Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp2577717lqb;
        Tue, 28 May 2024 04:34:22 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCW4bQmOvPWVk+0YIgsdsqHS8VyA1DwKwo2CMZpNuPKaZd8XUTvN1hWOYiMRdJ/cGFeCZ1FeLk3LlHAY9rcnxTIGHmc2P5xMWSjz2vexOg==
X-Google-Smtp-Source: AGHT+IHXfbaHk1kDwpKZrSGDqEYHyMIerO6CDP0oX19Uv7Qo/pGXyPDp9HwqimkwuKwDLXB14CAy
X-Received: by 2002:a17:903:32c9:b0:1f4:8bb9:9ab8 with SMTP id d9443c01a7336-1f48bb99ea6mr73933705ad.14.1716896062019;
        Tue, 28 May 2024 04:34:22 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716896062; cv=pass;
        d=google.com; s=arc-20160816;
        b=I74+FkoadaicXSstSbDxprWC6j6W0ZgqEO+DSIHR1bba89lk/YAjjb6+PzLB0yFiOp
         a++tOSeYPDKXiXq2lR3aRIWEuIih+ojWK44iNrYMi4c9d12WSVbMkV5YQRgNDusl3gFt
         clexykavCD4CwjhXbG8xeVOvXqDazJbS3SUcEjRV4pG+yzKnY6Wc2/5b0HsxztOC66ZJ
         w1w1qIacs0cpsrvpKL/D97Fn0X4eflX00iObLoO+QalwMrNuMs+vlmm68k1urGzkcjWh
         EhaUbG+p1mxCVQ9jzOMwnN499dkqn5Gkv24ekqN/Sp5lQR168Tpbmb8IUCxLkedOg3Ik
         nLew==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:from:subject:message-id:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:dkim-signature;
        bh=pTOxhoHq0Nkxf/74IFjzbYdMxemeJfpZA9XvBTvTfc4=;
        fh=YJRklf8LmbTzL2/r0IXLNBuuTtlKKFxmHzLNJFmzDI0=;
        b=D2coLTkl6exBhz4MYRdjGrrg0X5VRH0nZ01kYgy3gjMzWZHJT0IQ1JJ1l57GrINDKi
         SZBHjkkZMxd99wibxcoi1f7Do2p03C6DUbyuWssxUHz+7omVvhZ2yCRURU/NjhSOTQum
         WL3W6Od1W4MoSgzN7BsFdEIk/Nt8Gi7B2FSyqCNbDCKd6Dh0pTCqY4Q1TuTA/lfIiBzm
         D9yVB7+E+o/SqMciM/Sg0TF65S5tjqzeOKAL7M76984joQJjIcYC/TSBjmlTooRrG0Bw
         0fuRHfS1+BPEZRHZUnxVrvxo9wnivABb7m+1XS34uso1njtfXxPReY7aSqoJbTv+9yix
         VKGA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=ErXr+ajk;
       arc=pass (i=1 spf=pass spfdomain=flex--maennich.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-192182-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192182-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-192182-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id d9443c01a7336-1f44c9cc391si75505235ad.503.2024.05.28.04.34.21
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 28 May 2024 04:34:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-192182-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=ErXr+ajk;
       arc=pass (i=1 spf=pass spfdomain=flex--maennich.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-192182-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192182-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 48BBF288AEF
	for <linux.lists.archive@gmail.com>; Tue, 28 May 2024 11:33:46 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 290B716C6A5;
	Tue, 28 May 2024 11:33:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ErXr+ajk"
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE0F57D07D
	for <linux-kernel@vger.kernel.org>; Tue, 28 May 2024 11:33:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716896016; cv=none; b=AFhnhfSFeAM8In1XxAu/8JHsFpRlederPca9hg6X/+SKdrvd7UeIcdOT09tKWaUG4dJKQ5/j8f99vRvO2L3PeBIzJqA6295kIq+tDBy7gCOWY6VBpqK6DChCW9UN1DnfO+HQfkVrUdAqpndc8O9wtOHLrQ6kF9ETkouMR4HMZ8k=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716896016; c=relaxed/simple;
	bh=pVkfCfXwvpGITqeArgg8XorBGEqsQIg7EkQ5urfJgbQ=;
	h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=cfa/3Z4PbVLTg3nKDeBVR6N10bM26Vh57kXn7KxXhx526joRqqShtpYPa7f3CuueXeuOE5o1A2zEWdUurYauhCw9zyFv+GL7lLlff8BHGsjndwQh13jhUBCTRk50SJ7BjObdqaGKrk0sSdM4DsZJEGLpZAJwtCLYMbVb++6jCjI=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--maennich.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ErXr+ajk; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--maennich.bounces.google.com
Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-42120a4c56eso2143285e9.0
        for <linux-kernel@vger.kernel.org>; Tue, 28 May 2024 04:33:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1716896013; x=1717500813; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=pTOxhoHq0Nkxf/74IFjzbYdMxemeJfpZA9XvBTvTfc4=;
        b=ErXr+ajkwW8QC39Mej+rxdrFeYUwVnx/x0bXfsBYisomxuLsZpmRb8iBz6j+fd1Wzp
         omwdzrak9vItrH6+cW+YktjF0vAmUUmG1XS1XR25aLRpYq/hHFCnUoy7At3g5EVgZp5Y
         8zSj0Uz40Ztpbv0TaV7ljrJ8WgqXb3HnRhUWoVYesIvoQsUGC0DYkaGb563A+vXYyIIW
         y8ej/2RESLsXc1B6bz2EPbldrQJeJ4Y9UYZt0e3loev6KU/jvHBfmkU78qmlMVF4wWc4
         Md030pqFfjorYLkp2UFfkCx1Wsv+gsdOoib+EOCpfUgoUduH3Dt3mGUn7Ns/q9zYguCr
         mizQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716896013; x=1717500813;
        h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=pTOxhoHq0Nkxf/74IFjzbYdMxemeJfpZA9XvBTvTfc4=;
        b=kg33HftfGNH52QLmrJ/k4tVsTjpDly5FTyS6a2ite5I6vS3Dshw4l1gkF7ulwCOl+T
         fepUzBvrFLJnyEhQXDnRigEPmlEnc4bLLf69+wWxHW1ftkhIKCANH5wO3gbymvzIB/Jc
         8ZX6JxHvRWX2dIDAOK7SnhgOhlB1B8HwVK8O9Ubw/MxLP2eyADDvWpv6vDYOozTubS7S
         TkrSzsX6fWxPvB183A+cuCKmBY3uHlVoXse4Pmou3BgFTzk5MzhF22rJ33L7E3b53Z+8
         TdRU+IRffbFL8uu+BIr1oFdqQEu1FS6f1A8/mCofNkpkh1Lt2osvyXrAvHBrfXVRB9A8
         2V1g==
X-Gm-Message-State: AOJu0Yxat12y1Zxn+do78apIaB9po0iaLyj/C6yg1XqhW80Iox2rBGME
	lXIM9p9a+RH+g3e4pc/3czUFQOpw5kCOj/AeJcxxumyJuDSx00nOJuAUe1RgcfdbqAFjvK2I3UQ
	DJs+KHku8YX4s+jGBTRz1egUTq85Vj54mfsYOuaH0gLllZJ6U4mtaZxhq1RDwE+glPzN1f0jMlJ
	QiQIzyfVt7T+D9OOULzSxhdJ4jTD9GPawQIkf89FH1C1KSBsrbCc0=
X-Received: from licht.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:f9c])
 (user=maennich job=sendgmr) by 2002:a05:600c:4704:b0:41f:41fc:318b with SMTP
 id 5b1f17b1804b1-42108205095mr2453645e9.4.1716896013057; Tue, 28 May 2024
 04:33:33 -0700 (PDT)
Date: Tue, 28 May 2024 11:32:43 +0000
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
X-Mailer: git-send-email 2.45.1.288.g0e0cd299f1-goog
Message-ID: <20240528113243.827490-2-maennich@google.com>
Subject: [PATCH] kheaders: explicitly define file modes for archived headers
From: "=?UTF-8?q?Matthias=20M=C3=A4nnich?=" <maennich@google.com>
To: linux-kernel@vger.kernel.org
Cc: kernel-team@android.com, maennich@google.com, gprocida@google.com, 
	stable@vger.kernel.org, linux-kbuild@vger.kernel.org, 
	Masahiro Yamada <masahiroy@kernel.org>, Joel Fernandes <joel@joelfernandes.org>
Content-Type: text/plain; charset="UTF-8"

