forked from brl/citadel
Compare commits
1 Commits
master
...
reproducib
| Author | SHA1 | Date | |
|---|---|---|---|
| 726784ec0e |
@ -1,8 +1,6 @@
|
||||
|
||||
DEPENDS:append = " citadel-tools-native mtools-native cryptsetup-native coreutils-native"
|
||||
DEPENDS:append = " make-ext4fs-native citadel-tools-native mtools-native cryptsetup-native coreutils-native"
|
||||
|
||||
# Block size must be 4096 or dm-verity won't work
|
||||
EXTRA_IMAGECMD:ext4 = "-i 4096 -b 4096"
|
||||
IMAGE_FSTYPES = "ext4"
|
||||
IMAGE_OVERHEAD_FACTOR = "1.2"
|
||||
|
||||
@ -16,7 +14,7 @@ do_citadel_mkimage() {
|
||||
image-type = "${CITADEL_IMAGE_TYPE}"
|
||||
channel = "${CITADEL_IMAGE_CHANNEL}"
|
||||
version = ${CITADEL_IMAGE_VERSION}
|
||||
timestamp = "${DATETIME}"
|
||||
timestamp = "${SOURCE_DATE_EPOCH}"
|
||||
source = "${IMGDEPLOYDIR}/${IMAGE_LINK_NAME}.ext4"
|
||||
compress = ${CITADEL_IMAGE_COMPRESS}
|
||||
EOF
|
||||
|
||||
51
meta-citadel/classes/make_repro_ext4fs.bbclass
Normal file
51
meta-citadel/classes/make_repro_ext4fs.bbclass
Normal file
@ -0,0 +1,51 @@
|
||||
inherit image_types
|
||||
|
||||
python set_image_size () {
|
||||
import math
|
||||
|
||||
print("LOCAL set_image_size")
|
||||
blocksize = 50000
|
||||
rootfs_size = get_rootfs_size(d)
|
||||
print("LOCAL rootfs_size")
|
||||
|
||||
rootfs_size = math.ceil(rootfs_size / blocksize) * blocksize
|
||||
print("LOCAL rootfs_size")
|
||||
|
||||
d.setVar('ROOTFS_SIZE', str(rootfs_size))
|
||||
d.setVarFlag('ROOTFS_SIZE', 'export', '1')
|
||||
}
|
||||
|
||||
make_repro_ext4fs() {
|
||||
fstype=ext4
|
||||
extra_imagecmd=""
|
||||
|
||||
if [ $# -gt 1 ]; then
|
||||
shift
|
||||
extra_imagecmd=$@
|
||||
fi
|
||||
|
||||
# If generating an empty image the size of the sparse block should be large
|
||||
# enough to allocate an ext4 filesystem using 4096 bytes per inode, this is
|
||||
# about 60K, so dd needs a minimum count of 60, with bs=1024 (bytes per IO)
|
||||
eval local COUNT=\"0\"
|
||||
eval local MIN_COUNT=\"60\"
|
||||
if [ $ROOTFS_SIZE -lt $MIN_COUNT ]; then
|
||||
eval COUNT=\"$MIN_COUNT\"
|
||||
fi
|
||||
|
||||
# Create a sparse image block
|
||||
bbdebug 1 Executing "dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype count=1 bs=1024"
|
||||
|
||||
bbdebug 1 "ROOTFS_SIZE: `${ROOTFS_SIZE}`"
|
||||
bbdebug 1 Executing "make_ext4fs -vl ${ROOTFS_SIZE}k -T "1712775988" ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype ${IMAGE_ROOTFS}"
|
||||
|
||||
make_ext4fs -vl ${ROOTFS_SIZE}k -T "1712775988" ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype ${IMAGE_ROOTFS}
|
||||
|
||||
# Error codes 0-3 indicate successfull operation of fsck (no errors or errors corrected)
|
||||
fsck.ext4 -pvD ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype || [ $? -le 3 ]
|
||||
# adding f makes it non-reproducible
|
||||
|
||||
# delete the lost+found dir's contents
|
||||
# mount ${IMGDEPLOYDIR}/${IMAGE_NAME}.$fstype /tmp/image/
|
||||
# find "-iname" /tmp/image/lost+found -type d -exec rm -r "{}" \;
|
||||
}
|
||||
@ -38,6 +38,16 @@
|
||||
#MACHINE ??= "qemux86-64"
|
||||
MACHINE ?= "intel-corei7-64"
|
||||
|
||||
#
|
||||
# Binary Reproducibility
|
||||
#
|
||||
BUILD_REPRODUCIBLE_BINARIES = "1"
|
||||
export PYTHONHASHSEED = "0"
|
||||
