Hi ipxe-devel, Please find the attached diff representing a patch I would like to submit for your consideration. This is a small change to the `src/Makefile.housekeeping` that makes the generation of most artifacts (notably not `*.usb` images) deterministic.
The scariest change here is the removal of the `BUILD_ID_CMD` in favor of an inlined shell snippet where the `_build_id` symbol is defined. In keeping with the comments that specify a unique `_build_id` for each `$(BIN)/%.tmp`, I use the first 8 characters of the md5sum of the target, in the expected base-prefixed hexadecimal representation. Calculating the likelihood of collisions I leave as an exercise to the reviewer. :D The `BUILD_TIMESTAMP` assignment has been changed to allow environment variable overriding, but it defaults to `SOURCE_DATE_EPOCH`. The source date epoch can also be overridden; it defaults to the Unix timestamp of the current git HEAD commit. I like reproducible builds, but I recognize that others have different concerns. I'm happy to change what needs changing. -- Neil Roza
diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping index 1dd14794..93c598d2 100644 --- a/src/Makefile.housekeeping +++ b/src/Makefile.housekeeping @@ -1163,14 +1163,22 @@ $(BLIB) : $(BLIB_OBJS) $(BLIB_LIST) $(MAKEDEPS) $(Q)$(RANLIB) $@ blib : $(BLIB) -# Command to generate build ID. Must be unique for each $(BIN)/%.tmp, -# even within the same build run. +# Source date epoch # -BUILD_ID_CMD := perl -e 'printf "0x%08x", int ( rand ( 0xffffffff ) );' +# Assumptions: +# * the first element in MAKEFILE_LIST is src/Makefile +# * we want the unix timestamp for the commit on the current git HEAD +# +# References: +# * https://reproducible-builds.org/specs/source-date-epoch/ +# * https://www.mankier.com/1/git-show +# +IPXE_DIR := $(abspath $(dir $(abspath $(firstword $(MAKEFILE_LIST))))/..) +SOURCE_DATE_EPOCH ?= $(shell git -C $(IPXE_DIR) show -s --format=%ct HEAD) # Build timestamp # -BUILD_TIMESTAMP := $(shell date +%s) +BUILD_TIMESTAMP ?= $(SOURCE_DATE_EPOCH) # Build version # @@ -1187,10 +1195,13 @@ $(BIN)/version.%.o : core/version.c $(MAKEDEPS) $(GIT_INDEX) # Build an intermediate object file from the objects required for the # specified target. # +# Note: each _build_id must be unique for each $(BIN)/%.tmp, even within the +# same build run. +# $(BIN)/%.tmp : $(BIN)/version.%.o $(BLIB) $(MAKEDEPS) $(LDSCRIPT) $(QM)$(ECHO) " [LD] $@" $(Q)$(LD) $(LDFLAGS) -T $(LDSCRIPT) $(TGT_LD_FLAGS) $< $(BLIB) -o $@ \ - --defsym _build_id=`$(BUILD_ID_CMD)` \ + --defsym _build_id="0x$$(echo $@ | md5sum | head -c8)" \ --defsym _build_timestamp=$(BUILD_TIMESTAMP) \ -Map $(BIN)/$*.tmp.map $(Q)$(OBJDUMP) -ht $@ | $(PERL) $(SORTOBJDUMP) >> $(BIN)/$*.tmp.map
_______________________________________________ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
