Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp1563589ybn;
        Wed, 2 Oct 2019 18:52:27 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwrDTMNGUHbCe4IyLZ7xPCxCIbxl1NNm6MUOXAlmKPoynBCXI9xj92v2bBmPrfMl0S8SO5y
X-Received: by 2002:a17:906:d0d2:: with SMTP id bq18mr5731189ejb.233.1570067547843;
        Wed, 02 Oct 2019 18:52:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570067547; cv=none;
        d=google.com; s=arc-20160816;
        b=roX7Unsl1lPCP2DnuoKIbxyQDzPYqhbbjRlsIJ5L7KZFPFx13fRuZGkP6VRi0oXWMK
         UCUtDW4xJ6XPHsL9gp7BleI/qY+EVGsKMNoYPwbQnzue9IAKHFW16wwwgpZ2bI+XQ8+R
         YdB3is+TE20vgoO/Z2bwLSMEPMei2VRtqMIpM2gfq6JLfdHysS9lVY2kRZIw2O8pWb2v
         kqE3+ihnuQHa9NfhcX6x1KTwU3x/pUFekMi+lwFIzMjQq7Vn+LFjccv4ljZV04nKVUVh
         uBRc2yOgtIHgLeBESsOGuLYYO57qG4tGqCS9lsyc9RnjtA+zy+2Y1NACRfqAXSag8kHW
         9ipw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature:dkim-filter;
        bh=O01tOM31Ksvj1XDJuI7hCp7yiI9mA1FnOV4QJnkzssM=;
        b=vbrOyZoaNfOlZfNMaoZedth66KNJYXNqMzZZMSfaCwrni8dpiHB/uj/897uXxCHgAL
         zzTF6+h4FXd9cXwFgl70x8x2C5VhBKmuUuB2OEulLySwtVwRrvziqFOlFU2EcJrGTAyz
         xc/X6hng3nC24iHS7ubZgo63WQilrY99vbqskZVn8KL0492VtCvSF5sWl2dNd1+4OJaJ
         soa8yl1JMK6uKl0otmaFp+h1E2lv9FvMeiGS7xYrQIRr73h08sU1FzTgVviWw036sL52
         nG36vaXQQIr2GCm+k/l/PTGEnDB/nM7HecgpgVkXQZj1GxA15qWpJ3dYwEANSiLKZ/oA
         p4GQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=p+8DSviJ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u2si449518ejr.332.2019.10.02.18.52.04;
        Wed, 02 Oct 2019 18:52:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=p+8DSviJ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727436AbfJCBvG (ORCPT <rfc822;gklkml16@gmail.com> + 99 others);
        Wed, 2 Oct 2019 21:51:06 -0400
Received: from conssluserg-02.nifty.com ([210.131.2.81]:22090 "EHLO
        conssluserg-02.nifty.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726523AbfJCBvF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 2 Oct 2019 21:51:05 -0400
Received: from mail-vs1-f44.google.com (mail-vs1-f44.google.com [209.85.217.44]) (authenticated)
        by conssluserg-02.nifty.com with ESMTP id x931ohLg013800
        for <linux-kernel@vger.kernel.org>; Thu, 3 Oct 2019 10:50:43 +0900
DKIM-Filter: OpenDKIM Filter v2.10.3 conssluserg-02.nifty.com x931ohLg013800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com;
        s=dec2015msa; t=1570067444;
        bh=O01tOM31Ksvj1XDJuI7hCp7yiI9mA1FnOV4QJnkzssM=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=p+8DSviJzvELq2Tlsp42cY10s++mlwE1tKCkT5yKggnTuWLdSP0q9UVtfcs+kfDE1
         l3XhQRP0VbvHr8fREyzXybewgVoxEL9afbDIoHvzpqXDRU2KHMrg9YtZZDWe4TVN0s
         RLuuEZLb1hLbQt03K8m6DWR35J96KYVxgeC0qlX3k+vNtv8BCt6bd3JTYZUjn4luAq
         uhUMcskQh6b/IHawz4hU6Du+7NnJOFMvsRKRexAo1w8g5z2ZBUtv3+ok9dwS4f/QkX
         1ceJ+uOYT4NdTH/44M9KVWqctIRWNSi1j7hctaaa/0d1s3Nh9Ys4SIMLc5T3wFYgKu
         6IlyhYtwEvr0w==
X-Nifty-SrcIP: [209.85.217.44]
Received: by mail-vs1-f44.google.com with SMTP id p13so601926vsr.4
        for <linux-kernel@vger.kernel.org>; Wed, 02 Oct 2019 18:50:43 -0700 (PDT)
X-Gm-Message-State: APjAAAWN0EiULcsd+c8/jyzMMoHDiric5AIOvMMcpVt4caZTquksKxdb
        3Xf6fGj9rSDFS6dm2WDUd6ba9cYPndC/G7fok80=
X-Received: by 2002:a67:7c03:: with SMTP id x3mr3829260vsc.155.1570067442689;
 Wed, 02 Oct 2019 18:50:42 -0700 (PDT)
MIME-Version: 1.0
References: <IQMyD-PDXUKT0AUM6nMO2xzV3oJqgdois_F-LtaUnpMXywiuwxH1pPZL_SAv4eYu-PwyhoTxPHqXQ295i2DsjMwUyQqm6ARydcgqySKoqlo=@protonmail.ch>
In-Reply-To: <IQMyD-PDXUKT0AUM6nMO2xzV3oJqgdois_F-LtaUnpMXywiuwxH1pPZL_SAv4eYu-PwyhoTxPHqXQ295i2DsjMwUyQqm6ARydcgqySKoqlo=@protonmail.ch>
From:   Masahiro Yamada <yamada.masahiro@socionext.com>
Date:   Thu, 3 Oct 2019 10:50:06 +0900
X-Gmail-Original-Message-ID: <CAK7LNAS1-HnsGTD1=sUm0L-gFjf3+q0qpuRQb1wREmzTs4UuVw@mail.gmail.com>
Message-ID: <CAK7LNAS1-HnsGTD1=sUm0L-gFjf3+q0qpuRQb1wREmzTs4UuVw@mail.gmail.com>
Subject: Re: [PATCH] kheaders: making headers archive reproducible
To:     Dmitry Goldin <dgoldin@protonmail.ch>
Cc:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "joel@joelfernandes.org" <joel@joelfernandes.org>,
        "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
        Ben Hutchings <ben@decadent.org.uk>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Dmitry,


