Source: amd64-microcode
Version: 3.20160316.2
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps fileordering toolchain
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0] on behalf of the
Tails operating system [1], I noticed that amd64-microcode generates
a prepended initramfs image that is not reproducible.
Patch attached.
[0] https://reproducible-builds.org/
[1] https://tails.boum.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
diff --git a/debian/initramfs.hook b/debian/initramfs.hook
index d250719..b290d21 100755
--- a/debian/initramfs.hook
+++ b/debian/initramfs.hook
@@ -89,9 +89,18 @@ EFWCD="${EFWD}/d/kernel/x86/microcode"
EFWF="${EFWCD}/AuthenticAMD.bin"
mkdir -p "${EFWCD}" && \
- find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -print0 | xargs -0 -r cat
2>/dev/null >"${EFWF}" && \
+ find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -print0 | LC_ALL=C sort -z |
xargs -0 -r cat 2>/dev/null >"${EFWF}" && \
+ # if SOURCE_DATE_EPOCH is set, try and create a reproducible image
+ if [ "${SOURCE_DATE_EPOCH}" != "" ]; then
+ # ensure that no timestamps are newer than $SOURCE_DATE_EPOCH
+ find "${EFWD}" -newermt "@${SOURCE_DATE_EPOCH}" -print0 | \
+ xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
+
+ # --reproducible requires cpio >= 2.12
+ cpio --usage | grep -qs -- "--reproducible" &&
cpio_reproducible="--reproducible"
+ fi && \
test -s "${EFWF}" && \
- ( cd "${EFWD}/d" ; find . -print0 | sort -z | cpio --null -R 0:0 -H newc -o
--quiet > "${EFWE}" ) \
+ ( cd "${EFWD}/d" ; find . -print0 | LC_ALL=C sort -z | cpio --null
$cpio_reproducible -R 0:0 -H newc -o --quiet > "${EFWE}" ) \
&& prepend_earlyinitramfs "${EFWE}" || {
[ -d "${EFWD}" ] && rm -fr "${EFWD}"
echo "E: amd64-microcode: failed to create or prepend the early initramfs
to the initramfs" >&2
