Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1225372ybp; Fri, 4 Oct 2019 11:19:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqycbxcj096sFM14pzJ9m5CQu1TNsSEaw/yn6SYDObmhpTcKAKQmfMgN27cg9i/cR2YxgQoU X-Received: by 2002:a50:f152:: with SMTP id z18mr16368706edl.141.1570213158624; Fri, 04 Oct 2019 11:19:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570213158; cv=none; d=google.com; s=arc-20160816; b=tNJHtL5qHzzPi6jEOcz43D7Y+EhPt2svv9ZYbobg46dCgYEm6/8LQzu3nzQQOeMw6J mHgo0mVPp7R+Q+JWZeFQa4LtQoUlgLI8mB9xI3zbRPxPhvFkQiffcl0LPtOLHrY6sKCB IDClcWbVEOOpGAEET02qGGvHMO0fSvbExldm6olEqeAyt0r777RD2qQAsrlF9F7efz5g UeZ3YBKWna/66cQRKdn5mtZxJvVt584gPdyS2EWGQ/E205PwlZt4e/2v5y4kt3HeXAbX Hg6sDKiuztBAylDq0AfCJgPRCy8tVvgN9jw1dWNchb/5pZmrGAndEsEirAwGgJhTdHx7 5ztA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=1AHLlO9o/KwaGki4nKPADtfseKYS/v6djCxFOcNMEm0=; b=PzGDaNFFyJrWjzzIfuQY1cny58nruTWOvXjXPnZfhp27MQnkEyIJR3gGB0HSRf4HkK mWhjlSMxrAzCuKYfs/0j78jercBSIHU4Dog5PRPVzKuEfk/xfCGID0YxpP9pIXHq1qlp RZRbOpr8MiL/eHXdiS7L9AguIYA0fXpP67czGizu8BDS2Lzm8Sk7ncQKaVHhzg3gTedI vQ8jcxx4ovVcKfq2y+0cqafoO1mHcm/wFuqIPmcMMFIALYgDRP+hpeEcJoQnFDJXu/qm DRp7unDpVGpHIkYOR8M6nrBHAU4kGMIKUsiCx7u+hIwD9upR5bJKU3eeXW3kMFgK0VGT Trdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b="f4g8tW/7"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d14si3460671ejr.358.2019.10.04.11.18.54; Fri, 04 Oct 2019 11:19:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b="f4g8tW/7"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730361AbfJDSO1 (ORCPT + 99 others); Fri, 4 Oct 2019 14:14:27 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:41133 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728095AbfJDSO0 (ORCPT ); Fri, 4 Oct 2019 14:14:26 -0400 Received: by mail-pf1-f194.google.com with SMTP id q7so4357105pfh.8 for ; Fri, 04 Oct 2019 11:14:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelfernandes.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=1AHLlO9o/KwaGki4nKPADtfseKYS/v6djCxFOcNMEm0=; b=f4g8tW/7NPjiZFgD98Bpc5zywpQpU15RMmETwu0TcYEDHqjebqWt9F3kzpngjibbV/ XxXaszVfDIFshLEiVE4BPQhnLppOz8lGVpmr8dgzMsp1p3E/VJwj3gOpGrKdMzIDaO1A DgxZ5C3FyN92ipNzWjM5Q1WZm5i67feHeK1KA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=1AHLlO9o/KwaGki4nKPADtfseKYS/v6djCxFOcNMEm0=; b=pwRT5GHtdw/lkt17SW0VqsUKQrGSZ4X2Br3ng+/XEPFoWxaW4VH5a3kEtn0xCMMGoS tryyK5wEkXk4zla0iVvYaqpjRjrGPYlSkG6Nxh/VS5ruRZHkeQbkgyGieTInuk95uFU/ VoU0PmnK05EZ+T2aiL+0JcLNP4tuMA0Jp9xA3d/66OjDT60VoXkDcFCnTPf0NuuzknWF U5qvRDm/4b6YcrgYUDIxqLsMJBxld0oHaDKnuQejPH+aQrmHvTGecuLWG4w8bFlao2lh l054q9dmmdbt0h5uqRvffMYm9LtYOkvOjXJgbzNMLSK13hAy7/PV1hC5YePiBlAg3Krt EzuQ== X-Gm-Message-State: APjAAAXzlxkxzWfJJ6eV5u06gSuk4NmbD5BGk0MzJfmAu5aAN7vmFt0C DxMLhxJZhfReVKVrykK6g7xz9g== X-Received: by 2002:a63:7342:: with SMTP id d2mr16987362pgn.264.1570212865922; Fri, 04 Oct 2019 11:14:25 -0700 (PDT) Received: from localhost ([2620:15c:6:12:9c46:e0da:efbf:69cc]) by smtp.gmail.com with ESMTPSA id l27sm10318277pgc.53.2019.10.04.11.14.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Oct 2019 11:14:25 -0700 (PDT) Date: Fri, 4 Oct 2019 14:14:24 -0400 From: Joel Fernandes To: Dmitry Goldin Cc: Masahiro Yamada , "linux-kernel@vger.kernel.org" , "gregkh@linuxfoundation.org" , Ben Hutchings Subject: Re: [PATCH v2] kheaders: making headers archive reproducible Message-ID: <20191004181424.GI253167@google.