[LEDE-DEV] [PATCH] uboot-ar71xx: make reproducible

Dirk Neukirchen dirkneukirchen at web.de
Wed Oct 12 05:07:44 PDT 2016 

OpenWrt uses ancient u-boot thats not reproducible.

There are multiple upstream changes that introduce
reproducible builds like:
859e92b775fd8ebcfacc591eaf621b677c95b6f7
(not used here - the CMD_DATE/TIMESTAMP functionality
seems to be disabled by config)

70d39f57146a6cb94736db39c770c3d95e07bedb
f3f431a712729a1af94d01bd1bfde17a252ff02c
2d9efa1227262249d381ed5d9d341cbdba76e62d

Instead of changing the Makefile too much
this changeset just tries to use the
changes in Makefile from current upstream git f5fd45f

*Should* fix issue reported by reproducible lede page:
https://tests.reproducible-builds.org/lede/lede.html

Compile tested only
(verified w. hexdump & md5sum)

Signed-off-by: Dirk Neukirchen <dirkneukirchen at web.de>
---
 ...e-U-Boot-build-support-using-SOURCE_DATE_.patch | 82 ++++++++++++++++++++++
 ...akefile-Reproducible-U-Boot-build-support.patch | 31 ++++++++
 package/boot/uboot-ar71xx/patches/001-ar71xx.patch | 14 ++--
 3 files changed, 119 insertions(+), 8 deletions(-)
 create mode 100644 package/boot/uboot-ar71xx/patches/0001-upstream-Reproducible-U-Boot-build-support-using-SOURCE_DATE_.patch
 create mode 100644 package/boot/uboot-ar71xx/patches/0002-upstream-Makefile-Reproducible-U-Boot-build-support.patch

