[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] 2 commits: The hooks for reproducible builds are now maintained upstream in the live-build repository

Mon Jan 24 17:18:06 GMT 2022


Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
19113c3c by Roland Clobus at 2022-01-24T18:17:38+01:00
The hooks for reproducible builds are now maintained upstream in the live-build repository

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
5e0a3361 by Roland Clobus at 2022-01-24T18:17:52+01:00
reproducible_debian_live_build: Show info lines in Jenkins when a reproducible hooks has been active

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


2 changed files:

- bin/reproducible_debian_live_build.sh
- logparse/reproducible.rules


Changes:

=====================================
bin/reproducible_debian_live_build.sh
=====================================
@@ -140,197 +140,7 @@ if [ ! -z "${PACKAGES}" ] ; then
 fi
 
 # Add additional hooks, that work around known reproducible issues
-# Note: Keep the hooks in sync with https://wiki.debian.org/ReproducibleInstalls/LiveImages
-
-# Prepare a library for deterministic random behaviour of uuid_generate_random
-cat > config/hooks/normal/1000-reproducible-function-uuid_generate_random.hook.chroot << EOF
-#!/bin/sh
-set -e
-
-# util-linux creates random UUIDs when uuid_generate_random is called
-# Use LD_PRELOAD to replace uuid_generate_random with a less random version
-
-# Don't run if gcc is not installed
-if [ ! -e /usr/bin/cc ];
-then
-  exit 0
-fi
-
-cat > unrandomize_uuid_generate_random.c << END_OF_SOURCE
-#include <stdlib.h>
-#include <stdio.h>
-
-#define SEQUENCE_FILENAME "/var/cache/unrandomize_uuid_generate_random.sequence_number"
-
-/* https://tools.ietf.org/html/rfc4122 */
-typedef unsigned char uuid_t[16];
-
-/* Our pseudo-random version */
-void uuid_generate_random(uuid_t out)
-{
-  /* Nil UUID */
-  for (int i=0;i<16;i++) {
-    out[i] = 0x00;
-  }
-  out[6]=0x40; /* UUID version 4 means randomly generated */
-  out[8]=0x80; /* bit7=1,bit6=0 */
-
-  /* The file doesn't need to exist yet */
-  FILE *f = fopen(SEQUENCE_FILENAME, "rb");
-  if (f) {
-    fread(out+12, 4, 1, f);
-    fclose(f);
-  }
-  /* Use the next number. Endianness is not important */
-  (*(unsigned long*)(out+12))++;
-
-  unsigned long long epoch;
-  /* Use SOURCE_DATE_EPOCH when provided */
-  char *date = getenv("SOURCE_DATE_EPOCH");
-  if (date) {
-    epoch = strtoll(date, NULL, 10);
-  } else {
-    epoch = 0ll;
-  }
-  out[0] = (epoch & 0xFF000000) >> 24;
-  out[1] = (epoch & 0x00FF0000) >> 16;
-  out[2] = (epoch & 0x0000FF00) >>  8;
-  out[3] = (epoch & 0x000000FF);
-
-  /* Write the sequence number */
-  f = fopen(SEQUENCE_FILENAME, "wb");
-  if (f) {
-    fwrite(out+12, 4, 1, f);
-    fclose(f);
-  }
-}
-END_OF_SOURCE
-/usr/bin/cc -shared -fPIC unrandomize_uuid_generate_random.c -Wall --pedantic -o /usr/lib/unrandomize_uuid_generate_random.so
-rm -f unrandomize_uuid_generate_random.c
-EOF
-
-# No fix in Debian yet
-cat > config/hooks/normal/1001-reproducible-fontconfig.hook.chroot << EOF
-#!/bin/sh
-set -e
-
-# fontconfig creates non-reproducible files with UUIDs
-# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864082
-#
-# Because the UUIDs should not be deleted, the proposed work-around is:
-# * Use LD_PRELOAD to replace uuid_generate_random with a less random version
-
-# Don't run if fontconfig is not installed
-if [ ! -e /usr/bin/fc-cache ];
-then
-  exit 0
-fi
-
-# Don't run if the LD_PRELOAD module is not compiled
-if [ ! -e /usr/lib/unrandomize_uuid_generate_random.so ];
-then
-  exit 0
-fi
-
-LD_PRELOAD=/usr/lib/unrandomize_uuid_generate_random.so /usr/bin/fc-cache --force --really-force --system-only --verbose
-EOF
-
-# The mdadm hook is required before bookworm
-case ${DEBIAN_VERSION} in
-  bullseye)
-cat > config/hooks/normal/1002-reproducible-mdadm.hook.chroot << EOF
-#!/bin/sh
-set -e
-
-# mkconf of mdadm creates a file with a timestamp
-# A bug report with patch is available at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982607