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 04, 2019 at 10:40:07AM +0000, Dmitry Goldin wrote: > From: Dmitry Goldin > > In commit 43d8ce9d65a5 ("Provide in-kernel headers to make > extending kernel easier") a new mechanism was introduced, for kernels > >=5.2, which embeds the kernel headers in the kernel image or a module > and exposes them in procfs for use by userland tools. > > The archive containing the header files has nondeterminism caused by > header files metadata. This patch normalizes the metadata and utilizes > KBUILD_BUILD_TIMESTAMP if provided and otherwise falls back to the > default behaviour. > > In commit f7b101d33046 ("kheaders: Move from proc to sysfs") it was > modified to use sysfs and the script for generation of the archive was > renamed to what is being patched. > > Signed-off-by: Dmitry Goldin Reviewed-by: Joel Fernandes (Google) > > --- > > v1: Initial fix > > v2: Added a bit of info about kheaders to the reproducible builds > documentation and used the opportunity to fix a few typos in the > original patch. > > --- > Documentation/kbuild/reproducible-builds.rst | 13 +++++++++---- > kernel/gen_kheaders.sh | 5 ++++- > 2 files changed, 13 insertions(+), 5 deletions(-) > > diff --git a/Documentation/kbuild/reproducible-builds.rst b/Documentation/kbuild/reproducible-builds.rst > index ab92e98c89c8..ce6a408b3303 100644 > --- a/Documentation/kbuild/reproducible-builds.rst > +++ b/Documentation/kbuild/reproducible-builds.rst > @@ -16,16 +16,21 @@ the kernel may be unreproducible, and how to avoid them. > Timestamps > ---------- > > -The kernel embeds a timestamp in two places: > +The kernel embeds timestamps in three places: > > * The version string exposed by ``uname()`` and included in > ``/proc/version`` > > * File timestamps in the embedded initramfs > > -By default the timestamp is the current time. This must be overridden > -using the `KBUILD_BUILD_TIMESTAMP`_ variable. If you are building > -from a git commit, you could use its commit date. > +* If enabled via ``CONFIG_IKHEADERS``, file timestamps of kernel > + headers embedded in the kernel or respective module, > + exposed via ``/sys/kernel/kheaders.tar.xz`` > + > +By default the timestamp is the current time and in the case of > +``kheaders`` the various files' modification times. This must > +be overridden using the `KBUILD_BUILD_TIMESTAMP`_ variable. > +If you are building from a git commit, you could use its commit date. > > The kernel does *not* use the ``__DATE__`` and ``__TIME__`` macros, > and enables warnings if they are used. If you incorporate external > diff --git a/kernel/gen_kheaders.sh b/kernel/gen_kheaders.sh > index 9ff449888d9c..aff79e461fc9 100755 > --- a/kernel/gen_kheaders.sh > +++ b/kernel/gen_kheaders.sh > @@ -71,7 +71,10 @@ done | cpio --quiet -pd $cpio_dir >/dev/null 2>&1 > find $cpio_dir -type f -print0 | > xargs -0 -P8 -n1 perl -pi -e 'BEGIN {undef $/;}; s/\/\*((?!SPDX).)*?\*\///smg;' > > -tar -Jcf $tarfile -C $cpio_dir/ . > /dev/null > +# Create archive and try to normalize metadata for reproducibility > +tar "${KBUILD_BUILD_TIMESTAMP:+--mtime=$KBUILD_BUILD_TIMESTAMP}" \ > + --owner=0 --group=0 --sort=name --numeric-owner \ > + -Jcf $tarfile -C $cpio_dir/ . > /dev/null > > echo "$src_files_md5" > kernel/kheaders.md5 > echo "$obj_files_md5" >> kernel/kheaders.md5 > -- > 2.23.0