[U-Boot] [PATCH] Set time and umask on multi-dtb fit images to ensure reproducibile builds.
When building compressed (lzop, gzip) multi-dtb fit images, the compression tool may embed the time or umask in the image.
Work around this by manually setting the time of the source file using SOURCE_DATE_EPOCH and a hard-coded 0600 umask.
With gzip, this could be accomplished by using -n/--no-name, but lzop has no current workaround:
https://bugs.debian.org/896520
Signed-off-by: Vagrant Cascadian vagrant@debian.org ---
scripts/Makefile.spl | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/scripts/Makefile.spl b/scripts/Makefile.spl index 057389997d..ef018b5b40 100644 --- a/scripts/Makefile.spl +++ b/scripts/Makefile.spl @@ -391,6 +391,10 @@ MKIMAGEFLAGS_$(SPL_BIN).multidtb.fit = -f auto -A $(ARCH) -T firmware -C none -O
$(obj)/$(SPL_BIN).multidtb.fit: /dev/null $(SHRUNK_ARCH_DTB) FORCE $(call if_changed,mkimage) +ifneq ($(SOURCE_DATE_EPOCH),) + touch -d @$(SOURCE_DATE_EPOCH) $(obj)/$(SPL_BIN).multidtb.fit + chmod 0600 $(obj)/$(SPL_BIN).multidtb.fit +endif
$(obj)/$(SPL_BIN).multidtb.fit.gz: $(obj)/$(SPL_BIN).multidtb.fit @gzip -kf9 $< > $@
On Sun, Jun 03, 2018 at 12:26:57PM -0700, Vagrant Cascadian wrote:
When building compressed (lzop, gzip) multi-dtb fit images, the compression tool may embed the time or umask in the image.
Work around this by manually setting the time of the source file using SOURCE_DATE_EPOCH and a hard-coded 0600 umask.
With gzip, this could be accomplished by using -n/--no-name, but lzop has no current workaround:
https://bugs.debian.org/896520
Signed-off-by: Vagrant Cascadian vagrant@debian.org
Applied to u-boot/master, thanks!
participants (2)
-
Tom Rini -
Vagrant Cascadian