[Reproducible-builds] Reproducible U-Boot build support, using SOURCE_DATE_EPOCH

Vagrant Cascadian vagrant at debian.org
Thu Sep 24 16:05:10 UTC 2015 

On 2015-07-26, Paul Kocialkowski wrote:
> In order to achieve reproducible builds in U-Boot, timestamps that are defined
> at build-time have to be somewhat eliminated. The SOURCE_DATE_EPOCH environment
> variable allows setting a fixed value for those timestamps.
...
> However, some other devices might need some more tweaks, especially regarding
> the image generation tools.

With this patch, there is still variation based on timezone in any of
the u-boot.img and u-boot-sunxi-with-spl.bin produced in the Debian
packages:

  https://reproducible.debian.net/rb-pkg/unstable/armhf/u-boot.html

The good news is that all the u-boot.bin targets are produced
reproducibly, so here's to progress!


I think the use of "time = mktime(time_universal);" is where the problem
lies:

> diff --git a/tools/default_image.c b/tools/default_image.c
> index cf5c0d4..18940af 100644
> --- a/tools/default_image.c
> +++ b/tools/default_image.c
> @@ -96,9 +99,25 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd,
>  				sizeof(image_header_t)),
>  			sbuf->st_size - sizeof(image_header_t));
>  
> +	source_date_epoch = getenv("SOURCE_DATE_EPOCH");
> +	if (source_date_epoch != NULL) {
> +		time = (time_t) strtol(source_date_epoch, NULL, 10);
> +
> +		time_universal = gmtime(&time);
> +		if (time_universal == NULL) {
> +			fprintf(stderr, "%s: SOURCE_DATE_EPOCH is not valid\n",
> +				__func__);
> +			time = 0;
> +		} else {
> +			time = mktime(time_universal);
> +		}
> +	} else {
> +		time = sbuf->st_mtime;
> +	}
> +
>  	/* Build new header */
>  	image_set_magic(hdr, IH_MAGIC);
> -	image_set_time(hdr, sbuf->st_mtime);
> +	image_set_time(hdr, time);
>  	image_set_size(hdr, sbuf->st_size - sizeof(image_header_t));
>  	image_set_load(hdr, params->addr);
>  	image_set_ep(hdr, params->ep);
> -- 
> 1.9.1

According to the mktime manpage:

       The  mktime()  function converts a broken-down time structure,
       expressed as local time, to calendar time representation.  

So my interpetation is that it's taking the UTC time and converts it
into local time using the configured timezone... not sure what would be
a viable alternative to mktime.

Running with the TZ=UTC environment variable exported works around the
problem; not sure if it would be appropriate to always run with TZ=UTC
when SOURCE_DATE_EPOCH is set...


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150924/4e92e27e/attachment.sig>

More information about the Reproducible-builds mailing list