From 610ab4080996a2c6808ddbfdbddef4de102051d6 Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Sun, 06 Dec 2015 00:40:29 -0500 Subject: GRUB: really make it reproducible Use older version of Alexander's patches, for now. Wait until the final versions are merged upstream in GRUB. --- diff --git a/resources/grub/patch/reproducible/[PATCH v3 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml b/resources/grub/patch/reproducible/[PATCH 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml index 78d9f3d..a286772 100644 --- a/resources/grub/patch/reproducible/[PATCH v3 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml +++ b/resources/grub/patch/reproducible/[PATCH 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml @@ -1,45 +1,43 @@ Return-path: Envelope-to: info@gluglug.org.uk -Delivery-date: Fri, 04 Dec 2015 19:32:11 +0100 +Delivery-date: Fri, 04 Dec 2015 17:10:34 +0100 Received: from lists.gnu.org ([2001:4830:134:3::11]) by web006.ispnoc.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.85) (envelope-from ) - id 1a4v9P-00031J-Do - for info@gluglug.org.uk; Fri, 04 Dec 2015 19:32:11 +0100 -Received: from localhost ([::1]:42381 helo=lists.gnu.org) + id 1a4swM-00061k-EE + for info@gluglug.org.uk; Fri, 04 Dec 2015 17:10:34 +0100 +Received: from localhost ([::1]:41766 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) - id 1a4vA8-0001AP-Nv - for info@gluglug.org.uk; Fri, 04 Dec 2015 13:32:56 -0500 -Received: from eggs.gnu.org ([2001:4830:134:3::10]:47237) + id 1a4sx5-0000S1-CN + for info@gluglug.org.uk; Fri, 04 Dec 2015 11:11:19 -0500 +Received: from eggs.gnu.org ([2001:4830:134:3::10]:51210) by lists.gnu.org with esmtp (Exim 4.71) - (envelope-from ) id 1a4v9t-00019X-Nm - for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:42 -0500 + (envelope-from ) id 1a4swn-0000Rn-11 + for grub-devel@gnu.org; Fri, 04 Dec 2015 11:11:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) - (envelope-from ) id 1a4v9s-0005RN-RM - for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:41 -0500 -Received: from mail.base45.de ([2001:67c:2050:310::a:2]:47554) + (envelope-from ) id 1a4swl-0001ff-9D + for grub-devel@gnu.org; Fri, 04 Dec 2015 11:11:00 -0500 +Received: from mail.base45.de ([80.241.61.77]:53014) by eggs.gnu.org with esmtp (Exim 4.71) - (envelope-from ) id 1a4v9s-0005R9-Kq - for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:40 -0500 + (envelope-from ) id 1a4swl-0001fa-2e + for grub-devel@gnu.org; Fri, 04 Dec 2015 11:10:59 -0500 Received: from [2001:1a80:2259:2b1a:6042:6096:1de7:42c6] (helo=lazus.yip) by mail.base45.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA256:128) (Exim 4.82) (envelope-from ) - id 1a4v9n-0005Bc-ER; Fri, 04 Dec 2015 19:32:36 +0100 + id 1a4swf-0004UO-9W; Fri, 04 Dec 2015 17:10:53 +0100 From: Alexander Couzens To: grub-devel@gnu.org -Subject: [PATCH v3 1/3] mkstandalone: add argument --fixed-time to override - mtime of files -Date: Fri, 4 Dec 2015 19:32:20 +0100 -Message-Id: <1449253942-29510-2-git-send-email-lynxis@fe80.eu> +Subject: [PATCH 1/3] mkstandalone: add argument --fixed-time to override mtime + of files +Date: Fri, 4 Dec 2015 17:10:42 +0100 +Message-Id: <1449245444-17579-2-git-send-email-lynxis@fe80.eu> X-Mailer: git-send-email 2.6.3 -In-Reply-To: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> -References: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> In-Reply-To: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> References: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] -X-Received-From: 2001:67c:2050:310::a:2 +X-Received-From: 80.241.61.77 Cc: Alexander Couzens X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 @@ -67,11 +65,11 @@ Replacing all timestamps with a specific one is required to get reproducible builds. See source epoch specification of reproducible-builds.org --- - util/grub-mkstandalone.c | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) + util/grub-mkstandalone.