[U-Boot] [PATCH v2 3/3] Set time and umask on fit-dtb.blob to ensure reproducibile builds.
Vagrant Cascadian
vagrant at reproducible-builds.org
Thu May 2 18:14:12 UTC 2019
Support for compressed fit-dtb.blob was added in:
commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in
U-Boot")
When building compressed (lzop, gzip) fit-dtb.blob images, the
compression tool may embed the time or umask in the image.
Work around this by manually setting the time of the source file using
SOURCE_DATE_EPOCH and a hard-coded 0600 umask.
With gzip, this could be accomplished by using -n/--no-name, but lzop
has no current workaround:
https://bugs.debian.org/896520
This is essentially the same fix applied to multi-dtb fit SPL images in:
commit 8664ab7debab ("Set time and umask on multi-dtb fit images to
ensure reproducibile builds.")
Signed-off-by: Vagrant Cascadian <vagrant at reproducible-builds.org>
---
Changes in v2:
- Add reference to similar fix in multi-dtb fit SPL images
- Mention commit where compressed fit-dtb.blob were introduced.
Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Makefile b/Makefile
index 68f2327bea..cff5ea4c5f 100644
--- a/Makefile
+++ b/Makefile
@@ -1047,6 +1047,10 @@ fit-dtb.blob.lzo: fit-dtb.blob
fit-dtb.blob: dts/dt.dtb FORCE
$(call if_changed,mkimage)
+ifneq ($(SOURCE_DATE_EPOCH),)
+ touch -d @$(SOURCE_DATE_EPOCH) fit-dtb.blob
+ chmod 0600 fit-dtb.blob
+endif
MKIMAGEFLAGS_fit-dtb.blob = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
-a 0 -e 0 -E \
--
2.20.1
More information about the U-Boot
mailing list