From 26d16fa5cdc9e351fcb582104cf8c7b3bf9ddaf0 Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Fri, 04 Dec 2015 14:03:52 -0500 Subject: grub: build reproducibly --- (limited to 'resources/grub') diff --git a/resources/grub/patch/reproducible/[PATCH v3 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml b/resources/grub/patch/reproducible/[PATCH v3 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml new file mode 100644 index 0000000..78d9f3d --- /dev/null +++ b/resources/grub/patch/reproducible/[PATCH v3 1_3] mkstandalone: add argument --fixed-time to override mtime of files.eml @@ -0,0 +1,141 @@ +Return-path: +Envelope-to: info@gluglug.org.uk +Delivery-date: Fri, 04 Dec 2015 19:32:11 +0100 +Received: from lists.gnu.org ([2001:4830:134:3::11]) + by web006.ispnoc.net with esmtps (TLSv1:AES256-SHA:256) + (Exim 4.85) + (envelope-from ) + id 1a4v9P-00031J-Do + for info@gluglug.org.uk; Fri, 04 Dec 2015 19:32:11 +0100 +Received: from localhost ([::1]:42381 helo=lists.gnu.org) + by lists.gnu.org with esmtp (Exim 4.71) + (envelope-from ) + id 1a4vA8-0001AP-Nv + for info@gluglug.org.uk; Fri, 04 Dec 2015 13:32:56 -0500 +Received: from eggs.gnu.org ([2001:4830:134:3::10]:47237) + by lists.gnu.org with esmtp (Exim 4.71) + (envelope-from ) id 1a4v9t-00019X-Nm + for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:42 -0500 +Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) + (envelope-from ) id 1a4v9s-0005RN-RM + for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:41 -0500 +Received: from mail.base45.de ([2001:67c:2050:310::a:2]:47554) + by eggs.gnu.org with esmtp (Exim 4.71) + (envelope-from ) id 1a4v9s-0005R9-Kq + for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:40 -0500 +Received: from [2001:1a80:2259:2b1a:6042:6096:1de7:42c6] (helo=lazus.yip) + by mail.base45.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA256:128) + (Exim 4.82) (envelope-from ) + id 1a4v9n-0005Bc-ER; Fri, 04 Dec 2015 19:32:36 +0100 +From: Alexander Couzens +To: grub-devel@gnu.org +Subject: [PATCH v3 1/3] mkstandalone: add argument --fixed-time to override + mtime of files +Date: Fri, 4 Dec 2015 19:32:20 +0100 +Message-Id: <1449253942-29510-2-git-send-email-lynxis@fe80.eu> +X-Mailer: git-send-email 2.6.3 +In-Reply-To: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> +References: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> +In-Reply-To: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> +References: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> +X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] +X-Received-From: 2001:67c:2050:310::a:2 +Cc: Alexander Couzens +X-BeenThere: grub-devel@gnu.org +X-Mailman-Version: 2.1.14 +Precedence: list +Reply-To: The development of GNU GRUB +List-Id: The development of GNU GRUB +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +MIME-Version: 1.0 +Content-Type: text/plain; charset="us-ascii" +Content-Transfer-Encoding: 7bit +Errors-To: grub-devel-bounces+info=gluglug.org.uk@gnu.org +Sender: grub-devel-bounces+info=gluglug.org.uk@gnu.org + +mkstandalone adds several files to an archive. Doing this it uses the +mtime to give these files a timestamp. +--fixed-time overrides these timestamps with a given. + +Replacing all timestamps with a specific one is required +to get reproducible builds. See source epoch specification of +reproducible-builds.org +--- + util/grub-mkstandalone.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44..779c13c 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -30,6 +30,7 @@ + #pragma GCC diagnostic error "-Wmissing-prototypes" + #pragma GCC diagnostic error "-Wmissing-declarations" + ++static time_t fixed_time; + static char *output_image; + static char **files; + static int nfiles; +@@ -48,6 +49,7 @@ static struct argp_option options[] = { + 0, N_("save output in FILE [required]"), 2}, + {"format", 'O', N_("FILE"), 0, 0, 2}, + {"compression", 'C', "xz|none|auto", OPTION_HIDDEN, 0, 2}, ++ {"fixed-time", 0, N_("TIMEEPOCH"), 0, N_("Use a fixed timestamp to override mtime of all files. Time since epoch is used."), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -72,6 +74,7 @@ help_filter (int key, const char *text, void *input __attribute__ ((unused))) + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; + if (key == 'C') + key = GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS; + +@@ -80,6 +83,14 @@ argp_parser (int key, char *arg, struct argp_state *state) + + switch (key) + { ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ break; + + case 'o': + if (output_image) +@@ -192,7 +203,8 @@ add_tar_file (const char *from, + if (grub_util_is_special_file (from)) + return; + +- mtime = grub_util_get_mtime (from); ++ /* use fixed_time if given for mtime */ ++ mtime = fixed_time != -1 ? fixed_time : grub_util_get_mtime (from); + + optr = tcn = xmalloc (strlen (to) + 1); + for (iptr = to; *iptr == '/'; iptr++); +@@ -293,6 +305,7 @@ main (int argc, char *argv[]) + const char *pkglibdir; + int i; + ++ fixed_time = -1; + grub_util_host_init (&argc, &argv); + grub_util_disable_fd_syncs (); + +-- +2.6.3 + + +_______________________________________________ +Grub-devel mailing list +Grub-devel@gnu.org +https://lists.gnu.org/mailman/listinfo/grub-devel diff --git a/resources/grub/patch/reproducible/[PATCH v3 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml b/resources/grub/patch/reproducible/[PATCH v3 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml new file mode 100644 index 0000000..aba3421 --- /dev/null +++ b/resources/grub/patch/reproducible/[PATCH v3 2_3] mkrescue: add argument --fixed-time to get reproducible uuids.eml @@ -0,0 +1,136 @@ +Return-path: +Envelope-to: info@gluglug.org.uk +Delivery-date: Fri, 04 Dec 2015 19:32:23 +0100 +Received: from lists.gnu.org ([2001:4830:134:3::11]) + by web006.ispnoc.net with esmtps (TLSv1:AES256-SHA:256) + (Exim 4.85) + (envelope-from ) + id 1a4v9b-00031k-C8 + for info@gluglug.org.uk; Fri, 04 Dec 2015 19:32:23 +0100 +Received: from localhost ([::1]:42383 helo=lists.gnu.org) + by lists.gnu.org with esmtp (Exim 4.71) + (envelope-from ) + id 1a4vAK-0001dX-UT + for info@gluglug.org.uk; Fri, 04 Dec 2015 13:33:08 -0500 +Received: from eggs.gnu.org ([2001:4830:134:3::10]:47323) + by lists.gnu.org with esmtp (Exim 4.71) + (envelope-from ) id 1a4v9w-0001Aj-CB + for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:45 -0500 +Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) + (envelope-from ) id 1a4v9v-0005SE-Ei + for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:44 -0500 +Received: from mail.base45.de ([2001:67c:2050:310::a:2]:41968) + by eggs.gnu.org with esmtp (Exim 4.71) + (envelope-from ) id 1a4v9v-0005SA-8Z + for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:43 -0500 +Received: from [2001:1a80:2259:2b1a:6042:6096:1de7:42c6] (helo=lazus.yip) + by mail.base45.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA256:128) + (Exim 4.82) (envelope-from ) + id 1a4v9p-0005Bc-Qw; Fri, 04 Dec 2015 19:32:38 +0100 +From: Alexander Couzens +To: grub-devel@gnu.org +Subject: [PATCH v3 2/3] mkrescue: add argument --fixed-time to get + reproducible uuids +Date: Fri, 4 Dec 2015 19:32:21 +0100 +Message-Id: <1449253942-29510-3-git-send-email-lynxis@fe80.eu> +X-Mailer: git-send-email 2.6.3 +In-Reply-To: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> +References: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> +In-Reply-To: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> +References: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> +X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] +X-Received-From: 2001:67c:2050:310::a:2 +Cc: Alexander Couzens +X-BeenThere: grub-devel@gnu.org +X-Mailman-Version: 2.1.14 +Precedence: list +Reply-To: The development of GNU GRUB +List-Id: The development of GNU GRUB +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +MIME-Version: 1.0 +Content-Type: text/plain; charset="us-ascii" +Content-Transfer-Encoding: 7bit +Errors-To: grub-devel-bounces+info=gluglug.org.uk@gnu.org +Sender: grub-devel-bounces+info=gluglug.org.uk@gnu.org + +The uuid generation is based on the time. +--- + util/grub-mkrescue.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 4511826..1af1da2 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -52,6 +52,7 @@ static int xorriso_arg_alloc; + static char **xorriso_argv; + static char *iso_uuid; + static char *iso9660_dir; ++static time_t fixed_time; + + static void + xorriso_push (const char *val) +@@ -110,6 +111,7 @@ static struct argp_option options[] = { + {"product-version", OPTION_PRODUCT_VERSION, N_("STRING"), 0, N_("use STRING as product version"), 2}, + {"sparc-boot", OPTION_SPARC_BOOT, 0, 0, N_("enable sparc boot. Disables HFS+, APM, ARCS and boot as disk image for i386-pc"), 2}, + {"arcs-boot", OPTION_ARCS_BOOT, 0, 0, N_("enable ARCS (big-endian mips machines, mostly SGI) boot. Disables HFS+, APM, sparc64 and boot as disk image for i386-pc"), 2}, ++ {"fixed-time", 0, N_("TIMEEPOCH"), 0, N_("use a fixed timestamp for uuid generation"), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -153,6 +155,8 @@ enum { + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; ++ + if (grub_install_parse (key, arg)) + return 0; + switch (key) +@@ -212,6 +216,15 @@ argp_parser (int key, char *arg, struct argp_state *state) + xorriso = xstrdup (arg); + return 0; + ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ return 0; ++ + default: + return ARGP_ERR_UNKNOWN; + } +@@ -431,6 +444,7 @@ main (int argc, char *argv[]) + + pkgdatadir = grub_util_get_pkgdatadir (); + ++ fixed_time = -1; + product_name = xstrdup (PACKAGE_NAME); + product_version = xstrdup (PACKAGE_VERSION); + xorriso = xstrdup ("xorriso"); +@@ -541,7 +555,7 @@ main (int argc, char *argv[]) + { + time_t tim; + struct tm *tmm; +- tim = time (NULL); ++ tim = fixed_time != -1 ? fixed_time : time (NULL); + tmm = gmtime (&tim); + iso_uuid = xmalloc (55); + grub_snprintf (iso_uuid, 50, +-- +2.6.3 + + +_______________________________________________ +Grub-devel mailing list +Grub-devel@gnu.org +https://lists.gnu.org/mailman/listinfo/grub-devel diff --git a/resources/grub/patch/reproducible/[PATCH v3 3_3] Makefile_coreboot use SOURCE_DATE_EPOCH as time source if set.eml b/resources/grub/patch/reproducible/[PATCH v3 3_3] Makefile_coreboot use SOURCE_DATE_EPOCH as time source if set.eml new file mode 100644 index 0000000..941c3c8 --- /dev/null +++ b/resources/grub/patch/reproducible/[PATCH v3 3_3] Makefile_coreboot use SOURCE_DATE_EPOCH as time source if set.eml @@ -0,0 +1,92 @@ +Return-path: +Envelope-to: info@gluglug.org.uk +Delivery-date: Fri, 04 Dec 2015 19:32:34 +0100 +Received: from lists.gnu.org ([2001:4830:134:3::11]) + by web006.ispnoc.net with esmtps (TLSv1:AES256-SHA:256) + (Exim 4.85) + (envelope-from ) + id 1a4v9m-00031s-OY + for info@gluglug.org.uk; Fri, 04 Dec 2015 19:32:34 +0100 +Received: from localhost ([::1]:42385 helo=lists.gnu.org) + by lists.gnu.org with esmtp (Exim 4.71) + (envelope-from ) + id 1a4vAW-0001tH-Ey + for info@gluglug.org.uk; Fri, 04 Dec 2015 13:33:20 -0500 +Received: from eggs.gnu.org ([2001:4830:134:3::10]:47408) + by lists.gnu.org with esmtp (Exim 4.71) + (envelope-from ) id 1a4v9y-0001Ff-QQ + for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:47 -0500 +Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) + (envelope-from ) id 1a4v9x-0005T1-VU + for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:46 -0500 +Received: from mail.base45.de ([2001:67c:2050:310::a:2]:34296) + by eggs.gnu.org with esmtp (Exim 4.71) + (envelope-from ) id 1a4v9x-0005Ss-PW + for grub-devel@gnu.org; Fri, 04 Dec 2015 13:32:45 -0500 +Received: from [2001:1a80:2259:2b1a:6042:6096:1de7:42c6] (helo=lazus.yip) + by mail.base45.de with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA256:128) + (Exim 4.82) (envelope-from ) + id 1a4v9s-0005Bc-8z; Fri, 04 Dec 2015 19:32:41 +0100 +From: Alexander Couzens +To: grub-devel@gnu.org +Subject: [PATCH v3 3/3] Makefile/coreboot use SOURCE_DATE_EPOCH as time source + if set +Date: Fri, 4 Dec 2015 19:32:22 +0100 +Message-Id: <1449253942-29510-4-git-send-email-lynxis@fe80.eu> +X-Mailer: git-send-email 2.6.3 +In-Reply-To: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> +References: <1449253942-29510-1-git-send-email-lynxis@fe80.eu> +In-Reply-To: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> +References: <1449245444-17579-1-git-send-email-lynxis@fe80.eu> +X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] +X-Received-From: 2001:67c:2050:310::a:2 +Cc: Alexander Couzens +X-BeenThere: grub-devel@gnu.org +X-Mailman-Version: 2.1.14 +Precedence: list +Reply-To: The development of GNU GRUB +List-Id: The development of GNU GRUB +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +MIME-Version: 1.0 +Content-Type: text/plain; charset="us-ascii" +Content-Transfer-Encoding: 7bit +Errors-To: grub-devel-bounces+info=gluglug.org.uk@gnu.org +Sender: grub-devel-bounces+info=gluglug.org.uk@gnu.org + +mkstandalone sets timestamps for files which can be overriden by a fixed_timestamp. +This makes it possible to build reproducible builds for coreboot. + +To build a reproducible build of grub for coreboot do: +export SOURCE_DATE_EPOCH=1134242 +make default_payload.elf +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 994ebbd..5c756d7 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -403,7 +403,7 @@ bootcheck: $(BOOTCHECKS) + + if COND_i386_coreboot + default_payload.elf: grub-mkstandalone grub-mkimage +- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg ++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos xfs ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(SOURCE_DATE_EPOCH),-t $(SOURCE_DATE_EPOCH)) + endif + + endif +-- +2.6.3 + + +_______________________________________________ +Grub-devel mailing list +Grub-devel@gnu.org +https://lists.gnu.org/mailman/listinfo/grub-devel -- cgit v0.9.1