Accepting request 1131237 from home:michael-chang:branches:Base:System

- Fix reproducible build for grub.xen (bsc#1217619) * 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch * 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch OBS-URL: https://build.opensuse.org/request/show/1131237 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=478
2023-12-06 04:22:57 +00:00 · 2023-12-06 04:22:57 +00:00 · 8f037866b6
commit 8f037866b6
parent 8c3cd1e56a
4 changed files with 160 additions and 0 deletions
--- a/0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
+++ b/0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
@ -0,0 +1,76 @@
+From 1fdc9daf97a1518960e5603dd43a5f353cb3ca89 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Thu, 30 Nov 2023 13:45:13 +0800
+Subject: [PATCH 1/2] mkstandalone: ensure stable timestamps for generated
+ images
+
+This change mirrors a previous fix [1] but is specific to images
+generated by grub-mkstandalone.
+
+The former fix (85a7be241) focused on utilizing a stable timestamp
+during binary generation in the util/mkimage context. This commit
+extends that approach to the images produced by grub-mkstandalone,
+ensuring consistency and stability in timestamps across all generated
+binaries.
+
+[1] 85a7be241 util/mkimage: Use stable timestamp when generating
+binaries.
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Signed-off-by: Bernhard Wiedemann <bwiedemann@suse.com>
+---
+ util/grub-mkstandalone.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
+index bdbeea6a6..8e1229925 100644
+--- a/util/grub-mkstandalone.c
+++ b/util/grub-mkstandalone.c
+@@ -30,6 +30,9 @@
+ #pragma GCC diagnostic error "-Wmissing-prototypes"
+ #pragma GCC diagnostic error "-Wmissing-declarations"
+ 
+/* use 2015-01-01T00:00:00+0000 as a stock timestamp */
+#define STABLE_EMBEDDING_TIMESTAMP 1420070400
+
+ static char *output_image;
+ static char **files;
+ static int nfiles;
+@@ -184,7 +187,6 @@ add_tar_file (const char *from,
+   struct head hd;
+   grub_util_fd_t in;
+   ssize_t r;
+-  grub_uint32_t mtime = 0;
+   grub_uint32_t size;
+ 
+   COMPILE_TIME_ASSERT (sizeof (hd) == 512);
+@@ -192,8 +194,6 @@ add_tar_file (const char *from,
+   if (grub_util_is_special_file (from))
+     return;
+ 
+-  mtime = grub_util_get_mtime (from);
+-
+   optr = tcn = xmalloc (strlen (to) + 1);
+   for (iptr = to; *iptr == '/'; iptr++);
+   for (; *iptr; iptr++)
+@@ -234,7 +234,7 @@ add_tar_file (const char *from,
+       memcpy (hd.gid, "0001750", 7);
+ 
+       set_tar_value (hd.size, optr - tcn, 12);
+-      set_tar_value (hd.mtime, mtime, 12);
+      set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12);
+       hd.typeflag = 'L';
+       memcpy (hd.magic, MAGIC, sizeof (hd.magic));
+       memcpy (hd.uname, "grub", 4);
+@@ -264,7 +264,7 @@ add_tar_file (const char *from,
+   memcpy (hd.gid, "0001750", 7);
+ 
+   set_tar_value (hd.size, size, 12);
+-  set_tar_value (hd.mtime, mtime, 12);
+  set_tar_value (hd.mtime, STABLE_EMBEDDING_TIMESTAMP, 12);
+   hd.typeflag = '0';
+   memcpy (hd.magic, MAGIC, sizeof (hd.magic));
+   memcpy (hd.uname, "grub", 4);
+-- 
+2.43.0
+
--- a/0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
+++ b/0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
@ -0,0 +1,75 @@
+From bb9bbe0f66a8462a1b2477fbc2aa1d70973035d4 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Thu, 30 Nov 2023 16:30:45 +0800
+Subject: [PATCH 2/2] mkstandalone: ensure deterministic tar file creation by
+ sorting contents
+
+The add_tar_files() function currently iterates through a directory's
+content using readdir(), which doesn't guarantee a specific order. This
+lack of deterministic behavior impacts reproducibility in the build
+process.
+
+This commit resolves the issue by introducing sorting functionality. The
+list retrieved by readdir() is now sorted alphabetically before
+incorporation into the tar archive, ensuring consistent and predictable
+file ordering within the archive.
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Signed-off-by: Bernhard Wiedemann <bwiedemann@suse.com>
+---
+ util/grub-mkstandalone.c | 26 +++++++++++++++++++++++---
+ 1 file changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c
+index 8e1229925..e4b5bcab4 100644
+--- a/util/grub-mkstandalone.c
+++ b/util/grub-mkstandalone.c
+@@ -205,22 +205,42 @@ add_tar_file (const char *from,
+     {
+       grub_util_fd_dir_t d;
+       grub_util_fd_dirent_t de;
+      char **from_files;
+      grub_size_t alloc = 8, used = 0;
+      grub_size_t i;
+ 
+       d = grub_util_fd_opendir (from);
+ 
+      from_files = xmalloc (alloc * sizeof (*from_files));
+       while ((de = grub_util_fd_readdir (d)))
+ 	{
+-	  char *fp, *tfp;
+ 	  if (strcmp (de->d_name, ".") == 0)
+ 	    continue;
+ 	  if (strcmp (de->d_name, "..") == 0)
+ 	    continue;
+-	  fp = grub_util_path_concat (2, from, de->d_name);
+-	  tfp = xasprintf ("%s/%s", to, de->d_name);
+	  if (alloc <= used)
+	    {
+	      alloc <<= 1;
+	      from_files = xrealloc (from_files, alloc * sizeof (*from_files));
+	    }
+	  from_files[used++] = xstrdup(de->d_name);
+	}
+      qsort (from_files, used, sizeof (*from_files), grub_qsort_strcmp);
+
+      for (i = 0; i < used; i++)
+	{
+	  char *fp, *tfp;
+
+	  fp = grub_util_path_concat (2, from, from_files[i]);
+	  tfp = xasprintf ("%s/%s", to, from_files[i]);
+ 	  add_tar_file (fp, tfp);
+	  free (tfp);
+ 	  free (fp);
+	  free (from_files[i]);
+ 	}
+
+       grub_util_fd_closedir (d);
+      free (from_files);
+       free (tcn);
+       return;
+     }
+-- 
+2.43.0
+
--- a/grub2.changes
+++ b/grub2.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Nov 30 09:41:10 UTC 2023 - Michael Chang <mchang@suse.com>
+
+- Fix reproducible build for grub.xen (bsc#1217619)
+  * 0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
+  * 0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch
+
 -------------------------------------------------------------------
 Wed Nov 22 09:25:23 UTC 2023 - Michael Chang <mchang@suse.com>

--- a/grub2.spec
+++ b/grub2.spec
@ -397,6 +397,8 @@ Patch204:       0001-Improve-TPM-key-protection-on-boot-interruptions.patch
 Patch205:       0002-Restrict-file-access-on-cryptodisk-print.patch
 Patch206:       0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
 Patch207:       0004-Key-revocation-on-out-of-bound-file-access.patch
+Patch208:       0001-mkstandalone-ensure-stable-timestamps-for-generated-.patch
+Patch209:       0002-mkstandalone-ensure-deterministic-tar-file-creation-.patch

 Requires:       gettext-runtime
 %if 0%{?suse_version} >= 1140