[Reproducible-builds] Notes on OpenWRT Reproducibility

Jérémy Bobbio lunar at debian.org
Thu Oct 15 15:53:25 UTC 2015 

bnewbold at robocracy.org:
> 1. There's a statement that diffoscope "cannot detect .bin files as
> squashfs". I don't think that's accurate, I could rename .squashfs files to
> .bin and diffoscope found the magic and worked fine.

diffoscope currently recognizes Squashfs images using file(1). The
extension should not matter.

> I think the issue is the huge number of hardware-specific ".bin" and
> ".img" formats OpenWRT generates[1]. Many of these are in uImage
> format (detectable by magic), others are just {kernel, bootloader, fs}
> at fixed offsets. For the former it would be great if diffoscope could
> pick up on the format in any way. I found a random script[2] that
> tries to extract uImage binaries into the original files, but it would
> be a good start to just present the metadata and offsets.

The easiest way is probably to add a new “container-style” type of file
in diffoscope. If you don't feel comfortable doing it yourself by
looking at the existing code I can probably do it, but I would welcome
good pointers and test data. Feel free to open a new wishlist bug for
this.

> 3. I was sort of surprised to see linux-latest passing reproducibility in
> Debian on armhf. Was anything special necessary for this, eg changes to
> mkimage to generate uImage without a timestamp? Any advice or HOWTO out
> there on reproducible kernel builds? I see Ben Hutchings's kbuild patch for
> SOURCE_DATE_EPOCH support; is that sufficient?

linux-latest is just a meta package to instal the latest kernel version.
The source package for the kernel is called “linux”. It has not been
tested on armhf yet:
https://reproducible.debian.net/rb-pkg/unstable/armhf/linux.html

> 5. diffoscope has squashfs support, but is there actually a way to generate
> squashfs files reproducibly? Perhaps there is a way to strip the metadata
> after the fact?

It's most probable that changes in mksquashfs itself will be required.

Thanks for your work! :)

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20151015/8d1a2107/attachment.sig>

More information about the Reproducible-builds mailing list