export PERL_HASH_SEED = "0"
|
||||
export TZ = 'UTC'
|
||||
export SOURCE_DATE_EPOCH ??= "1718285985"
|
||||
REPRODUCIBLE_TIMESTAMP_ROOTFS ??= "1712775988"
|
||||
|
||||
DEFAULT_TIMEZONE = "America/New_York"
|
||||
DEPLOY_DIR_IMAGE = "${TOPDIR}/images"
|
||||
|
||||
|
||||
@ -15,7 +15,7 @@ do_realmfs_mkimage() {
|
||||
image-type = "realmfs"
|
||||
channel = "${CITADEL_IMAGE_CHANNEL}"
|
||||
version = 1
|
||||
timestamp = "${DATETIME}"
|
||||
timestamp = "${SOURCE_DATE_EPOCH}"
|
||||
source = "${REALMFS_DIR}/citadel-realmfs.ext4"
|
||||
realmfs-name = "base"
|
||||
compress = true
|
||||
|
||||
@ -18,7 +18,8 @@ CITADEL_IMAGE_VERSION = "${CITADEL_IMAGE_VERSION_extra}"
|
||||
CITADEL_IMAGE_TYPE = "extra"
|
||||
|
||||
require citadel-image.inc
|
||||
inherit citadel-image
|
||||
inherit citadel-image make_repro_ext4fs
|
||||
IMAGE_CMD:ext4 = "make_repro_ext4fs"
|
||||
|
||||
ROOTFS_POSTPROCESS_COMMAND += "write_manifest_file; "
|
||||
|
||||
|
||||
@ -139,8 +139,51 @@ write_boot_image() {
|
||||
fi
|
||||
|
||||
bbdebug 1 Creating ${IMAGE_SIZE} block msdos image at ${IMAGE_PATH}
|
||||
mkdosfs -n boot -C ${IMAGE_PATH} ${IMAGE_SIZE}
|
||||
mcopy -i ${IMAGE_PATH} -s ${IMAGE_ROOTFS}/* ::/
|
||||
mkdosfs --invariant -i 2e24ec82 -n BOOT -C ${IMAGE_PATH} ${IMAGE_SIZE}
|
||||
|
||||
###############################################################################
|
||||
echo "Running mmd and mcopy per file and dir to place files in the final fat32 image reproducibly"
|
||||
|
||||
INDIR=${IMAGE_ROOTFS}
|
||||
|
||||
# mmd is silly and requires this line to know where the image file is
|
||||
echo "drive x: file=\"${IMAGE_PATH}\"" > ~/.mtoolsrc
|
||||
echo ${OUTDIR}
|
||||
|
||||
for file in $(ls ${INDIR}/ | sort)
|
||||
do
|
||||
if [ -d ${INDIR}/${file} ] ; then
|
||||
echo "lvl 1 mmd ${file}"
|
||||
mmd x:/${file}
|
||||
|
||||
for file1 in $(ls ${INDIR}/${file}/ | sort)
|
||||
do
|
||||
if [ -d ${INDIR}/${file}/${file1} ] ; then
|
||||
echo "lvl 2 mmd ${file}/${file1}"
|
||||
mmd x:/${file}/${file1}
|
||||
|
||||
for file2 in $(ls ${INDIR}/${file}/${file1}/ | sort)
|
||||
do
|
||||
echo "lvl 2 mmd ${file}/${file1}/${file2}"
|
||||
if [ -d ${INDIR}/${file}/${file1}/${file2} ] ; then
|
||||
mmd x:/${file}/${file1}/${file2}
|
||||
|
||||
else
|
||||
echo "lvl 4 mcopy ${INDIR}/${file}/${file1}/${file2}"
|
||||
mcopy -i ${IMAGE_PATH} -vs ${INDIR}/${file}/${file1}/${file2} ::/${file}/${file1}/
|
||||
fi
|
||||
done
|
||||
else
|
||||
echo "lvl 2 mcopy ${INDIR}/${file}/${file1}"
|
||||
mcopy -i ${IMAGE_PATH} -vs ${INDIR}/${file}/${file1} ::/${file}/
|
||||
fi
|
||||
done
|
||||
else
|
||||
echo "lvl 2 mcopy ${INDIR}/${file}"
|
||||
mcopy -i ${IMAGE_PATH} -vs ${INDIR}/${file} ::/
|
||||
fi
|
||||
done
|
||||
###############################################################################
|
||||
|
||||
syslinux --directory syslinux --install ${IMAGE_PATH}
|
||||
}
|
||||
@ -160,18 +203,31 @@ write_installer_image() {
|
||||
bbdebug 1 Creating ${TOTAL_IMAGE_BLOCKS} block empty image file at ${INSTALLER_IMAGE}
|
||||
truncate -s ${TOTAL_IMAGE_BLOCKS}K ${INSTALLER_IMAGE}
|
||||
parted -s ${INSTALLER_IMAGE} mklabel msdos
|
||||
# now set disk Identifier manually to make reproducible
|
||||