From: Matthias Maennich <maennich@google.com>

Build environments might be running with different umask settings
resulting in indeterministic file modes for the files contained in
kheaders.tar.xz. The file itself is served with 444, i.e. world
readable. Archive the files explicitly with 744,a+X to improve
reproducibility across build environments.

--mode=0444 is not suitable as directories need to be executable. Also,
444 makes it hard to delete all the readonly files after extraction.

Cc: stable@vger.kernel.org
Cc: linux-kbuild@vger.kernel.org
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Joel Fernandes <joel@joelfernandes.org>
Signed-off-by: Matthias Maennich <maennich@google.com>
---
 kernel/gen_kheaders.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/gen_kheaders.sh b/kernel/gen_kheaders.sh
index 6d443ea22bb7..8b6e0c2bc0df 100755
--- a/kernel/gen_kheaders.sh
+++ b/kernel/gen_kheaders.sh
@@ -84,7 +84,7 @@ find $cpio_dir -type f -print0 |
 
 # Create archive and try to normalize metadata for reproducibility.
 tar "${KBUILD_BUILD_TIMESTAMP:+--mtime=$KBUILD_BUILD_TIMESTAMP}" \
-    --owner=0 --group=0 --sort=name --numeric-owner \
+    --owner=0 --group=0 --sort=name --numeric-owner --mode=u=rw,go=r,a+X \
     -I $XZ -cf $tarfile -C $cpio_dir/ . > /dev/null
 
 echo $headers_md5 > kernel/kheaders.md5
-- 
2.45.1.288.g0e0cd299f1-goog