[U-Boot] [PATCH] Set time and umask on multi-dtb fit images to ensure reproducibile builds.
Vagrant Cascadian
vagrant at debian.org
Sun Jun 3 19:26:57 UTC 2018
When building compressed (lzop, gzip) multi-dtb fit images, the
compression tool may embed the time or umask in the image.
Work around this by manually setting the time of the source file using
SOURCE_DATE_EPOCH and a hard-coded 0600 umask.
With gzip, this could be accomplished by using -n/--no-name, but lzop
has no current workaround:
https://bugs.debian.org/896520
Signed-off-by: Vagrant Cascadian <vagrant at debian.org>
---
scripts/Makefile.spl | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/scripts/Makefile.spl b/scripts/Makefile.spl
index 057389997d..ef018b5b40 100644
--- a/scripts/Makefile.spl
+++ b/scripts/Makefile.spl
@@ -391,6 +391,10 @@ MKIMAGEFLAGS_$(SPL_BIN).multidtb.fit = -f auto -A $(ARCH) -T firmware -C none -O
$(obj)/$(SPL_BIN).multidtb.fit: /dev/null $(SHRUNK_ARCH_DTB) FORCE
$(call if_changed,mkimage)
+ifneq ($(SOURCE_DATE_EPOCH),)
+ touch -d @$(SOURCE_DATE_EPOCH) $(obj)/$(SPL_BIN).multidtb.fit
+ chmod 0600 $(obj)/$(SPL_BIN).multidtb.fit
+endif
$(obj)/$(SPL_BIN).multidtb.fit.gz: $(obj)/$(SPL_BIN).multidtb.fit
@gzip -kf9 $< > $@
--
2.11.0
More information about the U-Boot
mailing list