# thank you mook765 @ https://askubuntu.com/questions/1250224/how-to-change-partuuid
|
||||
bash -c "sed -e 's/\s*\([\+0-9a-zA-Z]*\).*/\1/' <<EOF | fdisk ${INSTALLER_IMAGE}
|
||||
x
|
||||
i
|
||||
0x60123f76
|
||||
r
|
||||
w
|
||||
EOF"
|
||||
|
||||
offset=32
|
||||
end=$(expr ${offset} + ${BOOT_IMAGE_SECTORS} - 1)
|
||||
bbdebug 1 parted -s ${INSTALLER_IMAGE} unit s mkpart fat32 ${offset} ${end}
|
||||
parted -s ${INSTALLER_IMAGE} unit s mkpart primary fat32 ${offset} ${end}
|
||||
parted -s ${INSTALLER_IMAGE} set 1 boot on
|
||||
|
||||
bbdebug 1 dd if=${BOOT_IMAGE} of=${INSTALLER_IMAGE} seek=${offset} count=${BOOT_IMAGE_SECTORS} conv=sparse,nocreat,notrunc
|
||||
dd if=${BOOT_IMAGE} of=${INSTALLER_IMAGE} seek=${offset} count=${BOOT_IMAGE_SECTORS} conv=sparse,nocreat,notrunc
|
||||
|
||||
dd bs=440 count=1 conv=notrunc if=${RECIPE_SYSROOT}/usr/share/syslinux/mbr.bin of=${INSTALLER_IMAGE}
|
||||
|
||||
parted -s ${INSTALLER_IMAGE} unit s print
|
||||
|
||||
# thank you Anade @ https://superuser.com/questions/1247972/how-to-change-vfat-partition-uuid
|
||||
printf "\x"12"\x"34"\x"AB"\x"CD"" | dd bs=1 seek=67 count=4 conv=notrunc of=${INSTALLER_IMAGE}
|
||||
}
|
||||
|
||||
do_fetch[noexec] = "1"
|
||||
|
||||
@ -7,7 +7,8 @@ CITADEL_IMAGE_VERSION = "${CITADEL_IMAGE_VERSION_kernel}"
|
||||
CITADEL_IMAGE_TYPE = "kernel"
|
||||
|
||||
require citadel-image.inc
|
||||
inherit citadel-image
|
||||
inherit citadel-image make_repro_ext4fs
|
||||
IMAGE_CMD:ext4 = "make_repro_ext4fs"
|
||||
|
||||
do_rootfs[depends] += "citadel-kernel:do_deploy"
|
||||
|
||||
|
||||
@ -15,7 +15,10 @@ CITADEL_IMAGE_VERSION = "${CITADEL_IMAGE_VERSION_rootfs}"
|
||||
CITADEL_IMAGE_TYPE = "rootfs"
|
||||
|
||||
require citadel-image.inc
|
||||
inherit citadel-image
|
||||
inherit citadel-image make_repro_ext4fs
|
||||
|
||||
IMAGE_CMD:ext4 = "make_repro_ext4fs"
|
||||
IMAGE_OVERHEAD_FACTOR = "1.34"
|
||||
|
||||
set_blank_user_password() {
|
||||
sed -i 's%^citadel::%citadel:!:%' ${IMAGE_ROOTFS}/etc/shadow
|
||||
@ -62,4 +65,4 @@ addtask rm_var_link after do_rootfs before do_image_qa
|
||||
|
||||
symlink_lib64() {
|
||||
ln -s /usr/lib ${IMAGE_ROOTFS}/lib64
|
||||
}
|
||||
}
|
||||
@ -875,6 +875,10 @@ CONFIG_FUNCTION_ALIGNMENT_16B=y
|
||||
CONFIG_FUNCTION_ALIGNMENT=16
|
||||
# end of General architecture-dependent options
|
||||
|
||||
KBUILD_BUILD_TIMESTAMP="1718377347"
|
||||
KBUILD_BUILD_USER="citadel"
|
||||
KBUILD_BUILD_HOST="subgraph"
|
||||
|
||||
CONFIG_RT_MUTEXES=y
|
||||
CONFIG_BASE_SMALL=0
|
||||
CONFIG_MODULE_SIG_FORMAT=y
|
||||
@ -888,7 +892,7 @@ CONFIG_MODULE_UNLOAD=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
CONFIG_MODULE_SIG=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
CONFIG_MODULE_SIG_ALL=y
|
||||
CONFIG_MODULE_SIG_ALL=n
|
||||
CONFIG_MODULE_SIG_SHA1=y
|
||||
# CONFIG_MODULE_SIG_SHA256 is not set
|
||||
# CONFIG_MODULE_SIG_SHA384 is not set
|
||||
@ -6825,7 +6829,7 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y
|
||||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_MODULE_SIG_KEY=""
|
||||
CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
|
||||
# CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
|
||||
@ -0,0 +1,82 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCmK+LsbpL99cvA
|
||||