diff --git a/package/boot/uboot-ar71xx/patches/0001-upstream-Reproducible-U-Boot-build-support-using-SOURCE_DATE_.patch b/package/boot/uboot-ar71xx/patches/0001-upstream-Reproducible-U-Boot-build-support-using-SOURCE_DATE_.patch
new file mode 100644
index 0000000..331c1c3
--- /dev/null
+++ b/package/boot/uboot-ar71xx/patches/0001-upstream-Reproducible-U-Boot-build-support-using-SOURCE_DATE_.patch
@@ -0,0 +1,82 @@
+From f3f431a712729a1af94d01bd1bfde17a252ff02c Mon Sep 17 00:00:00 2001
+From: Paul Kocialkowski <contact at paulk.fr>
+Date: Sun, 26 Jul 2015 18:48:15 +0200
+Subject: [PATCH] Reproducible U-Boot build support, using SOURCE_DATE_EPOCH
+
+In order to achieve reproducible builds in U-Boot, timestamps that are defined
+at build-time have to be somewhat eliminated. The SOURCE_DATE_EPOCH environment
+variable allows setting a fixed value for those timestamps.
+
+Simply by setting SOURCE_DATE_EPOCH to a fixed value, a number of targets can be
+built reproducibly. This is the case for e.g. sunxi devices.
+
+However, some other devices might need some more tweaks, especially regarding
+the image generation tools.
+
+Signed-off-by: Paul Kocialkowski <contact at paulk.fr>
+---
+ Makefile              |  7 ++++---
+ README                | 12 ++++++++++++
+ tools/default_image.c | 21 ++++++++++++++++++++-
+ 3 files changed, 36 insertions(+), 4 deletions(-)
+
+--- a/README
++++ b/README
+@@ -2785,6 +2785,18 @@ Low Level (hardware related) configurati
+ 		that is executed before the actual U-Boot. E.g. when
+ 		compiling a NAND SPL.
+ 
++Reproducible builds
++-------------------
++
++In order to achieve reproducible builds, timestamps used in the U-Boot build
++process have to be set to a fixed value.
++
++This is done using the SOURCE_DATE_EPOCH environment variable.
++SOURCE_DATE_EPOCH is to be set on the build host's shell, not as a configuration
++option for U-Boot or an environment variable in U-Boot.
++
++SOURCE_DATE_EPOCH should be set to a number of seconds since the epoch, in UTC.
++
+ Building the Software:
+ ======================
+ 
+--- a/tools/default_image.c
++++ b/tools/default_image.c
+@@ -101,6 +101,9 @@ static void image_set_header (void *ptr,
+ 				struct mkimage_params *params)
+ {
+ 	uint32_t checksum;
++	char *source_date_epoch;
++	struct tm *time_universal;
++	time_t time;
+ 
+ 	image_header_t * hdr = (image_header_t *)ptr;
+ 
+@@ -109,9 +112,25 @@ static void image_set_header (void *ptr,
+ 				sizeof(image_header_t)),
+ 			sbuf->st_size - sizeof(image_header_t));
+ 
++source_date_epoch = getenv("SOURCE_DATE_EPOCH");
++	if (source_date_epoch != NULL) {
++		time = (time_t) strtol(source_date_epoch, NULL, 10);
++
++		time_universal = gmtime(&time);
++		if (time_universal == NULL) {
++			fprintf(stderr, "%s: SOURCE_DATE_EPOCH is not valid\n",
++				__func__);
++			time = 0;
++		} else {
++			time = mktime(time_universal);
++		}
++	} else {
++		time = sbuf->st_mtime;
++	}
++
+ 	/* Build new header */
+ 	image_set_magic (hdr, IH_MAGIC);
+-	image_set_time (hdr, sbuf->st_mtime);
++	image_set_time(hdr, time);
+ 	image_set_size (hdr, sbuf->st_size - sizeof(image_header_t));
+ 	image_set_load (hdr, params->addr);
+ 	image_set_ep (hdr, params->ep);
diff --git a/package/boot/uboot-ar71xx/patches/0002-upstream-Makefile-Reproducible-U-Boot-build-support.patch b/package/boot/uboot-ar71xx/patches/0002-upstream-Makefile-Reproducible-U-Boot-build-support.patch
new file mode 100644
index 0000000..664a4ad
--- /dev/null
+++ b/package/boot/uboot-ar71xx/patches/0002-upstream-Makefile-Reproducible-U-Boot-build-support.patch
@@ -0,0 +1,31 @@
+--- a/Makefile
++++ b/Makefile
+@@ -389,8 +389,26 @@ $(VERSION_FILE):
+ 		@cmp -s $@ $@.tmp && rm -f $@.tmp || mv -f $@.tmp $@
+ 
+ $(TIMESTAMP_FILE):
+-		@date +'#define U_BOOT_DATE "%b %d %C%y"' > $@
+-		@date +'#define U_BOOT_TIME "%T"' >> $@
++	(if test -n "$${SOURCE_DATE_EPOCH}"; then \
++                SOURCE_DATE="@$${SOURCE_DATE_EPOCH}"; \
++                DATE=""; \
++                for date in gdate date.gnu date; do \
++                        $${date} -u -d "$${SOURCE_DATE}" >/dev/null 2>&1 && DATE="$${date}"; \
++                done; \
++                if test -n "$${DATE}"; then \
++                        LC_ALL=C $${DATE} -u -d "$${SOURCE_DATE}" +'#define U_BOOT_DATE "%b %d %C%y"' > $@; \
++                        LC_ALL=C $${DATE} -u -d "$${SOURCE_DATE}" +'#define U_BOOT_TIME "%T"' >> $@; \
++                        LC_ALL=C $${DATE} -u -d "$${SOURCE_DATE}" +'#define U_BOOT_TZ "%z"' >> $@; \
++                        LC_ALL=C $${DATE} -u -d "$${SOURCE_DATE}" +'#define U_BOOT_DMI_DATE "%m/%d/%Y"' >> $@; \
++                else \
++                        return 42; \
++                fi; \
++        else \
++                LC_ALL=C date +'#define U_BOOT_DATE "%b %d %C%y"'; \
++                LC_ALL=C date +'#define U_BOOT_TIME "%T"'; \
++                LC_ALL=C date +'#define U_BOOT_TZ "%z"'; \
++                LC_ALL=C date +'#define U_BOOT_DMI_DATE "%m/%d/%Y"'; \
++        fi)
+ 
+ gdbtools:
+ 		$(MAKE) -C tools/gdb all || exit 1
diff --git a/package/boot/uboot-ar71xx/patches/001-ar71xx.patch b/package/boot/uboot-ar71xx/patches/001-ar71xx.patch
index 409f67a..e862df2 100644
--- a/package/boot/uboot-ar71xx/patches/001-ar71xx.patch
+++ b/package/boot/uboot-ar71xx/patches/001-ar71xx.patch
@@ -1,7 +1,6 @@
-diff -ur u-boot-2010.03/cpu/mips/Makefile u-boot-nbg/cpu/mips/Makefile
---- u-boot-2010.03/cpu/mips/Makefile	2010-03-31 23:54:39.000000000 +0200
-+++ u-boot-nbg/cpu/mips/Makefile	2010-04-15 18:58:01.000000000 +0200
-@@ -33,6 +33,7 @@
+--- a/cpu/mips/Makefile
++++ b/cpu/mips/Makefile
+@@ -33,6 +33,7 @@ SOBJS-$(CONFIG_INCA_IP)	+= incaip_wdt.o
  COBJS-$(CONFIG_INCA_IP)	+= asc_serial.o incaip_clock.o
  COBJS-$(CONFIG_PURPLE)	+= asc_serial.o
  COBJS-$(CONFIG_SOC_AU1X00) += au1x00_eth.o au1x00_serial.o au1x00_usb_ohci.o
@@ -9,10 +8,9 @@ diff -ur u-boot-2010.03/cpu/mips/Makefile u-boot-nbg/cpu/mips/Makefile
  
  SRCS	:= $(START:.o=.S) $(SOBJS-y:.o=.S) $(COBJS-y:.o=.c)
  OBJS	:= $(addprefix $(obj),$(SOBJS-y) $(COBJS-y))
-diff -ur u-boot-2010.03/Makefile u-boot-nbg/Makefile
---- u-boot-2010.03/Makefile	2010-03-31 23:54:39.000000000 +0200
-+++ u-boot-nbg/Makefile	2010-04-11 23:31:29.000000000 +0200
-@@ -3455,6 +3455,13 @@
+--- a/Makefile
++++ b/Makefile
+@@ -3474,6 +3474,13 @@ qemu_mips_config	: unconfig
  	@$(MKCONFIG) -a qemu-mips mips mips qemu-mips
  
  #########################################################################
-- 
2.10.0

More information about the Lede-dev mailing list