[OE-core] glibc binary reproducibility

Douglas Royds douglas.royds at taitradio.com
Wed Oct 3 02:43:11 UTC 2018 

On 03/10/18 15:37, Douglas Royds wrote:

> I added "realpath" to the HOSTTOOLS, and precomputed a relative path 
> to the csu/ dir in git/Makerules.
>
>     csu-objpfx-relative = $(shell realpath --relative-to=`pwd`
>     $(csu-objpfx))/
>
> Seems to do the trick. I'll send a patch(ish) separately. 


Richard, this patch (perhaps) applies on top of your poky-contrib 
branch. I've used `realpath` instead of your python oe-relpaths script, 
just because it was there. Requires coreutils 8.23 or later, I believe 
(Ubuntu 16.04 or later).


Subject: [PATCH] glibc: Fix non-IA reproducibility for shared libraries

Compute a relative path to build-arm-tait-linux-gnueabi/csu/
for each library subdirectory.

Signed-off-by: Douglas Royds <douglas.royds at taitradio.com>
---
  meta/conf/bitbake.conf                        |  2 +-
  ...34-reproducible-makehack-shared-libs.patch | 48 +++++++++++++++++++
  meta/recipes-core/glibc/glibc_2.28.bb         |  1 +
  3 files changed, 50 insertions(+), 1 deletion(-)
  create mode 100644 
meta/recipes-core/glibc/glibc/0034-reproducible-makehack-shared-libs.patch

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 1941633a54..aa759b19a3 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -482,7 +482,7 @@ HOSTTOOLS += " \
      fgrep file find flock g++ gawk gcc getconf getopt git grep gunzip 
gzip \
      head hostname id install ld ldd ln ls make makeinfo md5sum mkdir 
mknod \
      mktemp mv nm objcopy objdump od patch perl pod2man pr printf pwd 
python python2 \
-    python2.7 python3 ranlib readelf readlink rm rmdir rpcgen sed sh 
sha256sum \
+    python2.7 python3 ranlib readelf readlink realpath rm rmdir rpcgen 
sed sh sha256sum \
      sleep sort split stat strings strip tail tar tee test touch tr 
true uname \
      uniq wc wget which xargs \
  "
diff --git 
a/meta/recipes-core/glibc/glibc/0034-reproducible-makehack-shared-libs.patch 
b/meta/recipes-core/glibc/glibc/0034-reproducible-makehack-shared-libs.patch
new file mode 100644
index 0000000000..11902be523
--- /dev/null
+++ 
b/meta/recipes-core/glibc/glibc/0034-reproducible-makehack-shared-libs.patch
@@ -0,0 +1,48 @@
+diff --git a/Makerules b/Makerules
+index a10a0b4d70..cacddb8784 100644
+--- a/Makerules
++++ b/Makerules
+@@ -606,10 +606,11 @@ lib%.so: lib%_pic.a $(+preinit) $(+postinit) 
$(link-libc-deps)
+     $(build-shlib) $(link-libc-args)
+     $(call after-link,$@)
+
++csu-objpfx-relative = $(shell realpath --relative-to=`pwd` $(csu-objpfx))/
+ define build-shlib-helper
+ $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \
+       $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) $(rtld-LDFLAGS) \
+-      $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
++      $(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx-relative) \
+       $(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
+ -Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \
+       $(LDFLAGS.so) $(LDFLAGS-lib.so) $(LDFLAGS-$(@F:lib%.so=%).so) \
+@@ -662,13 +663,13 @@ endif
+
+ define build-shlib
+ $(build-shlib-helper) -o $@ $(shlib-lds-flags) \
+-      $(csu-objpfx)abi-note.o $(build-shlib-objlist)
++      $(csu-objpfx-relative)abi-note.o $(build-shlib-objlist)
+ endef
+
+ define build-module-helper
+ $(LINK.o) -shared -static-libgcc $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \
+       $(if $($(@F)-no-z-defs)$(no-z-defs),,-Wl,-z,defs) \
+-      -B$(csu-objpfx) $(load-map-file) \
++      -B$(csu-objpfx-relative) $(load-map-file) \
+       $(LDFLAGS.so) $(LDFLAGS-$(@F:%.so=%).so) \
+       -L$(subst :, -L,$(rpath-link)) -Wl,-rpath-link=$(rpath-link)
+ endef
+@@ -679,12 +680,12 @@ endef
+ # not for shared objects
+ define build-module
+ $(build-module-helper) -o $@ $(shlib-lds-flags) \
+-      $(csu-objpfx)abi-note.o $(build-module-objlist) $(link-libc-args)
++      $(csu-objpfx-relative)abi-note.o $(build-module-objlist) 
$(link-libc-args)
+ $(call after-link,$@)
+ endef
+ define build-module-asneeded
+ $(build-module-helper) -o $@ $(shlib-lds-flags) \
+-      $(csu-objpfx)abi-note.o \
++      $(csu-objpfx-relative)abi-note.o \
+       -Wl,--as-needed $(build-module-objlist) -Wl,--no-as-needed \
+       $(link-libc-args)
+ $(call after-link,$@)
diff --git a/meta/recipes-core/glibc/glibc_2.28.bb 
b/meta/recipes-core/glibc/glibc_2.28.bb
index 6ca89cbe2c..9d1d46bf28 100644
--- a/meta/recipes-core/glibc/glibc_2.28.bb
+++ b/meta/recipes-core/glibc/glibc_2.28.bb
@@ -46,6 +46,7 @@ SRC_URI = 
"${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0029-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \
file://0030-intl-Emit-no-lines-in-bison-generated-files.patch \
             file://0033-reproducible-makehack.patch \
+           file://0034-reproducible-makehack-shared-libs.patch \
  "

  NATIVESDKFIXES ?= ""
-- 
2.17.1


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20181003/1b8ecb61/attachment-0002.html>

More information about the Openembedded-core mailing list