(+CC Ben Hutchings, who might be interested)


On Sun, Sep 22, 2019 at 10:38 PM Dmitry Goldin <dgoldin@protonmail.ch> wrote:
>
> From: Dmitry Goldin <dgoldin+lkml@protonmail.ch>
>
> In commit 43d8ce9d65a5 ("Provide in-kernel headers to make
> extending kernel easier") a new mechanism was introduced, for kernels
> >=5.2, which embeds the kernel headers in the kernel image or a module
> and exposed them in procfs for use by userland tools.
>
> The archive containing the header files has nondeterminism through the
> header files metadata. This patch normalizes the metadata and utilizes
> KBUILD_BUILD_TIMESTAMP if provided and otherwise falls back to the
> default behaviour.
>
> In commit f7b101d33046 ("kheaders: Move from proc to sysfs") it was
> modified to use sysfs and the script for generation of the archive was
> renamed to what is being patched.
>
> Signed-off-by: Dmitry Goldin <dgoldin+lkml@protonmail.ch>
> ---
>  kernel/gen_kheaders.sh | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)


Thanks, this produced the deterministic archive for me.


While you are here, could you also update the following hunk
in Documentation/kbuild/reproducible-builds.rst

---------->8---------------
The kernel embeds a timestamp in two places:

* The version string exposed by ``uname()`` and included in
  ``/proc/version``

* File timestamps in the embedded initramfs
---------->8---------------


With the documentation updated, I will pick it soon.

Thank you.




> diff --git a/kernel/gen_kheaders.sh b/kernel/gen_kheaders.sh
> index 9ff449888d9c..2e154741e3b2 100755
> --- a/kernel/gen_kheaders.sh
> +++ b/kernel/gen_kheaders.sh
> @@ -71,7 +71,10 @@ done | cpio --quiet -pd $cpio_dir >/dev/null 2>&1
>  find $cpio_dir -type f -print0 |
>         xargs -0 -P8 -n1 perl -pi -e 'BEGIN {undef $/;}; s/\/\*((?!SPDX).)*?\*\///smg;'
>
> -tar -Jcf $tarfile -C $cpio_dir/ . > /dev/null
> +# Create archive and try to normalized metadata for reproducibility
> +tar "${KBUILD_BUILD_TIMESTAMP:+--mtime=$KBUILD_BUILD_TIMESTAMP}" \
> +    --owner=0 --group=0 --sort=name --numeric-owner \
> +    -Jcf $tarfile -C $cpio_dir/ . > /dev/null
>
>  echo "$src_files_md5" >  kernel/kheaders.md5
>  echo "$obj_files_md5" >> kernel/kheaders.md5
> --
> 2.19.2
>
>
>


-- 
Best Regards
Masahiro Yamada