From f3f431a712729a1af94d01bd1bfde17a252ff02c Mon Sep 17 00:00:00 2001 From: Paul Kocialkowski Date: Sun, 26 Jul 2015 18:48:15 +0200 Subject: [PATCH] Reproducible U-Boot build support, using SOURCE_DATE_EPOCH In order to achieve reproducible builds in U-Boot, timestamps that are defined at build-time have to be somewhat eliminated. The SOURCE_DATE_EPOCH environment variable allows setting a fixed value for those timestamps. Simply by setting SOURCE_DATE_EPOCH to a fixed value, a number of targets can be built reproducibly. This is the case for e.g. sunxi devices. However, some other devices might need some more tweaks, especially regarding the image generation tools. Signed-off-by: Paul Kocialkowski --- Makefile | 7 ++++--- README | 12 ++++++++++++ tools/default_image.c | 21 ++++++++++++++++++++- 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 5e33043..394ed09 100644 --- a/Makefile +++ b/Makefile @@ -1230,9 +1230,10 @@ define filechk_version.h endef define filechk_timestamp.h - (LC_ALL=C date +'#define U_BOOT_DATE "%b %d %C%y"'; \ - LC_ALL=C date +'#define U_BOOT_TIME "%T"'; \ - LC_ALL=C date +'#define U_BOOT_TZ "%z"') + (SOURCE_DATE="$${SOURCE_DATE_EPOCH:+@$$SOURCE_DATE_EPOCH}"; \ + LC_ALL=C date -u -d "$${SOURCE_DATE:-now}" +'#define U_BOOT_DATE "%b %d %C%y"'; \ + LC_ALL=C date -u -d "$${SOURCE_DATE:-now}" +'#define U_BOOT_TIME "%T"'; \ + LC_ALL=C date -u -d "$${SOURCE_DATE:-now}" +'#define U_BOOT_TZ "%z"' ) endef $(version_h): include/config/uboot.release FORCE diff --git a/README b/README index 4e0ff9f..1bcb63c 100644 --- a/README +++ b/README @@ -5081,6 +5081,18 @@ This firmware often needs to be loaded during U-Boot booting. - CONFIG_SYS_MEM_TOP_HIDE_MIN Define minimum DDR size to be hided from top of the DDR memory +Reproducible builds +------------------- + +In order to achieve reproducible builds, timestamps used in the U-Boot build +process have to be set to a fixed value. + +This is done using the SOURCE_DATE_EPOCH environment variable. +SOURCE_DATE_EPOCH is to be set on the build host's shell, not as a configuration +option for U-Boot or an environment variable in U-Boot. + +SOURCE_DATE_EPOCH should be set to a number of seconds since the epoch, in UTC. + Building the Software: ====================== diff --git a/tools/default_image.c b/tools/default_image.c index cf5c0d4..18940af 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -88,6 +88,9 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, struct image_tool_params *params) { uint32_t checksum; + char *source_date_epoch; + struct tm *time_universal; + time_t time; image_header_t * hdr = (image_header_t *)ptr; @@ -96,9 +99,25 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sizeof(image_header_t)), sbuf->st_size - sizeof(image_header_t)); + source_date_epoch = getenv("SOURCE_DATE_EPOCH"); + if (source_date_epoch != NULL) { + time = (time_t) strtol(source_date_epoch, NULL, 10); + + time_universal = gmtime(&time); + if (time_universal == NULL) { + fprintf(stderr, "%s: SOURCE_DATE_EPOCH is not valid\n", + __func__); + time = 0; + } else { + time = mktime(time_universal); + } + } else { + time = sbuf->st_mtime; + } + /* Build new header */ image_set_magic(hdr, IH_MAGIC); - image_set_time(hdr, sbuf->st_mtime); + image_set_time(hdr, time); image_set_size(hdr, sbuf->st_size - sizeof(image_header_t)); image_set_load(hdr, params->addr); image_set_ep(hdr, params->ep); -- 1.9.1