8bCrbmPUcTvcPIF3K7HTjhWBcWD+QXXZhFPRuA8yPOHbOjRyPvIbzCKaFTpEuxVk
|
||||
eVozLAEhMviDaQAzoq7Xajzz9r++uTu1W7HyH6gvNLxVmDdv2d2JLZZQNfOfPwql
|
||||
AGscdMhfg0sKEfvspJoSm1TAae+5/GrbRDse6xuhcghm4TE3TJb6CR1VlRcy07oi
|
||||
Ep+zTHAV2aTz4PGaYVAn5T1GuBSsioULd+abhN1D/LcZD6oY6Cmzb8PA9KL0fJQ3
|
||||
25iNmJ+VzJjM7EQbRudlbHr0XlYS6uG+MbVl2qyWuMSnkxCOuoA2JV+ZOa0cG8pZ
|
||||
ROENSq+/KEocpqKTYEwI1XKCQbSnHr5TZwJDSnUJNt/yFKAfy8th4UyapLpzAzrs
|
||||
VKcwY6pZSiab1ig6nOz3UNVV6yZAbpYcNRm6arQauytApr39AlIdh7aTJsmQ7BEH
|
||||
b3GhTz+sX4kgEJEyciW1o2Ec6LLB46ZNUijSwZFxmvHAzWWZm3Ae4FEBaPqhTSoc
|
||||
6YjZNKdmS1zi0PDN1KK692H4tHdxXUXK5zMAwMiU9J9ZIgeiqTBYiQMSWsEWO+BT
|
||||
lrNh0D2ifbhKnSL3/154m5OZxIJ+fwZ4r22iDFkzZEoAlBUan0KYMHRnuNNQoV+G
|
||||
wrUpGfyjobeQIrXR6zKOg0EfqojCiwIDAQABAoICAEDtwf+/HuljiudLqMv7WL+Q
|
||||
NSMTc0TkylmO2YFYE12Vp15EMdousKVhG6ElB4wiY0iQRW7uX3OupCe7sQ5wocpe
|
||||
l7MFKqKCbQ3XwZRT9E0qJJXzC78/NmCnmvVZAkROnRz2NpcF1bkCEX8ygCfAy/Bi
|
||||
JUZ8i3LGSDt//Sgn3JdP9VLSwMUOeZ/mJjlIwYnJf+6X9CHWHRfrmf2pSERvWBZ5
|
||||
kdYHLXA0mPTVwlEpKU7X2y+FfJKE4k4n50VAFSchQ/YMdDEnharBKMsAn4WoPqby
|
||||
KDxeDyiXVmAPeKWWXMyMgYNm+emf/bLw5EpUEPKsFd/ST53X5vemNjUWUFd4uN13
|
||||
DL12tKDzmYfzsXzAAnBcLTrxS1dAYu5V3ejd8Tx1HleYMJuzlBQesQ6sjsE2DaGI
|
||||
HxV2fxyFrNhjcEjNvJnYLGX6rg5Me7yGu3kcgeLlHALiixYFiIR7vHaKvmg0b+na
|
||||
0tO0sp4mitdynfrVAMDosLrFW8jRX2jOM3ttOOl91Xa0UvJrk2qavc9rauGTO4KX
|
||||
dHJ90SGf7JdkYKaSaq+eNu+6WHfBYVv8teOTu7Qi7dl/xHSdphR9eq/FRaEidxDF
|
||||
v/tYlS5va2yGA9pAbthNS8SQIp2OJupZOyGBhfVpvLemiUeGPqSKBFuocTN4DQ94
|
||||
aligiY4mBNO63dz16l4BAoIBAQDjA51zfmrkL4du3H6DMSs/lqZqvjcbcRg96wb3
|
||||
r7wpiug7beyv5RrtieSzN/0Y8thggvyOslNsu/dPqVxtufeP3xvSRzrde9En+2Tl
|
||||
Xa00WxcqNVUu+FqYg0LRXqvQzbvtDCyaszqlvlvM7PqkY+14QBvkZ+HYydd5PN6p
|
||||
+3gN7rHUIAX1+JbkN+Q8TmQYdvCiQ52QRXXHi4w+h9Sy7+iXbbgtxqqyYR4JjOzT
|
||||
wTBz8bTxxfD+z0Cwge83VVmGrjRrYCkn9u8PQKinII8lbLTO5UBo/49P2jujFAh4
|
||||
dC1uW4VOPKS2DT4eMizQYQqQuaQdw8gp8L2BlBTlpXOVrGSLAoIBAQC7Y4Njmyqt
|
||||
SDjepsPptYVAtyrg10yK4vvWGXciLSwhqqHH5dk3gtOGnyV5yB3a5WoNRH6El4ct
|
||||
ss5tH5iEpE6zVcsgN2dl+JS6bjJcNfwwaDOmxMgYrBaCFzcJcW/R1Fet+pV7kni6
|
||||
pNzuAemu/u3Wb7sNckMom9VHOksBbRfSucoApKkwKMClHUmDs9eLjkn0JXZlRHHW
|
||||
iM0SLO6Q4oWzIQRw0AA+MGMRgH95UyOCfLi36ifhlqti29uaXvuntKgcizHcvIR0
|
||||
rI0TOLscoyoA3YvKp4oZQlNXaDJ0TEl2R++/FXTJ29VGFMG+QVh93qhEKGUyZWkx
|
||||
JpzZMJC3etoBAoIBAQCct7Mrtxsd2j3555gjA3+iz2KlkBlFBYdBv4240gXo++8k
|
||||
j9d0+onjcG2E1+MPJR8BSYwHCs6S4xRxVy7qxRZFqTVwriHSIxcaLe/SdCANY9ET
|
||||
H2xmF6ebYApxtZSRemYA2IW2aoLTRx3i07qYYC/g8wkOXjTIz1bEaKQi3upbW+xB
|
||||
z7Wtv+aTOI6En210gi/PJTSSE5GipxCzXlwVB5AfcexTFbJjoK320+XurZDAih1r
|
||||
R0X+8p7q+1hkb7R1SLABbIoc/9i7Q9zqO4z2vhv4NMWJdtu9uZ+wDjVmynVOmTnm
|
||||
7/CZiXzXpbXQSR3dGXtV3QHDCmIZIVxnyReJPVDPAoIBAEi24epJ8PKS3vaPMeDD
|
||||
vnSRX0MmaJ5QXDcFZLRPYRujUen26CZhTuGjafBq1iL1+QQy+wFKp3r1MqMnqpB2
|
||||
DdALT6ottaLdJiF9127ux/Ckzr49CASC6q0KgyHX8fMzed6aKV1tRgnvJYf6GAr/
|
||||
A529d5FNMIBWkBl2plpkUeVEkP1U6A43EiJATiGcLN0Lluj1jI7ZU29TYHhYFS8F
|
||||
p6oN+uIn5KA9OIQ3H8Adod7ltOwxIc6pH9JZzEqH5xF5ye5hmTS1tpRrzMaTsg/3
|
||||
xLnXPoKiJrWMhjiZx1JXs/4BBihZFBusgYMTVOcWBle5igQAxNwcfAhFmoGxFccN
|
||||
FgECggEBAIsMbpB0hcbH6bIWSARRobhPL2Ka8zJ4d8ZfhpjPv8ZXNKoV4Ki/i57v
|
||||
IxlXi+t4NPqcWWUf3W0InFPjkkpNPpXQF1dMK4qdevOFikw7KINtjCI0iSvWEzTj
|
||||
gIFGXfZcFnBXqYiuc56YUKLQOncyR7M0RxBCWAe70coMB1msMz/TaknlnkAg4ghV
