0500
+Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
+ (envelope-from <lynxis@fe80.eu>) id 1a4v9x-0005T1-VU
+ for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:46 -0500
+Received: from mail.base45.de ([2001:67c:2050:310::a:2]:34296)
+ by eggs.gnu.org with esmtp (Exim 4.71)
+ (envelope-from <lynxis@fe80.eu>) id 1a4v9x-0005Ss-PW
+ for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:45 -0500
+Received: from [2001:1a80:2259:2b1a:6042:6096:1de7:42c6] (helo=lazus.yip)
+ by mail.base45.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA256:128)
+ (Exim 4.82) (envelope-from <lynxis@fe80.eu>)
+ id 1a4v9s-0005Bc-8z; Fri, 04 Dec 2015 19:32:41 +0100
+From: Alexander Couzens <lynxis@fe80.eu>
+To: grub-devel@gnu.org
+Subject: [PATCH v3 3/3] Makefile/coreboot use SOURCE_DATE_EPOCH as time source
+ if set
+Date: Fri, 4 Dec 2015 19:32:22 +0100
+Message-Id: <1449253942-29510-4-git-send-email-lynxis@fe80.eu>
+X-Mailer: git-send-email 2.6.3
+In-Reply-To: <1449253942-29510-1-git-send-email-lynxis@fe80.eu>
+References: <1449253942-29510-1-git-send-email-lynxis@fe80.eu>
+In-Reply-To: <1449245444-17579-1-git-send-email-lynxis@fe80.eu>
+References: <1449245444-17579-1-git-send-email-lynxis@fe80.eu>
+X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
+X-Received-From: 2001:67c:2050:310::a:2
+Cc: Alexander Couzens <lynxis@fe80.eu>
+X-BeenThere: grub-devel@gnu.org
+X-Mailman-Version: 2.1.14
+Precedence: list
+Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
+List-Id: The development of GNU GRUB <grub-devel.gnu.org>
+List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
+ <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
+List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
+List-Post: <mailto:grub-devel@gnu.org>
+List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
+List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
+ <mailto:grub-devel-request@gnu.org?subject=subscribe>
+MIME-Version: 1.0
+Content-Type: text/plain; charset="us-ascii"
+Content-Transfer-Encoding: 7bit
+Errors-To: grub-devel-bounces+info=gluglug.org.uk@gnu.org
+Sender: grub-devel-bounces+info=gluglug.org.uk@gnu.org
+
+mkstandalone sets timestamps for files which can be overriden by a fixed_timestamp.
+This makes it possible to build reproducible builds for coreboot.
+
+To build a reproducible build of grub for coreboot do:
+export SOURCE_DATE_EPOCH=1134242
+make default_payload.elf
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 994ebbd..5c756d7 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -403,7 +403,7 @@ bootcheck: $(BOOTCHECKS)
+
+ if COND_i386_coreboot
+ default_payload.elf: grub-mkstandalone grub-mkimage
+- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg
++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(SOURCE_DATE_EPOCH),-t $(SOURCE_DATE_EPOCH))
+ endif
+
+ endif
+--
+2.6.3
+
+
+_______________________________________________
+Grub-devel mailing list
+Grub-devel@gnu.org
+https://lists.gnu.org/mailman/listinfo/grub-devel
diff --git a/resources/scripts/helpers/build/release/docs b/resources/scripts/helpers/build/release/docs index 966bccf..32203ac 100755 --- a/resources/scripts/helpers/build/release/docs +++ b/resources/scripts/helpers/build/release/docs @@ -28,9 +28,11 @@ printf 'Building the documentation release archive\n' if [ -f "version" ]; then # _src release archive is being used version="$(cat version)" + versiondate="$(cat versiondate)" else # git repo is being used version="$(git describe --tags HEAD)" + versiondate="$(git show -s --format=%ct)" fi versiondir="release/${version}" distname="libreboot_${version}_docs" @@ -60,6 +62,8 @@ fi # include version information printf '%s\n' "${version}" >"${distdir}/version" +# include version date information +printf '%s\n' "${versiondate}" >"${distdir}/versiondate" printf 'Creating compressed documentation archive at %s\n' "${distdir}.tar.xz" (cd "${versiondir}/" && tar -c "${distname}/" | xz -9e >"${distname}.tar.xz") diff --git a/resources/scripts/helpers/build/release/roms b/resources/scripts/helpers/build/release/roms index e2ef74d..e39aca5 100755 --- a/resources/scripts/helpers/build/release/roms +++ b/resources/scripts/helpers/build/release/roms @@ -31,9 +31,11 @@ fi if [ -f "version" ]; then # _src release archive is being used version="$(cat version)" + versiondate="$(cat versiondate)" else # git repo is being used version="$(git describe --tags HEAD)" + versiondate="$(git show -s --format=%ct)" fi versiondir="release/${version}" romdir="${versiondir}/rom" @@ -75,6 +77,8 @@ for payload in *; do # Put the version string in the archive. printf '%s\n' "${version}" >"${archivename}/version" + # Put the version date string in the archive + printf '%s\n' "${versiondate}" >"${archivename}/versiondate" # Create the compressed archive. tar -c "${archivename}/" | xz -9e >"../../${romdir}/${payload}/${archivename}.tar.xz" diff --git a/resources/scripts/helpers/build/release/sha512sums b/resources/scripts/helpers/build/release/sha512sums index 456764b..502f059 100755 --- a/resources/scripts/helpers/build/release/sha512sums +++ b/resources/scripts/helpers/build/release/sha512sums @@ -25,9 +25,11 @@ set -u -e if [ -f "version" ]; then # _src release archive is being used version="$(cat version)" + versiondate="$(cat versiondate)" else # git repo is being used version="$(git describe --tags HEAD)" + versiondate="$(git show -s --format=%ct)" fi versiondir="release/${version}" sha512filename="SHA512SUMS" diff --git a/resources/scripts/helpers/build/release/src b/resources/scripts/helpers/build/release/src index ed7ec68..294c3c2 100755 --- a/resources/scripts/helpers/build/release/src +++ b/resources/scripts/helpers/build/release/src @@ -28,9 +28,11 @@ printf 'Building the source release archive\n' if [ -f "version" ]; then # _src release archive is being used version="$(cat version)" + versiondate="$(cat versiondate)" else # git repo is being used version="$(git describe --tags HEAD)" + versiondate="$(git show -s --format=%ct)" fi versiondir="release/${version}" distname="libreboot_${version}_src" @@ -65,6 +67,8 @@ fi # include version information printf '%s\n' "${version}" >"${distdir}/version" +# include version date information +printf '%s\n' "${versiondate}" >"${distdir}/versiondate" printf 'Cleaning files in %s/\n' "${distdir}" diff --git a/resources/scripts/helpers/build/release/tobuild b/resources/scripts/helpers/build/release/tobuild index da1b6d9..bc1f6dd 100755 --- a/resources/scripts/helpers/build/release/tobuild +++ b/resources/scripts/helpers/build/release/tobuild @@ -26,9 +26,11 @@ set -u -e if [ -f "version" ]; then # _src release archive is being used version="$(cat version)" + versiondate="$(cat versiondate)" else # git repo is being used version="$(git describe --tags HEAD)" + versiondate="$(git show -s --format=%ct)" fi versiondir="release/${version}" distname="libreboot_${version}_tobuild" @@ -84,6 +86,8 @@ fi # include version information printf '%s\n' "${version}" >"${distdir}/version" +# include version date information +printf '%s\n' "${versiondate}" >"${distdir}/versiondate" # that is all. now tar it up (cd "${versiondir}/" && tar -c "${distname}/" | xz -9e >"${distname}.tar.xz") diff --git a/resources/scripts/helpers/build/release/util b/resources/scripts/helpers/build/release/util index 1a0d72f..3e9910d 100755 --- a/resources/scripts/helpers/build/release/util +++ b/resources/scripts/helpers/build/release/util @@ -44,9 +44,11 @@ fi if [ -f "version" ]; then # _src release archive is being used version="$(cat version)" + versiondate="$(cat versiondate)" else # git repo is being used version="$(git describe --tags HEAD)" + versiondate="$(git show -s --format=%ct)" fi versiondir="release/${version}" distname="libreboot_${version}_util" @@ -76,6 +78,8 @@ fi # include version information printf '%s\n' "${version}" >"${distdir}/version" +# include version date information +printf '%s\n' "${versiondate}" >"${distdir}/versiondate" # -------------- # BUC.TS related diff --git a/resources/scripts/helpers/download/grub b/resources/scripts/helpers/download/grub index 0012974..f823deb 100755 --- a/resources/scripts/helpers/download/grub +++ b/resources/scripts/helpers/download/grub @@ -58,5 +58,10 @@ git am "../resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hy # hotfix from kl3 (merged from autoboot) (ditto) git am "../resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch" +# Needed for reproducible builds in GRUB +git am "../resources/grub/patch/reproducible/"\[PATCH\ v3\ 1_3\]\ mkstandalone\:\ add\ argument\ --fixed-time\ to\ override\ mtime\ of\ files.eml +git am "../resources/grub/patch/reproducible/"\[PATCH\ v3\ 2_3\]\ mkrescue\:\ add\ argument\ --fixed-time\ to\ get\ reproducible\ uuids.eml +git am "../resources/grub/patch/reproducible/"\[PATCH\ v3\ 3_3\]\ Makefile_coreboot\ use\ SOURCE_DATE_EPOCH\ as\ time\ source\ if\ set.eml + cd "../" printf "\n\n" diff --git a/resources/utilities/grub-assemble/gen.sh b/resources/utilities/grub-assemble/gen.sh index 36352a3..3c52a84 100755 --- a/resources/utilities/grub-assemble/gen.sh +++ b/resources/utilities/grub-assemble/gen.sh @@ -29,6 +29,14 @@ if [ $# != 1 ]; then exit 1 fi +if [ -f "../../../versiondate" ]; then + # _src release archive is being used + versiondate="$(cat ../../../versiondate)" +else + # git repo is being used + versiondate="$(git show -s --format=%ct)" +fi + # This is where GRUB is expected to be (outside of the grub-assemble, instead in main checkout) grubdir="../../../grub" @@ -51,6 +59,7 @@ if [ "${1}" = "vesafb" ]; then -o "grub_vesafb.elf" \ -d "${grubdir}/grub-core/" \ --fonts= --themes= --locales= \ + --fixed-time ${versiondate} \ --modules="${grub_modules}" \ --install-modules="${grub_install_modules}" \ /boot/grub/grub.cfg="../../../resources/grub/config/grub_memdisk.cfg" \ @@ -65,6 +74,7 @@ then -o "grub_txtmode.elf" \ -d "${grubdir}/grub-core/" \ --fonts= --themes= --locales= \ + --fixed-time ${versiondate} \ --modules="${grub_modules}" \ --install-modules="${grub_install_modules}" \ /boot/grub/grub.cfg="../../../resources/grub/config/grub_memdisk.cfg" \ |