[Reproducible-builds] Bug#769844: linux: please make linux build reproducibly

Sun Nov 16 23:46:45 UTC 2014

Source: linux
Version: 3.16.7-2
Severity: wishlist
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps randomness
Control: block -1 by 759886

Hi!

I have been doing some experimentation on making linux build
reproducibly [1]. With the attached patches, we are down to three binary
packages with differences on amd64. The kernel itself and its module can
be built reproducibly with our current framework.

The first patch adds call to `dh_strip_nondeterminism` and
`dh_fixmtimes`, both being part of the custom toolchain currently used
for reproducible builds. Hence not tagging the bug with “patch” until
they are integrated in debhelper.

The second patch changes the value of KBUILD_BUILD_TIMESTAMP to a
timestamp parseable by `date`. Otherwise, a timestamp of the current
time gets stored in usr/initramfs_data.cpio.gz because
`scripts/gen_initramfs_list.sh` will not pass the value of
KBUILD_BUILD_TIMESTAMP to `usr/gen_init_cpio`.
http://sources.debian.net/src/linux/3.16.7-2/scripts/gen_initramfs_list.sh/?hl302:308#L302

Another solution would be to patch `scripts/gen_initramfs_list.sh` to
parse the Debian format of KBUILD_BUILD_TIMESTAMP.

An unclear aspect is where to add a call to `dh_genbuildinfo` which
generates the .buildinfo [2]. It should be called after all binary
packages have been created.

For the remaining differences:

 * linux-doc: many variations due to ids generated in HTML documentation
   by XSLT processor. This needs to be addressed at that level.
 * linux-manual: see attached debbindiff output. I don't have good
   ideas.
 * linux-source: mtimes of many files differ. Would it be ok to just
   create the tarball with a single timestamp (`tar --mtime=`)?

 [1]: https://wiki.debian.org/ReproducibleBuilds
 [2]: https://wiki.debian.org/ReproducibleBuilds/BuildinfoSpecification

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux_3.16.7-2_reproducible_helpers.patch
Type: text/x-diff
Size: 696 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20141117/50ce875e/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux_3.16.7-2_kbuild_timestamp.patch
Type: text/x-diff
Size: 990 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20141117/50ce875e/attachment-0001.patch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20141117/50ce875e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20141117/50ce875e/attachment.sig>