Re: [Reproducible-builds] Reproducible U-Boot build support, using SOURCE_DATE_EPOCH
Le mercredi 30 septembre 2015 à 08:50 -0700, Vagrant Cascadian a écrit :
> On 2015-09-28, Paul Kocialkowski wrote:
> > What do you think? Please let me know if I'm wrong.
>
> This patch on top of 2015.10-rc4 seems to resolve the issue for me:
>
> Index: u-boot/tools/default_image.c
> ===
> --- u-boot.orig/tools/default_image.c
> +++ u-boot/tools/default_image.c
> @@ -108,8 +108,6 @@ static void image_set_header(void *ptr,
> fprintf(stderr, "%s: SOURCE_DATE_EPOCH is not valid\n",
> __func__);
> time = 0;
> - } else {
> - time = mktime(time_universal);
> }
> } else {
> time = sbuf->st_mtime;
>
>
> It still checks for the validity of SOURCE_DATE_EPOCH using gmtime, but
> doesn't call mktime at all, just re-uses the value set from
> SOURCE_DATE_EPOCH.
That's a good plan! I guess we should also fully get rid of the
time_universal variable and make the check inline:
if (gmtime(&time) == NULL)
and of course drop the else statement.
Would you like to craft that patch for upstream U-Boot?
If not, I'd be happy to do it.
Thanks for your work!
--
Paul Kocialkowski, Replicant developer
Replicant is a fully free Android distribution running on several
devices, a free software mobile operating system putting the emphasis on
freedom and privacy/security.
Website: https://www.replicant.us/
Blog: https://blog.replicant.us/
Wiki/tracker/forums: https://redmine.replicant.us/
signature.asc
Description: This is a digitally signed message part
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Reproducible U-Boot build support, using SOURCE_DATE_EPOCH
On 2015-09-28, Paul Kocialkowski wrote:
> Le jeudi 24 septembre 2015 à 09:05 -0700, Vagrant Cascadian a écrit :
>> I think the use of "time = mktime(time_universal);" is where the problem
>> lies:
>
> […]
>
>> According to the mktime manpage:
>>
>>The mktime() function converts a broken-down time structure,
>>expressed as local time, to calendar time representation.
>>
>> So my interpetation is that it's taking the UTC time and converts it
>> into local time using the configured timezone... not sure what would be
>> a viable alternative to mktime.
>
> That seems to make sense. Come to think of it, it probably was not
> necessary to call gmtime in the first place: if SOURCE_DATE_EPOCH is
> always in UTC, we should be able to stick that as-is in the time
> variable. At best, gmtime + mktime (assuming mktime working in UTC)
> would give us back the same timestamp.
>
> What do you think? Please let me know if I'm wrong.
This patch on top of 2015.10-rc4 seems to resolve the issue for me:
Index: u-boot/tools/default_image.c
===
--- u-boot.orig/tools/default_image.c
+++ u-boot/tools/default_image.c
@@ -108,8 +108,6 @@ static void image_set_header(void *ptr,
fprintf(stderr, "%s: SOURCE_DATE_EPOCH is not valid\n",
__func__);
time = 0;
- } else {
- time = mktime(time_universal);
}
} else {
time = sbuf->st_mtime;
It still checks for the validity of SOURCE_DATE_EPOCH using gmtime, but
doesn't call mktime at all, just re-uses the value set from
SOURCE_DATE_EPOCH.