|
||||
TEN7LEd7GAQYzIAlsjd4boX4duiZndvPgG9V8eaUo1EWzcfD/0H8vk60HwRyfbkg
|
||||
O9ERb+x6sKYtR0pJoYRuahjKd6SoKPswi+hdOZDO076Xf9ORHTHqV/CznEtVA3Vc
|
||||
DDvz8/gvqoDgvAWlCrsjmZEffJizVcw=
|
||||
-----END PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFKDCCAxCgAwIBAgIUE6rC+QfVn02trZ7Ead27i9ds4NYwDQYJKoZIhvcNAQEL
|
||||
BQAwLjEsMCoGA1UEAwwjQnVpbGQgdGltZSBhdXRvZ2VuZXJhdGVkIGtlcm5lbCBr
|
||||
ZXkwIBcNMjQwMjI4MTk1ODA4WhgPMjEyNDAyMDQxOTU4MDhaMC4xLDAqBgNVBAMM
|
||||
I0J1aWxkIHRpbWUgYXV0b2dlbmVyYXRlZCBrZXJuZWwga2V5MIICIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAg8AMIICCgKCAgEApivi7G6S/fXLwPGwq25j1HE73DyBdyux044V
|
||||
gXFg/kF12YRT0bgPMjzh2zo0cj7yG8wimhU6RLsVZHlaMywBITL4g2kAM6Ku12o8
|
||||
8/a/vrk7tVux8h+oLzS8VZg3b9ndiS2WUDXznz8KpQBrHHTIX4NLChH77KSaEptU
|
||||
wGnvufxq20Q7HusboXIIZuExN0yW+gkdVZUXMtO6IhKfs0xwFdmk8+DxmmFQJ+U9
|
||||
RrgUrIqFC3fmm4TdQ/y3GQ+qGOgps2/DwPSi9HyUN9uYjZiflcyYzOxEG0bnZWx6
|
||||
9F5WEurhvjG1ZdqslrjEp5MQjrqANiVfmTmtHBvKWUThDUqvvyhKHKaik2BMCNVy
|
||||
gkG0px6+U2cCQ0p1CTbf8hSgH8vLYeFMmqS6cwM67FSnMGOqWUomm9YoOpzs91DV
|
||||
VesmQG6WHDUZumq0GrsrQKa9/QJSHYe2kybJkOwRB29xoU8/rF+JIBCRMnIltaNh
|
||||
HOiyweOmTVIo0sGRcZrxwM1lmZtwHuBRAWj6oU0qHOmI2TSnZktc4tDwzdSiuvdh
|
||||
+LR3cV1FyuczAMDIlPSfWSIHoqkwWIkDElrBFjvgU5azYdA9on24Sp0i9/9eeJuT
|
||||
mcSCfn8GeK9togxZM2RKAJQVGp9CmDB0Z7jTUKFfhsK1KRn8o6G3kCK10esyjoNB
|
||||
H6qIwosCAwEAAaM8MDowDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0O
|
||||
BBYEFHA0T2bpAZaELFDODMgvpSjwQNCEMA0GCSqGSIb3DQEBCwUAA4ICAQAOvHct
|
||||
yaAn0kCoxAZbMEs8NYxbqxSydLX0YOcV6iF+mS2LQOGQ1mlyOBiFgExjR3XKo6kB
|
||||
PRjnd8WuwDcBIHqzK9XBYgm8yCz1oOezVG/J9gvxF47QY3X7EC7M4B0MNGgPpETw
|
||||
kXTGIl1x8qXwbD/KwvQkdaRJsZ4uoIHQZOYzvy4M85pV0II5xoESAR/MPrCFQO7O
|
||||
/oqWNWs1LEt7XsRzH7mSZWfZ//mr0Kl6n7865i0ocCPv+4nyyT4CWv/0UEeWIKPK
|
||||
ChJE+lOpSdiidq2+uyJDN5ali5413nhOx0LY/aziE7JB4x5Ami3DOsGE23y/5Cho
|
||||
YWwW8EP3+9M5TVVxrji//I7g2MLQvXAtcwvhaucdrQybgKfQDCnjUSKhYi0WeX+e
|
||||
esDj0uVPVrHgbj5QdFIHeuc9F15beVpt3dBa+qYRUdt5J+XaXYxKS43dhz/RQh20
|
||||
Z1961O343/Gy023CqI/Ljs8P37CVhhldSWYntlMa39rg7GJPXeQZ1AN/3/2od1ay
|
||||
ZaC9FRUTcmoD/TiD14aHHJLwf3tvj/vzmxCzp18mzBVtUE3Ts0uKDkE7F7EVnh5y
|
||||
SWz8gehB8tUtsdZPeZqgIKQGCsWhIqD4Ir3csMpyPw+vGKxE6ZzzMr9TvwQpj/NI
|
||||
G0wlChzo9EPL58kJEUFhnY0WFhRn1OWfZStiiQ==
|
||||
-----END CERTIFICATE-----
|
||||
@ -7,10 +7,9 @@ SECTION = "devel/lib"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=c07cb499d259452f324bb90c3067d85c"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
B = "${S}"
|
||||
|
||||
SRCREV = "c9864f4dd03736839f40d225da494cb1eb64e654"
|
||||
SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=master;protocol=https"
|
||||
SRCREV = "6e83cc6f6dff4f126fc79284e0c3c1c50123380d"
|
||||
SRC_URI = "git://github.com/storaged-project/libbytesize;branch=main;protocol=https"
|
||||
|
||||
inherit gettext autotools pkgconfig python3native
|
||||
|
||||
29
meta-citadel/recipes-support/make-ext4fs/make-ext4fs.bb
Normal file
29
meta-citadel/recipes-support/make-ext4fs/make-ext4fs.bb
Normal file
@ -0,0 +1,29 @@
|
||||
DESCRIPTION = "Ext4 creation utility used here because it outputs reproducible builds"
|
||||
HOMEPAGE = "https://git.subgraph.com.com/isa/make_ext4"
|
||||
LICENSE = "Apache-2.0"
|
