[OE-core] [PATCH] systemd: ensure reproducible builds by clearly exposing the time epoch support
Mikko.Rapeli at bmw.de
Mikko.Rapeli at bmw.de
Fri Sep 6 08:02:44 UTC 2019
On Fri, Sep 06, 2019 at 12:07:06AM +0100, Ross Burton wrote:
> systemd has the ability to check the time on boot and if it's earlier than an
> epoch determined at build time, set the time to that epoch. This is useful for
> systems where the system time is January 1st 1970 (because the unix timestamp
> was 0 at boot) as then at least the time is reset to something approximating the
> right year at least.
>
> By default systemd uses the mtime of the NEWS file, which is static for tarballs
> and corresponds to the time the release was made, but for git checkouts this is
> simply the time do_unpack() was executed. Thus, rebuilding systemd will cause
> this embedded timestamp to change.
>
> Remove the PACKAGECONFIG time-epoch which has the logic reversed: enabling
> time-epoch will set the epoch to the unix timestamp 0). Replace with
> set-time-epoch with the following semantics:
>
> - When disabled, the time epoch is set to 0 (1st January 1970), so there is no
> time manipulation on boot.
>
> - When enabled, if reproducible builds are configured by setting
> SOURCE_DATE_EPOCH then that timestamp is used for the time epoch. If
> reproducible builds are not configured then the timestamp of NEWS (thus the
> build time) is used.
>
> The set-time-epoch flag is enabled by default.
>
> [ YOCTO #13473 ]
>
> Signed-off-by: Ross Burton <ross.burton at intel.com>
> ---
> meta/recipes-core/systemd/systemd_242.bb | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/meta/recipes-core/systemd/systemd_242.bb b/meta/recipes-core/systemd/systemd_242.bb
> index 6bbe388b1f9..2c101cbbb4a 100644
> --- a/meta/recipes-core/systemd/systemd_242.bb
> +++ b/meta/recipes-core/systemd/systemd_242.bb
> @@ -83,6 +83,7 @@ PACKAGECONFIG ??= " \
> quotacheck \
> randomseed \
> resolved \
> + set-time-epoch \
Could this be enabled automatically when local.conf has INHERIT += "reproducible_build" ?
-Mikko
> smack \
> sysusers \
> timedated \
> @@ -166,7 +167,12 @@ PACKAGECONFIG[seccomp] = "-Dseccomp=true,-Dseccomp=false,libseccomp"
> PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux,initscripts-sushell"
> PACKAGECONFIG[smack] = "-Dsmack=true,-Dsmack=false"
> PACKAGECONFIG[sysusers] = "-Dsysusers=true,-Dsysusers=false"
> -PACKAGECONFIG[time-epoch] = "-Dtime-epoch=0,,"
> +# When enabled use reproducble build timestamp if set as time epoch,
> +# or build time if not. When disabled, time epoch is unset.
> +def build_epoch(d):
> + epoch = d.getVar('SOURCE_DATE_EPOCH') or "-1"
> + return '-Dtime-epoch=%d' % int(epoch)
> +PACKAGECONFIG[set-time-epoch] = "${@build_epoch(d)},-Dtime-epoch=0"
> PACKAGECONFIG[timedated] = "-Dtimedated=true,-Dtimedated=false"
> PACKAGECONFIG[timesyncd] = "-Dtimesyncd=true,-Dtimesyncd=false"
> PACKAGECONFIG[usrmerge] = "-Dsplit-usr=false,-Dsplit-usr=true"
> --
> 2.20.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list