Bug#787795: grub: please build rescue ISO and floppy reproducibly
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jun 5 06:37:38 UTC 2015
Source: grub
Version: 2.02~beta2-23
Severity: wishlist
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps
Control: block -1 with 787793
The ISOs (/usr/lib/grub-rescue/grub-rescue-cdrom.iso and
/usr/lib/grub-rescue/grub-rescue-floppy.iso) that are created by the
grub build process embed subtle variations in the timestamps and the
extents of each file.
This is one of the things that keeps the package from producing
byte-for-byte identical binary builds.
(see https://reproducible.debian.net/rb-pkg/unstable/amd64/grub2.html)
I think this can be fixed with a couple steps in debian/rules: sort
the files by extent, and fix the timestamps. See some of the scripts
sketched here for example:
https://lists.gnu.org/archive/html/bug-xorriso/2015-06/msg00013.html
However, it won't be completely reproducible until we get a newer
version of xorriso in debian so that we can "-alter_date_r c" (see
#787793, which blocks this bug).
Note that there are other parts of the package which are also
unreproducible (/usr/share/qemu/grub.bin and
usr/lib/grub-xen/grub-i386-xen.bin binaries differ in ways i have not
examined, and there are timestamps in
usr/share/info/grub-dev.info.gz). These probably will be covered with
separate bug reports.
Regards,
--dkg
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the Pkg-grub-devel
mailing list