||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
|
||||
|
||||
SRCREV = "5c201be7d72aff735da27e17c29852e0cefe3e52"
|
||||
|
||||
SRC_URI = "git://git.subgraph.com/isa/make_ext4fs.git;protocol=https;branch=master"
|
||||
|
||||
DEPENDS = "zlib-native"
|
||||
inherit pkgconfig native
|
||||
|
||||
PACKAGECONFIG = ""
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
BBCLASSEXTEND = "native"
|
||||
|
||||
do_compile () {
|
||||
export LDFLAGS=""
|
||||
oe_runmake
|
||||
}
|
||||
|
||||
do_install () {
|
||||
pwd
|
||||
ls
|
||||
install -d ${D}${bindir}
|
||||
install -m 755 -T ${B}/make_ext4fs ${D}${bindir}/make_ext4fs
|
||||
}
|
||||
@ -76,6 +76,7 @@ do_compile:prepend:class-native() {
|
||||
|
||||
do_compile() {
|
||||
export NSPR_INCLUDE_DIR=${STAGING_INCDIR}/nspr
|
||||
export NSS_FIPS_DISABLED
|
||||
|
||||
export CROSS_COMPILE=1
|
||||
export NATIVE_CC="${BUILD_CC}"
|
||||
@ -247,18 +248,6 @@ do_install:append:class-target() {
|
||||
|
||||
PACKAGE_WRITE_DEPS += "nss-native"
|
||||
|
||||
pkg_postinst:${PN} () {
|
||||
for I in $D${libdir}/lib*.chk; do
|
||||
DN=`dirname $I`
|
||||
BN=`basename $I .chk`
|
||||
FN=$DN/$BN.so
|
||||
shlibsign -i $FN
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "shlibsign -i $FN failed"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
PACKAGES =+ "${PN}-smime"
|
||||
FILES:${PN}-smime = "\
|
||||
${bindir}/smime \
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
From 805d67b57d1b229f8fafc942df51e7a3b830889a Mon Sep 17 00:00:00 2001
|
||||
From: isa <isa@subgraph.com>
|
||||
Date: Thu, 7 Mar 2024 22:06:04 +0000
|
||||
Subject: [PATCH] Fix reproducibility issue
|
||||
|
||||
---
|
||||
src/daemon/Makefile.am | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am
|
||||
index e7eb1f2..d486819 100644
|
||||
--- a/src/daemon/Makefile.am
|
||||
+++ b/src/daemon/Makefile.am
|
||||
@@ -13,10 +13,10 @@
|
||||
##
|
||||
|
||||
AM_CPPFLAGS = $(LIBGTOP_CFLAGS) @AM_CPPFLAGS@ -D_BSD \
|
||||
- -DLIBGTOP_COMPILE_SYSTEM="\"`uname -s`\"" \
|
||||
- -DLIBGTOP_COMPILE_RELEASE="\"`uname -r`\"" \
|
||||
- -DLIBGTOP_COMPILE_VERSION="\"`uname -v`\"" \
|
||||
- -DLIBGTOP_COMPILE_MACHINE="\"`uname -m`\""
|
||||
+ -DLIBGTOP_COMPILE_SYSTEM="\"Linux\"" \
|
||||
+ -DLIBGTOP_COMPILE_RELEASE="\"6.7.4\"" \
|
||||
+ -DLIBGTOP_COMPILE_VERSION="\"SMP PREEMPT_DYNAMIC\"" \
|
||||
+ -DLIBGTOP_COMPILE_MACHINE="\"x86_64\""
|
||||
|
||||
if LIBGTOP_NEED_SERVER
|
||||
suid_sysdeps = $(top_builddir)/sysdeps/@sysdeps_dir@/libgtop_sysdeps_suid-2.0.la
|
||||
@ -7,6 +7,7 @@ inherit gnomebase lib_package gtk-doc gobject-introspection gettext upstream-ver
|
||||
|
||||
ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
|
||||
|
||||
SRC_URI += " file://0001-Fix-reproducibility-issue.patch"
|
||||
SRC_URI[archive.sha256sum] = "775676df958e2ea2452f7568f28b2ea581063d312773dd5c0b7624c1b9b2da8c"
|
||||
|
||||
DEPENDS = "glib-2.0 libxau"
|
||||
|
||||
@ -1 +1 @@
|
||||
PACKAGES="man manpages neovim iputils-ping tmux vifm gnome-terminal firefox nautilus eog evince unzip x264 yelp"
|
||||
PACKAGES="man manpages neovim iputils-ping tmux vifm gnome-terminal firefox-esr nautilus eog evince unzip x264 yelp"
|
||||
|
||||
@ -26,7 +26,7 @@ PACKAGES="man manpages vim-nox iputils-ping tmux gnome-terminal firefox nautilus
