[OE-core] [PATCH v2 1/6] bitbake.conf: new variable BUILD_REPRODUCIBLE_BINARIES
Martin Jansa
martin.jansa at gmail.com
Tue May 2 05:55:31 UTC 2017
I think you can define them in bitbake.conf, but then export them only
where needed.
On Tue, May 2, 2017 at 2:35 AM, Bystricky, Juro <juro.bystricky at intel.com>
wrote:
> I see your point. The original idea was to keep all related variables in
> one place. There is
> one variable ( BUILD_REPRODUCIBLE_BINARIES ) that I think should be global,
> as it should be visible by all tasks (well, a lot of tasks). The rest can
> be moved to more appropriate places.
>
>
> ________________________________________
> From: Richard Purdie [richard.purdie at linuxfoundation.org]
> Sent: Monday, May 01, 2017 4:13 PM
> To: Bystricky, Juro; openembedded-core at lists.openembedded.org
> Cc: joshua.g.lock at linux.intel.com; Burton, Ross; martin.jansa at gmail.com;
> raj.khem at gmail.com; jurobystricky at hotmail.com
> Subject: Re: [PATCH v2 1/6] bitbake.conf: new variable
> BUILD_REPRODUCIBLE_BINARIES
>
> On Mon, 2017-05-01 at 13:58 -0700, Juro Bystricky wrote:
> > Building reproducible binaries may remove certain intentional
> > randomness intended for increased security. Hence, it is reasonable
> > to expect there will be cases where this is not desirable.
> > The user can select his/her preferences via the variable
> > BUILD_REPRODUCIBLE_BINARIES. The variable defaults to "0" (do not
> > build reproducible binaries) in order to minimize any potential
> > regressions. (Once the reproducible binaries code is mature enough,
> > it can be set to "1".)
> > If the variable BUILD_REPRODUCIBLE_BINARIES is set to "1",
> > timestamp values taken from additional variables will be optionally
> > used
> > when building binary reproducible images:
> >
> > REPRODUCIBLE_TIMESTAMP_ROOTFS
> > If the value is specified, all files mtime will be set to
> > this value.
> > In addition, /etc/timestamp and /etc/version will both
> > contain the value.
> > If no value is specified, timestamp will be derived from the
> > top git commit.
> >
> > REPRODUCIBLE_TIMESTAMP_IMAGE_PRELINK
> > Value passed via environment variable PRELINK_TIMESTAMP to
> > the prelink program.
> > If the value is specified, the value will be used.
> > If no value is specified, timestamp will be derived from the
> > top git commit.
> >
> > Signed-off-by: Juro Bystricky <juro.bystricky at intel.com>
> > ---
> > meta/conf/bitbake.conf | 11 +++++++++++
> > 1 file changed, 11 insertions(+)
> >
> > diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
> > index 227babd..6ce1a1a 100644
> > --- a/meta/conf/bitbake.conf
> > +++ b/meta/conf/bitbake.conf
> > @@ -859,3 +859,14 @@ BB_SIGNATURE_EXCLUDE_FLAGS ?= "doc deps depends
> > \
> >
> > MLPREFIX ??= ""
> > MULTILIB_VARIANTS ??= ""
> > +
> > +BUILD_REPRODUCIBLE_BINARIES ??= "0"
> > +BUILD_REPRODUCIBLE_BINARIES[export] = "1"
> > +
> > +# Unix timestamp
> > +REPRODUCIBLE_TIMESTAMP_ROOTFS ??= ""
> > +REPRODUCIBLE_TIMESTAMP_ROOTFS[export] = "1"
> > +
> > +# Unix timestamp
> > +REPRODUCIBLE_TIMESTAMP_IMAGE_PRELINK ??= ""
> > +REPRODUCIBLE_TIMESTAMP_IMAGE_PRELINK[export] = "1"
>
> Please don't add new global exports in bitbake.conf. Changing the value
> of this will cause everything to rebuild (e.g. recompile) since the
> exported environment goes to all tasks. We really don't want to do that
> if it only affects the image generation.
>
> I'll give this a bit more thought/review but wanted to comment on this
> whilst I see it/remember.
>
> Cheers,
>
> Richard
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20170502/bb5aaa9e/attachment-0002.html>
More information about the Openembedded-core
mailing list