On 05.04.22 20:51, Daniel Golle wrote:
On Tue, Apr 05, 2022 at 05:05:43PM +0200, Felix Fietkau wrote:
On 05.04.22 03:14, Daniel Golle wrote:
> When building the Linux kernel, the linker generates a hash of all
> versions of tools involved in a build called BuildID in ELF header.
> This breaks reproducibility accross different buildhosts eventhough
> OpenWrt builds the toolchain from source -- the build-id hash ends up
> to be the only thing which differs in the resulting builds.
>
> The cause is most likely a result of the build hosts' architectures,
> OSs and standard C libraries being different.
>
> While in theory it is true that tools may produce a different output
> depending on archtecture, OS and libc of the buildhost, in practice
> this is (fortunately) hardly ever the case and hence it contradicts
> ld(1) which states:
>
> 'The "md5" and "sha1" styles produces an identifier that is always
> the same in an identical output file, but will be unique among all
> nonidentical output files.'
>
> (the kernel is using sha1 style build-id, rebuilding the kernel on a
> different buildhost results in everything being identical **except**
> for the build-id)
>
> Hence, to achieve reproducible builds we will either have to resort to
> identical containers/VMs for building or get rid of the BuildID hash
> alltogether (or use a different build-id style)
>
> At this point, this seems to be what Debian is doing as well in order
> to achieve reproducible kernel builds, see[1].
>
> [1]: https://wiki.debian.org/SameKernel#How_this_works
> Signed-off-by: Daniel Golle <dan...@makrotopia.org>
>
> diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
> index 1e82f7d739..9c8d5fbe97 100644
> --- a/include/kernel-defaults.mk
> +++ b/include/kernel-defaults.mk
> @@ -46,6 +46,7 @@ else
> if [ -d $(LINUX_DIR)/user_headers ]; then \
> rm -rf $(LINUX_DIR)/user_headers; \
> fi
> + $(SED) -i $(LINUX_DIR)/Makefile -e 's/--build-id=.*/--build-id=none/g'
I don't like running sed on the linux Makefile, as this interferes with
creating patches for it. I think it would be better to simply override
KBUILD_LDFLAGS_MODULE on the kernel/module build command line.
You probably meant LDFLAGS_vmlinux because from what I understand
KBUILD_LDFLAGS_MODULE only applies when building modules but not when
linking vmlinux.
As ld only cares about the last mentioned --build-id= parameter
supplied, we can override it using KBUILD_LDFLAGS (which should apply
to both, vmlinux.elf as well as modules).
I haven't tried any of that yet though.Right, I overlooked that one. Either way, you likely need to patch the
kernel in order to not have to override the full set of linker
arguments. I still think explicit patching + variable override is
preferable over sed based Makefile patching.
- Felix
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
