On 2024-10-02, James Addison wrote: > On Fri, 05 Jun 2015 02:37:38 -0400, Daniel wrote: >> > However, it won't be completely reproducible until we get a newer >> > version of xorriso in debian so that we can "-alter_date_r c" (see >> > #787793, which blocks this bug). > > On Sun, 25 Jul 2021 16:19:46 -0700, Vagrant wrote: >> Since newer versions of xorriso are now in Debian, I tried adding >> "-alter_date_r c" to xorriso calls, but it would seem xorriso doesn't >> support "-alter_date_r c" when used with "-as mkisofs". I'm not sure how >> difficult it would be to convert away from using "-as mkisofs" so that >> "-alter_date_r c" would be supportable... > > From inspecting the grub codebase and the commandline options to both xorriso > and xorrisofs (aka "xorriso -as mkisofs").. although it may in theory be > possible to convert to 'native' xorriso by migrating a lot of the command-line > construction, I think that it might be fragile and unnecessary work, because: > > ...there is a '--set_all_file_dates' command-line option[1] in xorrisofs that > seems to do what we want here. > > There's one other change required in grub-mkrescue alongside this in order to > achieve reproducible builds: we need it to read from the SOURCE_DATE_EPOCH env > var when set (currently grub-mkrescue always uses system clock time). > > Please find attached a patch that allows me to rebuild grub-rescue-cdrom.iso > deterministically on my local machine when SOURCE_DATE_EPOCH is set. I'll > also > offer this as a merge request on the Salsa repository[2].
I can confirm that this still applies for grub2 2.14-2, still is needed, and fixes the issue. Thanks! So that is one more known fix for grub2 reproducibility... live well, vagrant > From: James Addison <[email protected]> > Date: Tue, 01 Oct 2024 22:36:39 +0100 > Subject: grub2: build rescue ISO reproducibly > > Extend the xorriso command-line invocation to configure a specific > timestamp for all files during creation of Grub rescue ISO images. > > The timestamp to use is read from the SOURCE_DATE_EPOCH environment > variable when it is set. > > Bug-Debian: https://bugs.debian.org/787795 > --- > --- a/util/grub-mkrescue.c > +++ b/util/grub-mkrescue.c > @@ -576,7 +576,13 @@ > { > time_t tim; > struct tm *tmm; > - tim = time (NULL); > + /* https://reproducible-builds.org/docs/source-date-epoch/ */ > + char *source_date_epoch; > + /* This assumes that the SOURCE_DATE_EPOCH environment variable will > contain > + a correct, positive integer in the time_t range */ > + if ((source_date_epoch = getenv("SOURCE_DATE_EPOCH")) == NULL || > + (tim = (time_t)strtoll(source_date_epoch, NULL, 10)) <= 0) > + time(&tim); > tmm = gmtime (&tim); > iso_uuid = xmalloc (55); > grub_snprintf (iso_uuid, 50, > @@ -600,6 +606,19 @@ > xorriso_push (uuid_out); > free (uuid_out); > } > + { > + char *uuid_out = xmalloc (strlen (iso_uuid) + 1); > + char *optr; > + const char *iptr; > + optr = grub_stpcpy (uuid_out, ""); > + for (iptr = iso_uuid; *iptr; iptr++) > + if (*iptr != '-') > + *optr++ = *iptr; > + *optr = '\0'; > + xorriso_push ("--set_all_file_dates"); > + xorriso_push (uuid_out); > + free (uuid_out); > + } > > /* build BIOS core.img. */ > if (source_dirs[GRUB_INSTALL_PLATFORM_I386_PC])
signature.asc
Description: PGP signature