-# This script duplicates that patch
-
-# Don't run if mdadm is not installed
-if [ ! -e /usr/share/mdadm/mkconf ];
-then
-  exit 0
-fi
-
-# If mkconf already contains references to SOURCE_DATE_EPOCH, there is no need to patch the file
-if grep -q SOURCE_DATE_EPOCH /usr/share/mdadm/mkconf;
-then
-  exit 0
-fi
-sed -i -e '/# This configuration was auto-generated on/cif [ -z \$SOURCE_DATE_EPOCH ]; then\n  echo "# This configuration was auto-generated on \$(date -R) by mkconf"\nelse\n  echo "# This configuration was auto-generated on \$(date -R --utc -d@\$SOURCE_DATE_EPOCH) by mkconf"\nfi' /usr/share/mdadm/mkconf
-EOF
-  ;;
-esac
-
-# No fix in Debian yet
-cat > config/hooks/normal/1003-reproducible-plymouth.hook.chroot << EOF
-#!/bin/sh
-set -e
-
-# The hook of plymouth in update-initramfs calls fc-cache
-
-# Don't run if plymouth is not installed
-if [ ! -e /usr/share/initramfs-tools/hooks/plymouth ];
-then
-  exit 0
-fi
-
-# Don't patch if the LD_PRELOAD module is not compiled
-if [ ! -e /usr/lib/unrandomize_uuid_generate_random.so ];
-then
-  exit 0
-fi
-
-# If the hook already contains references to LD_PRELOAD, there is no need to patch the file
-if grep -q LD_PRELOAD /usr/share/initramfs-tools/hooks/plymouth;
-then
-  exit 0
-fi
-sed -i -e 's|fc-cache -s|LD_PRELOAD=/usr/lib/unrandomize_uuid_generate_random.so fc-cache|' /usr/share/initramfs-tools/hooks/plymouth
-EOF
-
-# The libxml-sax-perl hook is required before bookworm
-case ${DEBIAN_VERSION} in
-  bullseye)
-cat > config/hooks/normal/1004-reproducible-libxml-sax-perl.hook.chroot << EOF
-#!/bin/sh
-set -e
-
-# update-perl-sax-parsers of libxml-sax-perl creates a file with a random order of its lines
-# A bug report with patch is available at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993444
-# This script duplicates that patch
-
-# Don't run if libxml-sax-perl is not installed
-if [ ! -e /usr/bin/update-perl-sax-parsers ];
-then
-  exit 0
-fi
-
-# If Debian.pm already contains a sort line, there is no need to patch the file
-if grep -q sort /usr/share/perl5/XML/SAX/Debian.pm;
-then
-  exit 0
-fi
-sed -i -e '/foreach my \$key/s/keys/sort keys/' /usr/share/perl5/XML/SAX/Debian.pm
-
-# Regenerate the file that has more than one key-value pair
-update-perl-sax-parsers --remove XML::SAX::Expat
-update-perl-sax-parsers --add XML::SAX::Expat --priority 50
-update-perl-sax-parsers --update
-EOF
-  ;;
-esac
-
-# This could be moved to the default live-build configuration
-cat > config/hooks/normal/9000-cleanup-ucf-backup-files.hook.chroot << EOF
-#!/bin/sh
-set -e
-
-# Delete all older backups of ucf files
-# The current files are /var/lib/ucf/hashfile and /var/lib/ucf/registry
-rm -f /var/lib/ucf/hashfile.*
-rm -f /var/lib/ucf/registry.*
-EOF
+cp ${LIVE_BUILD}/examples/hooks/reproducible/* config/hooks/normal
 
 # First build
 output_echo "Running lb build for the 1st build."


=====================================
logparse/reproducible.rules
=====================================
@@ -37,6 +37,9 @@ warning /Warning: Problems analysing/
 warning /Warning: .+ .xiting cleanly as this is out-of-scope./
 warning /Warning: Cannot determine diffoscope version in Debian, aborting./
 
+# If an artifact is created, show it as info
+info /- enjoy https:/
+
 # Warnings from reproducible_debian_live_build.sh
 warning /Warning: lb .+ failed with/
 warning /Warning: diffoscope detected differences in the images/
@@ -45,3 +48,5 @@ error /Error: Bad argument/
 info /Info: using live-build from git/
 info /Info: using the snapshot from/
 info /Info: no differences found/
+info /Reproducible hook has been applied/
+



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/99bc03a2b247c03d12675949c3f88edc80289825...5e0a3361d68bd039ee4f4cc617e814b54efded07

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/99bc03a2b247c03d12675949c3f88edc80289825...5e0a3361d68bd039ee4f4cc617e814b54efded07
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20220124/79bc6a50/attachment-0001.htm>
