[U-Boot] [PATCH v2 0/3] Tidy up support for compressed fit-dtb.blob.
Support for compressed fit-dtb.blob was added in:
commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
This introduces reproducibility issues as the timestamp and umask may be embedded in the output when using gzip, lzop or possibly other compression tools if added later. The included patch works around this by setting the date and umask on the file when SOURCE_DATE_EPOCH is set.
This is essentially the same fix applied to multi-dtb fit SPL images in:
commit 8664ab7debab ("Set time and umask on multi-dtb fit images to ensure reproducibile builds.")
The compressed files were not added to gitignore or the clean targets, and the other two patches in this series adds them.
Changes in v2: - Mention commit where compressed fit-dtb.blob were introduced. - Mention commit where compressed fit-dtb.blob were introduced. - Add reference to similar fix in multi-dtb fit SPL images - Mention commit where compressed fit-dtb.blob were introduced.
Vagrant Cascadian (3): Add fit-dtb.blob* to .gitignore. Remove fit-dtb.blob* in clean target. Set time and umask on fit-dtb.blob to ensure reproducibile builds.
.gitignore | 2 +- Makefile | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-)
Support for compressed fit-dtb.blob was added in:
commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
Adjust .gitignore to also exclude compressed blobs.
Signed-off-by: Vagrant Cascadian vagrant@reproducible-builds.org ---
Changes in v2: - Mention commit where compressed fit-dtb.blob were introduced.
.gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitignore b/.gitignore index c2afcfbca2..d8b7b77844 100644 --- a/.gitignore +++ b/.gitignore @@ -35,7 +35,7 @@ # # Top-level generic files # -fit-dtb.blob +fit-dtb.blob* /MLO* /SPL* /System.map
On Thu, May 02, 2019 at 11:14:10AM -0700, Vagrant Cascadian wrote:
Support for compressed fit-dtb.blob was added in:
commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
Adjust .gitignore to also exclude compressed blobs.
Signed-off-by: Vagrant Cascadian vagrant@reproducible-builds.org
Applied to u-boot/master, thanks!
Support for compressed fit-dtb.blob was added in:
commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
Adjust Makefile to also clean compressed blobs.
Signed-off-by: Vagrant Cascadian vagrant@reproducible-builds.org ---
Changes in v2: - Mention commit where compressed fit-dtb.blob were introduced.
Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile index d6a6ef19ab..68f2327bea 100644 --- a/Makefile +++ b/Makefile @@ -1779,7 +1779,7 @@ CLEAN_DIRS += $(MODVERDIR) \ $(filter-out include, $(shell ls -1 $d 2>/dev/null))))
CLEAN_FILES += include/bmp_logo.h include/bmp_logo_data.h \ - boot* u-boot* MLO* SPL System.map fit-dtb.blob + boot* u-boot* MLO* SPL System.map fit-dtb.blob*
# Directories & files removed with 'make mrproper' MRPROPER_DIRS += include/config include/generated spl tpl \
On Thu, May 02, 2019 at 11:14:11AM -0700, Vagrant Cascadian wrote:
Support for compressed fit-dtb.blob was added in:
commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
Adjust Makefile to also clean compressed blobs.
Signed-off-by: Vagrant Cascadian vagrant@reproducible-builds.org
Applied to u-boot/master, thanks!
Support for compressed fit-dtb.blob was added in:
commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
When building compressed (lzop, gzip) fit-dtb.blob images, the compression tool may embed the time or umask in the image.
Work around this by manually setting the time of the source file using SOURCE_DATE_EPOCH and a hard-coded 0600 umask.
With gzip, this could be accomplished by using -n/--no-name, but lzop has no current workaround:
https://bugs.debian.org/896520
This is essentially the same fix applied to multi-dtb fit SPL images in:
commit 8664ab7debab ("Set time and umask on multi-dtb fit images to ensure reproducibile builds.")
Signed-off-by: Vagrant Cascadian vagrant@reproducible-builds.org ---
Changes in v2: - Add reference to similar fix in multi-dtb fit SPL images - Mention commit where compressed fit-dtb.blob were introduced.
Makefile | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/Makefile b/Makefile index 68f2327bea..cff5ea4c5f 100644 --- a/Makefile +++ b/Makefile @@ -1047,6 +1047,10 @@ fit-dtb.blob.lzo: fit-dtb.blob
fit-dtb.blob: dts/dt.dtb FORCE $(call if_changed,mkimage) +ifneq ($(SOURCE_DATE_EPOCH),) + touch -d @$(SOURCE_DATE_EPOCH) fit-dtb.blob + chmod 0600 fit-dtb.blob +endif
MKIMAGEFLAGS_fit-dtb.blob = -f auto -A $(ARCH) -T firmware -C none -O u-boot \ -a 0 -e 0 -E \
On Thu, May 02, 2019 at 11:14:12AM -0700, Vagrant Cascadian wrote:
Support for compressed fit-dtb.blob was added in:
commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot")
When building compressed (lzop, gzip) fit-dtb.blob images, the compression tool may embed the time or umask in the image.
Work around this by manually setting the time of the source file using SOURCE_DATE_EPOCH and a hard-coded 0600 umask.
With gzip, this could be accomplished by using -n/--no-name, but lzop has no current workaround:
https://bugs.debian.org/896520
This is essentially the same fix applied to multi-dtb fit SPL images in:
commit 8664ab7debab ("Set time and umask on multi-dtb fit images to ensure reproducibile builds.")
Signed-off-by: Vagrant Cascadian vagrant@reproducible-builds.org
Applied to u-boot/master, thanks!
participants (2)
-
Tom Rini -
Vagrant Cascadian