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c -index 4907d44..779c13c 100644 +index 4907d44..047f0cd 100644 --- a/util/grub-mkstandalone.c +++ b/util/grub-mkstandalone.c @@ -30,6 +30,7 @@ @@ -86,7 +84,7 @@ index 4907d44..779c13c 100644 0, N_("save output in FILE [required]"), 2}, {"format", 'O', N_("FILE"), 0, 0, 2}, {"compression", 'C', "xz|none|auto", OPTION_HIDDEN, 0, 2}, -+ {"fixed-time", 0, N_("TIMEEPOCH"), 0, N_("Use a fixed timestamp to override mtime of all files. Time since epoch is used."), 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("Use a fixed timestamp to override mtime of all files. Time since epoch is used."), 2}, {0, 0, 0, 0, 0, 0} }; @@ -123,14 +121,6 @@ index 4907d44..779c13c 100644 optr = tcn = xmalloc (strlen (to) + 1); for (iptr = to; *iptr == '/'; iptr++); -@@ -293,6 +305,7 @@ main (int argc, char *argv[]) - const char *pkglibdir; - int i; - -+ fixed_time = -1; - grub_util_host_init (&argc, &argv); - grub_util_disable_fd_syncs (); - -- 2.6.3 diff --git a/resources/grub/patch/reproducible/[PATCH v3 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml b/resources/grub/patch/reproducible/[PATCH 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml index aba3421..f3ae15e 100644 --- a/resources/grub/patch/reproducible/[PATCH v3 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml +++ b/resources/grub/patch/reproducible/[PATCH 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml @@ -1,45 +1,43 @@ Return-path: Envelope-to: info@gluglug.org.uk -Delivery-date: Fri, 04 Dec 2015 19:32:23 +0100 +Delivery-date: Fri, 04 Dec 2015 17:10:39 +0100 Received: from lists.gnu.org ([2001:4830:134:3::11]) by web006.ispnoc.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.85) (envelope-from ) - id 1a4v9b-00031k-C8 - for info@gluglug.org.uk; Fri, 04 Dec 2015 19:32:23 +0100 -Received: from localhost ([::1]:42383 helo=lists.gnu.org) + id 1a4swQ-00061v-Qn + for info@gluglug.org.uk; Fri, 04 Dec 2015 17:10:39 +0100 +Received: from localhost ([::1]:41769 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) - id 1a4vAK-0001dX-UT - for info@gluglug.org.uk; Fri, 04 Dec 2015 13:33:08 -0500 -Received: from eggs.gnu.org ([2001:4830:134:3::10]:47323) + id 1a4sxA-0000V7-EW + for info@gluglug.org.uk; Fri, 04 Dec 2015 11:11:24 -0500 +Received: from eggs.gnu.org ([2001:4830:134:3::10]:51231) by lists.gnu.org with esmtp (Exim 4.71) - (envelope-from ) id 1a4v9w-0001Aj-CB - for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:45 -0500 + (envelope-from ) id 1a4swo-0000Rx-IS + for grub-devel@gnu.org; Fri, 04 Dec 2015 11:11:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) - (envelope-from ) id 1a4v9v-0005SE-Ei - for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:44 -0500 -Received: from mail.base45.de ([2001:67c:2050:310::a:2]:41968) + (envelope-from ) id 1a4swn-0001gC-Ia + for grub-devel@gnu.org; Fri, 04 Dec 2015 11:11:02 -0500 +Received: from mail.base45.de ([80.241.61.77]:34435) by eggs.gnu.org with esmtp (Exim 4.71) - (envelope-from ) id 1a4v9v-0005SA-8Z - for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:43 -0500 + (envelope-from ) id 1a4swn-0001g3-C1 + for grub-devel@gnu.org; Fri, 04 Dec 2015 11:11:01 -0500 Received: from [2001:1a80:2259:2b1a:6042:6096:1de7:42c6] (helo=lazus.yip) by mail.base45.