|
||||
# they can just be deleted. Or you can keep them, the result will be the same.
|
||||
#
|
||||
|
||||
DEBIAN_RELEASE="bullseye"
|
||||
DEBIAN_RELEASE="bookworm"
|
||||
DEBIAN_MIRROR="https://deb.debian.org/debian"
|
||||
|
||||
#
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
|
||||
: ${DEBIAN_MIRROR:="https://deb.debian.org/debian"}
|
||||
: ${DEBIAN_RELEASE:="bullseye"}
|
||||
: ${DEBIAN_RELEASE:="bookworm"}
|
||||
|
||||
BASE_PACKAGES="iproute2 less xz-utils sudo dbus libpam-systemd openssh-client packagekit-gtk3-module libcanberra-gtk3-module libpulse0 fonts-roboto-hinted bash-completion"
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
info "Creating user account"
|
||||
|
||||
useradd -s /bin/bash -m user
|
||||
echo "user:user" | chpasswd
|
||||
echo "user:user" | chpasswd -c NONE
|
||||
usermod -aG sudo user
|
||||
echo "export DISPLAY=:0" >> /home/user/.bashrc
|
||||
|
||||
@ -3,6 +3,5 @@ info "Writing /etc/apt/sources.list"
|
||||
{
|
||||
echo "deb ${DEBIAN_MIRROR} ${DEBIAN_RELEASE} main contrib non-free"
|
||||
echo "deb ${DEBIAN_MIRROR}-security ${DEBIAN_RELEASE}-security main contrib non-free"
|
||||
echo "deb ${DEBIAN_MIRROR} unstable main"
|
||||
|
||||
} > /etc/apt/sources.list
|
||||
|
||||
@ -29,22 +29,43 @@ setup_rootfs() {
|
||||
}
|
||||
|
||||
run_debootstrap() {
|
||||
#[[ -f ${CACHE_DIR}/lock ]] && rm -f ${CACHE_DIR}/lock
|
||||
#mkdir --parents ${CACHE_DIR} ${ROOTFS}/var/cache/apt/archives
|
||||
|
||||
[[ -f ${CACHE_DIR}/lock ]] && rm -f ${CACHE_DIR}/lock
|
||||
mkdir --parents ${CACHE_DIR} ${ROOTFS}/var/cache/apt/archives
|
||||
#info "Bind mounting ${CACHE_DIR} to ${ROOTFS}/var/cache/apt/archives"
|
||||
#mount --bind ${CACHE_DIR} ${ROOTFS}/var/cache/apt/archives
|
||||
|
||||
info "Bind mounting ${CACHE_DIR} to ${ROOTFS}/var/cache/apt/archives"
|
||||
mount --bind ${CACHE_DIR} ${ROOTFS}/var/cache/apt/archives
|
||||
info "Launching mmdebstrap"
|
||||
|
||||
info "Launching debootstrap"
|
||||
export SOURCE_DATE_EPOCH="1718285985"
|
||||
|
||||
debootstrap --verbose --merged-usr --variant=minbase \
|
||||
--include=systemd-sysv,locales \
|
||||
${DEBIAN_RELEASE} ${ROOTFS} ${DEBIAN_MIRROR}
|
||||
mmdebstrap --variant=minbase \
|
||||
--include=systemd-sysv,locales,ca-certificates \
|
||||
${DEBIAN_RELEASE} ${ROOTFS} ${DEBIAN_MIRROR}
|
||||
}
|
||||
|
||||
make_reproducible() {
|
||||
#umount ${ROOTFS}/var/cache/apt/archives
|
||||
|
||||
rm -rdf ${ROOTFS}/var/cache/*
|
||||
rm ${ROOTFS}/var/log/apt/term.log
|
||||
rm ${ROOTFS}/var/log/apt/history.log
|
||||
rm ${ROOTFS}/var/log/bootstrap.log || true
|
||||
rm ${ROOTFS}/var/log/fontconfig.log || true
|
||||
rm ${ROOTFS}/var/log/dpkg.log
|
||||
rm ${ROOTFS}/var/log/alternatives.log
|
||||
rm ${ROOTFS}/var/log/eipp.log.xz || true
|
||||
rm -rdf ${ROOTFS}/var/lib/apt/lists/*
|
||||
awk -i inplace -F":" '{OFS=FS}{ $3="1" ; print }' ${ROOTFS}/etc/shadow # do not record date of last password change
|
||||
|
||||
echo "bf58db8bc11448788138633a01a06cdd" > ${ROOTFS}/etc/machine-id
|
||||
echo "bf58db8bc11448788138633a01a06cdd" > ${ROOTFS}/var/lib/dbus/machine-id
|
||||
|
||||