live well,
vagrant
signature.asc
Description: PGP signature
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Reproducible U-Boot build support, using SOURCE_DATE_EPOCH
Le jeudi 24 septembre 2015 à 09:05 -0700, Vagrant Cascadian a écrit : > On 2015-07-26, Paul Kocialkowski wrote: > > In order to achieve reproducible builds in U-Boot, timestamps that are > > defined > > at build-time have to be somewhat eliminated. The SOURCE_DATE_EPOCH > > environment > > variable allows setting a fixed value for those timestamps. > ... > > However, some other devices might need some more tweaks, especially > > regarding > > the image generation tools. > > With this patch, there is still variation based on timezone in any of > the u-boot.img and u-boot-sunxi-with-spl.bin produced in the Debian > packages: > > https://reproducible.debian.net/rb-pkg/unstable/armhf/u-boot.html Thanks for reporting this! > The good news is that all the u-boot.bin targets are produced > reproducibly, so here's to progress! Good, that's a nice first step forward. > I think the use of "time = mktime(time_universal);" is where the problem > lies: […] > According to the mktime manpage: > >The mktime() function converts a broken-down time structure, >expressed as local time, to calendar time representation. > > So my interpetation is that it's taking the UTC time and converts it > into local time using the configured timezone... not sure what would be > a viable alternative to mktime. That seems to make sense. Come to think of it, it probably was not necessary to call gmtime in the first place: if SOURCE_DATE_EPOCH is always in UTC, we should be able to stick that as-is in the time variable. At best, gmtime + mktime (assuming mktime working in UTC) would give us back the same timestamp. What do you think? Please let me know if I'm wrong. > Running with the TZ=UTC environment variable exported works around the > problem; not sure if it would be appropriate to always run with TZ=UTC > when SOURCE_DATE_EPOCH is set... Well that's too much of a workaround to be a reliable solution for the long term, IMHO. -- Paul Kocialkowski, Replicant developer Replicant is a fully free Android distribution running on several devices, a free software mobile operating system putting the emphasis on freedom and privacy/security. Website: https://www.replicant.us/ Blog: https://blog.replicant.us/ Wiki/tracker/forums: https://redmine.replicant.us/ signature.asc Description: This is a digitally signed message part ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Reproducible U-Boot build support, using SOURCE_DATE_EPOCH
On 2015-07-26, Paul Kocialkowski wrote:
> In order to achieve reproducible builds in U-Boot, timestamps that are defined
> at build-time have to be somewhat eliminated. The SOURCE_DATE_EPOCH
> environment
> variable allows setting a fixed value for those timestamps.
...
> However, some other devices might need some more tweaks, especially regarding
> the image generation tools.
With this patch, there is still variation based on timezone in any of
the u-boot.img and u-boot-sunxi-with-spl.bin produced in the Debian
packages:
https://reproducible.debian.net/rb-pkg/unstable/armhf/u-boot.html
The good news is that all the u-boot.bin targets are produced
reproducibly, so here's to progress!
I think the use of "time = mktime(time_universal);" is where the problem
lies:
> diff --git a/tools/default_image.c b/tools/default_image.c
> index cf5c0d4..18940af 100644
> --- a/tools/default_image.c
> +++ b/tools/default_image.c
> @@ -96,9 +99,25 @@ static void image_set_header(void *ptr, struct stat *sbuf,
> int ifd,
> sizeof(image_header_t)),
> sbuf->st_size - sizeof(image_header_t));
>
> + source_date_epoch = getenv("SOURCE_DATE_EPOCH");
> + if (source_date_epoch != NULL) {
> + time = (time_t) strtol(source_date_epoch, NULL, 10);
> +
> + time_universal = gmtime(&time);
> + if (time_universal == NULL) {
> + fprintf(stderr, "%s: SOURCE_DATE_EPOCH is not valid\n",
> + __func__);
> + time = 0;
> + } else {
> + time = mktime(time_universal);
> + }
> + } else {
> + time = sbuf->st_mtime;
> + }
> +
> /* Build new header */
> image_set_magic(hdr, IH_MAGIC);
> - image_set_time(hdr, sbuf->st_mtime);
> + image_set_time(hdr, time);
> image_set_size(hdr, sbuf->st_size - sizeof(image_header_t));
> image_set_load(hdr, params->addr);
> image_set_ep(hdr, params->ep);
> --
> 1.9.1
According to the mktime manpage:
The mktime() function converts a broken-down time structure,
expressed as local time, to calendar time representation.
So my interpetation is that it's taking the UTC time and converts it
into local time using the configured timezone... not sure what would be
a viable alternative to mktime.
Running with the TZ=UTC environment variable exported works around the
problem; not sure if it would be appropriate to always run with TZ=UTC
when SOURCE_DATE_EPOCH is set...
live well,
vagrant
signature.asc
Description: PGP signature
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
