[OE-core] [PATCH 2/2] image_types.bbclass: improve cpio image reproducibility

[Juro Bystricky]

This patch helps to build cpio images that are binary reproducible.
The changes are as follows:

1. By default, cpio from the host is used, which can be quite old.
   Hence we need to implement a way to use/call cpio-native, which supports
   new features needed for binary reproducibility, notably the arguments
   such as "--reproducible" and "--ignore-devno".
   This can be achieved by specifying the following (in local.conf):

   IMAGE_DEPENDS_cpio_append = " cpio-replacement-native"
   EXTRANATIVEPATH += "cpio-native"

2. Provide a way to pass custom arguments to cpio. This is done via
   a new variable IMAGE_CMD_CPIO. For binary reproducible cpio archives
   one needs to set (in local.conf)

   IMAGE_CMD_CPIO = "cpio --ignore-devno --reproducible "

3. A symlink is created as part of the image. Here we make sure it gets the
   timestamps (mtime) based on the timestamp of the symlink target, rather than
   the timestamp corresponding to the build time.

Signed-off-by: Juro Bystricky <juro.bystricky at intel.com>
---
 meta/classes/image_types.bbclass | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass
index 7749b00..dd6fb97 100644
--- a/meta/classes/image_types.bbclass
+++ b/meta/classes/image_types.bbclass
@@ -110,9 +110,17 @@ IMAGE_CMD_squashfs-lzo = "mksquashfs ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAM
 IMAGE_CMD_TAR ?= "tar"
 IMAGE_CMD_tar = "${IMAGE_CMD_TAR} -cvf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} ."
 
+# By default, cpio from the host is used, which can be quite old. If
+# you need special parameters (like --ignore-devno --reproducible) which are only
+# supported by GNU cpio upstream >= 2.12, then override that default:
+# IMAGE_CMD_CPIO = "cpio --ignore-devno"
+# IMAGE_DEPENDS_cpio_append = " cpio-replacement-native"
+# EXTRANATIVEPATH += "cpio-native"
+
+IMAGE_CMD_CPIO ?= "cpio"
 do_image_cpio[cleandirs] += "${WORKDIR}/cpio_append"
 IMAGE_CMD_cpio () {
-	(cd ${IMAGE_ROOTFS} && find . | cpio -o -H newc >${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio)
+	(cd ${IMAGE_ROOTFS} && find . | ${IMAGE_CMD_CPIO} -o -H newc -v >${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio)
 	# We only need the /init symlink if we're building the real
 	# image. The -dbg image doesn't need it! By being clever
 	# about this we also avoid 'touch' below failing, as it
@@ -122,10 +130,12 @@ IMAGE_CMD_cpio () {
 		if [ ! -L ${IMAGE_ROOTFS}/init ] && [ ! -e ${IMAGE_ROOTFS}/init ]; then
 			if [ -L ${IMAGE_ROOTFS}/sbin/init ] || [ -e ${IMAGE_ROOTFS}/sbin/init ]; then
 				ln -sf /sbin/init ${WORKDIR}/cpio_append/init
+				# improve reproducibility: set the link mtime to be the same as the target
+				touch -h -r ${IMAGE_ROOTFS}/sbin/init ${WORKDIR}/cpio_append/init
 			else
 				touch ${WORKDIR}/cpio_append/init
 			fi
-			(cd  ${WORKDIR}/cpio_append && echo ./init | cpio -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio)
+			(cd  ${WORKDIR}/cpio_append && echo ./init | ${IMAGE_CMD_CPIO} -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio)
 		fi
 	fi
 }
-- 
2.7.4