echo -e "# Generated during realmfs build\nnameserver 192.168.4.1" > ${ROOTFS}/etc/resolv.conf
|
||||
echo -e "# File generated during realmfs build\nLC_COLLATE=C\nLANG=en_US.UTF-8" > ${ROOTFS}/etc/default/locale
|
||||
}
|
||||
|
||||
setup_chroot() {
|
||||
|
||||
mount chproc ${ROOTFS}/proc -t proc
|
||||
mount chsys ${ROOTFS}/sys -t sysfs
|
||||
mount chtmp ${ROOTFS}/tmp -t tmpfs
|
||||
@ -60,10 +81,11 @@ setup_chroot() {
|
||||
}
|
||||
|
||||
cleanup_chroot() {
|
||||
make_reproducible
|
||||
|
||||
umount ${ROOTFS}/proc
|
||||
umount ${ROOTFS}/sys
|
||||
umount ${ROOTFS}/tmp
|
||||
umount ${ROOTFS}/var/cache/apt/archives
|
||||
|
||||
# Remove cache files in case we are creating a tarball for distribution
|
||||
rm -f ${ROOTFS}/var/cache/apt/pkgcache.bin
|
||||
@ -71,7 +93,6 @@ cleanup_chroot() {
|
||||
}
|
||||
|
||||
run_chroot_stage() {
|
||||
|
||||
setup_chroot
|
||||
|
||||
#
|
||||
@ -103,15 +124,27 @@ generate_tarball() {
|
||||
echo
|
||||
}
|
||||
|
||||
build_make_ext4fs() {
|
||||
cd ${WORKDIR}
|
||||
if [ ! -d "make_ext4fs" ]; then
|
||||
git clone https://git.subgraph.com/isa/make_ext4fs.git
|
||||
fi
|
||||
cd make_ext4fs
|
||||
git checkout 5c201be7d72aff735da27e17c29852e0cefe3e52
|
||||
make
|
||||
cd ../..
|
||||
}
|
||||
|
||||
generate_image() {
|
||||
# BLOCKS=$(du -ks ${ROOTFS} | cut -f1)
|
||||
# BLOCKS=$(expr ${BLOCKS} \* 12 / 10)
|
||||
# SIZE=$(expr ${BLOCKS} \* 1024)
|
||||
# echo "Size is ${SIZE}"
|
||||
build_make_ext4fs
|
||||
BLOCKS=$(expr 440 \* 1024)
|
||||
# allow online resize up to 32G
|
||||
dd if=/dev/zero of=${WORKDIR}/citadel-realmfs.ext4 seek=${BLOCKS} count=0 bs=4096
|
||||
mkfs.ext4 -d ${ROOTFS} -i 4096 -b 4096 -F ${WORKDIR}/citadel-realmfs.ext4 ${BLOCKS} || exit 1
|
||||
${WORKDIR}/make_ext4fs/make_ext4fs -l 2G -T "1712775988" -b 4096 ${WORKDIR}/citadel-realmfs.ext4 ${ROOTFS} || exit 1
|
||||
}
|
||||
|
||||
usage() {
|
||||
@ -156,7 +189,6 @@ try_config() {
|
||||
}
|
||||
|
||||
WORKDIR="$(pwd)/realmfs"
|
||||
BUILDFILE=""
|
||||
|
||||
DO_TAR=0
|
||||
DO_XZ=0
|
||||
@ -223,7 +255,7 @@ if [ "$EUID" -ne 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z ${BUILDFILE} ]]; then
|
||||
if [[ -z ${BUILDFILE-} ]]; then
|
||||
BUILDFILE=$(try_config "${PWD}/build.conf" || try_config "${REALMFS_BUILDER_BASE}/basic-image.conf") || fatal "Could not find a configuration file to use"
|
||||
fi
|
||||
|
||||
@ -245,7 +277,6 @@ run_debootstrap
|
||||
|
||||
run_chroot_stage
|
||||
|
||||
|
||||
info "rootfs build is completed:"
|
||||
info " $(du -sh ${ROOTFS})"
|
||||
|
||||
|
||||
@ -30,7 +30,12 @@ RUN apt update && apt install -y gawk \
|
||||
file \
|
||||
liblz4-tool \
|
||||
zstd \
|
||||
xwayland
|
||||
xwayland \
|
||||
mmdebstrap \
|
||||
apt-utils \
|
||||
usrmerge \
|
||||
faketime \
|
||||
diffoscope
|
||||
|
||||
# python
|
||||
RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
|
||||
@ -38,6 +43,7 @@ RUN locale-gen
|
||||
RUN update-locale LANG=en_US.UTF-8
|
||||
ENV LC_ALL en_US.UTF-8
|
||||
ENV LC_CTYPE en_US.UTF-8
|
||||
ENV LC_COLLATE en_US.UTF-8
|
||||
|
||||
RUN useradd -ms /bin/bash builder
|
||||
RUN echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user