From bb9bbe0f66a8462a1b2477fbc2aa1d70973035d4 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 30 Nov 2023 16:30:45 +0800 Subject: [PATCH 2/2] mkstandalone: ensure deterministic tar file creation by sorting contents The add_tar_files() function currently iterates through a directory's content using readdir(), which doesn't guarantee a specific order. This lack of deterministic behavior impacts reproducibility in the build process. This commit resolves the issue by introducing sorting functionality. The list retrieved by readdir() is now sorted alphabetically before incorporation into the tar archive, ensuring consistent and predictable file ordering within the archive. Signed-off-by: Michael Chang Signed-off-by: Bernhard Wiedemann --- util/grub-mkstandalone.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c index 8e1229925..e4b5bcab4 100644 --- a/util/grub-mkstandalone.c +++ b/util/grub-mkstandalone.c @@ -205,22 +205,42 @@ add_tar_file (const char *from, { grub_util_fd_dir_t d; grub_util_fd_dirent_t de; + char **from_files; + grub_size_t alloc = 8, used = 0; + grub_size_t i; d = grub_util_fd_opendir (from); + from_files = xmalloc (alloc * sizeof (*from_files)); while ((de = grub_util_fd_readdir (d))) { - char *fp, *tfp; if (strcmp (de->d_name, ".") == 0) continue; if (strcmp (de->d_name, "..") == 0) continue; - fp = grub_util_path_concat (2, from, de->d_name); - tfp = xasprintf ("%s/%s", to, de->d_name); + if (alloc <= used) + { + alloc <<= 1; + from_files = xrealloc (from_files, alloc * sizeof (*from_files)); + } + from_files[used++] = xstrdup(de->d_name); + } + qsort (from_files, used, sizeof (*from_files), grub_qsort_strcmp); + + for (i = 0; i < used; i++) + { + char *fp, *tfp; + + fp = grub_util_path_concat (2, from, from_files[i]); + tfp = xasprintf ("%s/%s", to, from_files[i]); add_tar_file (fp, tfp); + free (tfp); free (fp); + free (from_files[i]); } + grub_util_fd_closedir (d); + free (from_files); free (tcn); return; } -- 2.43.0