Bug#845194: amd64-microcode: please make the early initramfs image reproducible

Chris Lamb lamby at debian.org
Mon Nov 21 11:18:06 UTC 2016 

Source: amd64-microcode
Version: 3.20160316.2
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps fileordering toolchain
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0] on behalf of the
Tails operating system [1], I noticed that amd64-microcode generates
a prepended initramfs image that is not reproducible.

Patch attached.

 [0] https://reproducible-builds.org/
 [1] https://tails.boum.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
diff --git a/debian/initramfs.hook b/debian/initramfs.hook
index d250719..b290d21 100755
--- a/debian/initramfs.hook
+++ b/debian/initramfs.hook
@@ -89,9 +89,18 @@ EFWCD="${EFWD}/d/kernel/x86/microcode"
 EFWF="${EFWCD}/AuthenticAMD.bin"
 
 mkdir -p "${EFWCD}" && \
- find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -print0 | xargs -0 -r cat 2>/dev/null >"${EFWF}" && \
+ find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -print0 | LC_ALL=C sort -z | xargs -0 -r cat 2>/dev/null >"${EFWF}" && \
+ # if SOURCE_DATE_EPOCH is set, try and create a reproducible image
+ if [ "${SOURCE_DATE_EPOCH}" != "" ]; then
+    # ensure that no timestamps are newer than $SOURCE_DATE_EPOCH
+    find "${EFWD}" -newermt "@${SOURCE_DATE_EPOCH}" -print0 | \ 
+        xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
+
+    # --reproducible requires cpio >= 2.12
+    cpio --usage | grep -qs -- "--reproducible" && cpio_reproducible="--reproducible"
+ fi && \
  test -s "${EFWF}" && \
- ( cd "${EFWD}/d" ; find . -print0 | sort -z | cpio --null -R 0:0 -H newc -o --quiet > "${EFWE}" ) \
+ ( cd "${EFWD}/d" ; find . -print0 | LC_ALL=C sort -z | cpio --null $cpio_reproducible -R 0:0 -H newc -o --quiet > "${EFWE}" ) \
 && prepend_earlyinitramfs "${EFWE}" || {
     [ -d "${EFWD}" ] && rm -fr "${EFWD}"
     echo "E: amd64-microcode: failed to create or prepend the early initramfs to the initramfs" >&2

More information about the Reproducible-bugs mailing list