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA256:128) (Exim 4.82) (envelope-from ) - id 1a4v9p-0005Bc-Qw; Fri, 04 Dec 2015 19:32:38 +0100 + id 1a4swh-0004UO-38; Fri, 04 Dec 2015 17:10:56 +0100 From: Alexander Couzens To: grub-devel@gnu.org -Subject: [PATCH v3 2/3] mkrescue: add argument --fixed-time to get - reproducible uuids -Date: Fri, 4 Dec 2015 19:32:21 +0100 -Message-Id: <1449253942-29510-3-git-send-email-lynxis@fe80.eu> +Subject: [PATCH 2/3] mkrescue: add argument --fixed-time to get reproducible + uuids +Date: Fri, 4 Dec 2015 17:10:43 +0100 +Message-Id: <1449245444-17579-3-git-send-email-lynxis@fe80.eu> X-Mailer: git-send-email 2.6.3 -In-Reply-To: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> -References: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> In-Reply-To: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> References: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] -X-Received-From: 2001:67c:2050:310::a:2 +X-Received-From: 80.241.61.77 Cc: Alexander Couzens X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 @@ -61,11 +59,11 @@ Sender: grub-devel-bounces+info=gluglug.org.uk@gnu.org The uuid generation is based on the time. --- - util/grub-mkrescue.c | 16 +++++++++++++++- - 1 file changed, 15 insertions(+), 1 deletion(-) + util/grub-mkrescue.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c -index 4511826..1af1da2 100644 +index 4511826..164c4e1 100644 --- a/util/grub-mkrescue.c +++ b/util/grub-mkrescue.c @@ -52,6 +52,7 @@ static int xorriso_arg_alloc; @@ -80,7 +78,7 @@ index 4511826..1af1da2 100644 {"product-version", OPTION_PRODUCT_VERSION, N_("STRING"), 0, N_("use STRING as product version"), 2}, {"sparc-boot", OPTION_SPARC_BOOT, 0, 0, N_("enable sparc boot. Disables HFS+, APM, ARCS and boot as disk image for i386-pc"), 2}, {"arcs-boot", OPTION_ARCS_BOOT, 0, 0, N_("enable ARCS (big-endian mips machines, mostly SGI) boot. Disables HFS+, APM, sparc64 and boot as disk image for i386-pc"), 2}, -+ {"fixed-time", 0, N_("TIMEEPOCH"), 0, N_("use a fixed timestamp for uuid generation"), 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("use a fixed timestamp for uuid generation"), 2}, {0, 0, 0, 0, 0, 0} }; @@ -109,15 +107,7 @@ index 4511826..1af1da2 100644 default: return ARGP_ERR_UNKNOWN; } -@@ -431,6 +444,7 @@ main (int argc, char *argv[]) - - pkgdatadir = grub_util_get_pkgdatadir (); - -+ fixed_time = -1; - product_name = xstrdup (PACKAGE_NAME); - product_version = xstrdup (PACKAGE_VERSION); - xorriso = xstrdup ("xorriso"); -@@ -541,7 +555,7 @@ main (int argc, char *argv[]) +@@ -541,7 +554,7 @@ main (int argc, char *argv[]) { time_t tim; struct tm *tmm; diff --git a/resources/grub/patch/reproducible/[PATCH v3 3_3] Makefile_coreboot use SOURCE_DATE_EPOCH as time source if set.eml b/resources/grub/patch/reproducible/[PATCH 3_3] Makefile: use FIXED_TIMESTAMP for mkstandalone if set.eml index 941c3c8..d682428 100644 --- a/resources/grub/patch/reproducible/[PATCH v3 3_3] Makefile_coreboot use SOURCE_DATE_EPOCH as time source if set.eml +++ b/resources/grub/patch/reproducible/[PATCH 3_3] Makefile: use FIXED_TIMESTAMP for mkstandalone if set.eml @@ -1,45 +1,42 @@ Return-path: Envelope-to: info@gluglug.org.uk -Delivery-date: Fri, 04 Dec 2015 19:32:34 +0100 +Delivery-date: Fri, 04 Dec 2015 17:10:54 +0100 Received: from lists.gnu.org ([2001:4830:134:3::11]) by web006.ispnoc.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.85) (envelope-from ) - id 1a4v9m-00031s-OY - for info@gluglug.org.uk; Fri, 04 Dec 2015 19:32:34 +0100 -Received: from localhost ([::1]:42385 helo=lists.gnu.org) + id 1a4swg-00062N-3J + for info@gluglug.org.uk; Fri, 04 Dec 2015 17:10:54 +0100 +Received: from localhost ([::1]:41772 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) - id 1a4vAW-0001tH-Ey - for info@gluglug.org.uk; Fri, 04 Dec 2015 13:33:20 -0500 -Received: from eggs.gnu.org ([2001:4830:134:3::10]:47408) + id 1a4sxP-0001CF-Pg + for info@gluglug.org.uk; Fri, 04 Dec 2015 11:11:39 -0500 +Received: from eggs.gnu.org ([2001:4830:134:3::10]:51253) by lists.gnu.org with esmtp (Exim 4.71) - (envelope-from ) id 1a4v9y-0001Ff-QQ - for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:47 -0500 + (envelope-from ) id 1a4swq-0000Ub-R2 + for grub-devel@gnu.org; Fri, 04 Dec 2015 11:11:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) - (envelope-from ) id 1a4v9x-0005T1-VU - for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:46 -0500 -Received: from mail.base45.de ([2001:67c:2050:310::a:2]:34296) + (envelope-from ) id 1a4swp-0001gz-TF + for grub-devel@gnu.org; Fri, 04 Dec 2015 11:11:04 -0500 +Received: from mail.base45.de ([80.241.61.77]:57535) by eggs.gnu.org with esmtp (Exim 4.71) - (envelope-from ) id 1a4v9x-0005Ss-PW - for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:45 -0500 + (envelope-from ) id 1a4swp-0001go-O8 + for grub-devel@gnu.org; Fri, 04 Dec 2015 11:11:03 -0500 Received: from [2001:1a80:2259:2b1a:6042:6096:1de7:42c6] (helo=lazus.yip) by mail.base45.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA256:128) (Exim 4.82) (envelope-from ) - id 1a4v9s-0005Bc-8z; Fri, 04 Dec 2015 19:32:41 +0100 + id 1a4swj-0004UO-KJ; Fri, 04 Dec 2015 17:10:58 +0100 From: Alexander Couzens To: grub-devel@gnu.org -Subject: [PATCH v3 3/3] Makefile/coreboot use SOURCE_DATE_EPOCH as time source - if set -Date: Fri, 4 Dec 2015 19:32:22 +0100 -Message-Id: <1449253942-29510-4-git-send-email-lynxis@fe80.eu> +Subject: [PATCH 3/3] Makefile: use FIXED_TIMESTAMP for mkstandalone if set +Date: Fri, 4 Dec 2015 17:10:44 +0100 +Message-Id: <1449245444-17579-4-git-send-email-lynxis@fe80.eu> X-Mailer: git-send-email 2.6.3 -In-Reply-To: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> -References: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> In-Reply-To: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> References: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] -X-Received-From: 2001:67c:2050:310::a:2 +X-Received-From: 80.241.61.77 Cc: Alexander Couzens X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 @@ -63,14 +60,13 @@ mkstandalone sets timestamps for files which can be overriden by a fixed_timesta This makes it possible to build reproducible builds for coreboot. To build a reproducible build of grub for coreboot do: -export SOURCE_DATE_EPOCH=1134242 -make default_payload.elf +make default_payload.elf FIXED_TIMESTAMP=1134242 --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am -index 994ebbd..5c756d7 100644 +index 994ebbd..37a7cc4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -403,7 +403,7 @@ bootcheck: $(BOOTCHECKS) @@ -78,7 +74,7 @@ index 994ebbd..5c756d7 100644 if COND_i386_coreboot default_payload.elf: grub-mkstandalone grub-mkimage - pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg -+ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(SOURCE_DATE_EPOCH),-t $(SOURCE_DATE_EPOCH)) ++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP)) endif endif diff --git a/resources/scripts/helpers/download/grub b/resources/scripts/helpers/download/grub index f823deb..59d5664 100755 --- a/resources/scripts/helpers/download/grub +++ b/resources/scripts/helpers/download/grub @@ -59,9 +59,9 @@ git am "../resources/grub/patch/grub.johnlane.ie/0005-Cryptomount-support-for-hy git am "../resources/grub/patch/grub.johnlane.ie/0006-grub-core-disk-cryptodisk.c-Point-to-const-char.patch" # Needed for reproducible builds in GRUB -git am "../resources/grub/patch/reproducible/"\[PATCH\ v3\ 1_3\]\ mkstandalone\:\ add\ argument\ --fixed-time\ to\ override\ mtime\ of\ files.eml -git am "../resources/grub/patch/reproducible/"\[PATCH\ v3\ 2_3\]\ mkrescue\:\ add\ argument\ --fixed-time\ to\ get\ reproducible\ uuids.eml -git am "../resources/grub/patch/reproducible/"\[PATCH\ v3\ 3_3\]\ Makefile_coreboot\ use\ SOURCE_DATE_EPOCH\ as\ time\ source\ if\ set.eml +git am "../resources/grub/patch/reproducible/"\[PATCH\ 1_3\]\ mkstandalone\:\ add\ argument\ --fixed-time\ to\ override\ mtime\ of\ files.eml +git am "../resources/grub/patch/reproducible/"\[PATCH\ 2_3\]\ mkrescue\:\ add\ argument\ --fixed-time\ to\ get\ reproducible\ uuids.eml +git am "../resources/grub/patch/reproducible/"\[PATCH\ 3_3\]\ Makefile\:\ use\ FIXED_TIMESTAMP\ for\ mkstandalone\ if\ set.eml cd "../" printf "\n\n" -- cgit v0.9.1