[Reproducible-builds] Bug#769844: linux: please make linux build reproducibly

Jérémy Bobbio lunar at debian.org
Wed Jan 7 19:49:51 UTC 2015 

Bastian Blank:
> On Mon, Jan 05, 2015 at 06:56:10PM +0100, Jérémy Bobbio wrote:
> > > > >  * linux-source: mtimes of many files differ. Would it be ok to just
> > > > >    create the tarball with a single timestamp (`tar --mtime=`)?
> > I've used find+touch instead. See attached patch.
> 
> Why?

Good question. It's the way we are doing it in dh_builddeb. But for
kernel-source, using `--mtime` is more straight forward. This is done in
the attached patch.

> > I also stumbled on a variation of the Installed-Size field in one of the
> > .deb. But this is a different topic.
> 
> Is this value computed in a stable way?

The value can differ greatly depending on the underlying filesystem.
This is to be addressed at dpkg's level. josch is working on it.

> > +@@ -301,7 +301,9 @@ if [ ! -z ${output_file} ]; then
> > + 	if [ -z ${cpio_file} ]; then
> > + 		timestamp=
> > + 		if test -n "$KBUILD_BUILD_TIMESTAMP"; then
> > +-			timestamp="$(date -d"$KBUILD_BUILD_TIMESTAMP" +%s || :)"
> > ++			source_date=$(echo "$KBUILD_BUILD_TIMESTAMP" |
> > ++					sed -e 's/.*(\([0-9-]\+\)).*/\1/')
> > ++			timestamp="$(date -d"$source_date" +%s || :)"
> 
> This solution may not work.  The patched source can be built with a
> normal timestamp override, via linux-source.

The above construction will work given a standard date in
KBUILD_BUILD_TIMESTAMP. The sed expression only match parenthesises.
I am open to other suggestions.

> > @@ -87,6 +87,8 @@
> >  	rm -rf '$@' '$(DIR)'
> >  	$(call copy_source,$(DIR))
> >  	chmod -R u+rw,go=rX '$(DIR)'
> > +	find '$(DIR)' -depth -newermt '$(SOURCE_DATE)' -print0 | \
> > +		xargs -0r touch --no-dereference --date='$(SOURCE_DATE)'
> 
> -newermt?  This does not look really stable.

I don't understand what you mean by that. It's been proven working for
a while in our experiments.


With the attached patch, linux can be built reproducibly with the
current experimental framework. The following changes have been
introduced since the previous patch:

 * Files in the source tarball are added in a stable order.
 * kernel-doc is made deterministic when parsing `@foo()` in
   descriptions.
 * The last set of manpages when generating manpages from files
   referenced in multiple sections of the documentation is
   deterministic.

Some `@foo()` constructs in the kernel should probably be fixed to be
just `foo()`. It's unclear what should be used for functions passed as
parameters.

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux_3.16.7-ckt2-1_reproducible2.patch
Type: text/x-diff
Size: 8213 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150107/6155349b/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150107/6155349b/attachment.sig>

More information about the Reproducible-builds mailing list