Package: grub2 Followup-For: Bug #787795 X-Debbugs-Cc: d...@fifthhorseman.net, vagr...@reproducible-builds.org Control: tags -1 patch
Hi, On Fri, 05 Jun 2015 02:37:38 -0400, Daniel wrote: > > However, it won't be completely reproducible until we get a newer > > version of xorriso in debian so that we can "-alter_date_r c" (see > > #787793, which blocks this bug). On Sun, 25 Jul 2021 16:19:46 -0700, Vagrant wrote: > Since newer versions of xorriso are now in Debian, I tried adding > "-alter_date_r c" to xorriso calls, but it would seem xorriso doesn't > support "-alter_date_r c" when used with "-as mkisofs". I'm not sure how > difficult it would be to convert away from using "-as mkisofs" so that > "-alter_date_r c" would be supportable... >From inspecting the grub codebase and the commandline options to both xorriso and xorrisofs (aka "xorriso -as mkisofs").. although it may in theory be possible to convert to 'native' xorriso by migrating a lot of the command-line construction, I think that it might be fragile and unnecessary work, because: ...there is a '--set_all_file_dates' command-line option[1] in xorrisofs that seems to do what we want here. There's one other change required in grub-mkrescue alongside this in order to achieve reproducible builds: we need it to read from the SOURCE_DATE_EPOCH env var when set (currently grub-mkrescue always uses system clock time). Please find attached a patch that allows me to rebuild grub-rescue-cdrom.iso deterministically on my local machine when SOURCE_DATE_EPOCH is set. I'll also offer this as a merge request on the Salsa repository[2]. Note: the current patch _always_ adds the set_all_file_dates option when invoking xorriso, regardless of whether the image creation time is read from the SOURCE_DATE_EPOCH variable or the system clock. Regards, James [1] - https://manpages.debian.org/bookworm/xorriso/xorrisofs.1.en.html#set_all_file_dates [2] - https://salsa.debian.org/grub-team/grub/
From: James Addison <j...@jp-hosting.net> Date: Tue, 01 Oct 2024 22:36:39 +0100 Subject: grub2: build rescue ISO reproducibly Extend the xorriso command-line invocation to configure a specific timestamp for all files during creation of Grub rescue ISO images. The timestamp to use is read from the SOURCE_DATE_EPOCH environment variable when it is set. Bug-Debian: https://bugs.debian.org/787795 --- --- a/util/grub-mkrescue.c +++ b/util/grub-mkrescue.c @@ -576,7 +576,13 @@ { time_t tim; struct tm *tmm; - tim = time (NULL); + /* https://reproducible-builds.org/docs/source-date-epoch/ */ + char *source_date_epoch; + /* This assumes that the SOURCE_DATE_EPOCH environment variable will contain + a correct, positive integer in the time_t range */ + if ((source_date_epoch = getenv("SOURCE_DATE_EPOCH")) == NULL || + (tim = (time_t)strtoll(source_date_epoch, NULL, 10)) <= 0) + time(&tim); tmm = gmtime (&tim); iso_uuid = xmalloc (55); grub_snprintf (iso_uuid, 50, @@ -600,6 +606,19 @@ xorriso_push (uuid_out); free (uuid_out); } + { + char *uuid_out = xmalloc (strlen (iso_uuid) + 1); + char *optr; + const char *iptr; + optr = grub_stpcpy (uuid_out, ""); + for (iptr = iso_uuid; *iptr; iptr++) + if (*iptr != '-') + *optr++ = *iptr; + *optr = '\0'; + xorriso_push ("--set_all_file_dates"); + xorriso_push (uuid_out); + free (uuid_out); + } /* build BIOS core.img. */ if (source_dirs[GRUB_INSTALL_PLATFORM_I386_PC])
