From 55e9485735ae8393b410f30973c785236dc402d2 Mon Sep 17 00:00:00 2001 From: Juro Bystricky Date: Wed, 9 Aug 2017 10:48:32 -0700 Subject: kernel.bbclass: improve reproducibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several tweaks to improve reproducibility: 1. If BUILD_REPRODUCIBLE_BINARIES == 1, set KBUILD_BUILD_TIMESTAMP to a reproducible value. This is either a non-zero SOURCE_DATE_EPOCH, or the value obtained from top entry of GIT repo, or (if there is no GIT repo) fallback to REPRODUCIBLE_TIMESTAMP_ROOTFS as the last resort. Also export KCONFIG_NOTIMESTAMP=1. 2. When compressing vmlinux.gz, use gzip "-n" option 3. Kernel and kernel modules contain hard coded paths referencing the host build system. This is usually because the source code contains __FILE__ at some place. This prevents binary reproducibility. However, some compilers allow remapping of the __FILE__ value. If we detect the compiler is capable of doing this, we replace the source path $(S) part of __FILE__ by a string "/kernel-source". For example: ​/data/master/build/tmp/work-shared/qemux86/kernel-source/drivers/media/v4l2-core/videobuf2-core.​c will be replaced by a reproducible value: /kernel-source/drivers/media/v4l2-core/videobuf2-core.c. (From OE-Core rev: 012a70da7ae0617740cd0cf807d01c3cd912c823) Signed-off-by: Juro Bystricky Signed-off-by: Richard Purdie --- meta/classes/kernel.bbclass | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass index ce2cab65ae..2a765547ac 100644 --- a/meta/classes/kernel.bbclass +++ b/meta/classes/kernel.bbclass @@ -255,8 +255,39 @@ python do_devshell_prepend () { addtask bundle_initramfs after do_install before do_deploy +get_cc_option () { + # Check if KERNEL_CC supports the option "file-prefix-map". + # This option allows us to build images with __FILE__ values that do not + # contain the host build path. + cc_option_supported=`${KERNEL_CC} -Q --help=joined | grep ffile-prefix-map` + cc_extra="" + if [ $cc_option_supported = "-ffile-prefix-map=" ]; then + cc_extra=-ffile-prefix-map=${S}=/kernel-source/ + fi + echo $cc_extra +} + kernel_do_compile() { unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS MACHINE + if [ "$BUILD_REPRODUCIBLE_BINARIES" = "1" ]; then + # kernel sources do not use do_unpack, so SOURCE_DATE_EPOCH may not + # be set.... + if [ "$SOURCE_DATE_EPOCH" = "0" ]; then + olddir=`pwd` + cd ${S} + SOURCE_DATE_EPOCH=`git log -1 --pretty=%ct` + # git repo not guaranteed, so fall back to REPRODUCIBLE_TIMESTAMP_ROOTFS + if [ $? -ne 0 ]; then + SOURCE_DATE_EPOCH=${REPRODUCIBLE_TIMESTAMP_ROOTFS} + fi + cd $olddir + fi + + ts=`LC_ALL=C date -d @$SOURCE_DATE_EPOCH` + export KBUILD_BUILD_TIMESTAMP="$ts" + export KCONFIG_NOTIMESTAMP=1 + bbnote "KBUILD_BUILD_TIMESTAMP: $ts" + fi # The $use_alternate_initrd is only set from # do_bundle_initramfs() This variable is specifically for the # case where we are making a second pass at the kernel @@ -270,20 +301,22 @@ kernel_do_compile() { copy_initramfs use_alternate_initrd=CONFIG_INITRAMFS_SOURCE=${B}/usr/${INITRAMFS_IMAGE_NAME}.cpio fi + cc_extra=$(get_cc_option) for typeformake in ${KERNEL_IMAGETYPE_FOR_MAKE} ; do - oe_runmake ${typeformake} CC="${KERNEL_CC}" LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} $use_alternate_initrd + oe_runmake ${typeformake} CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} $use_alternate_initrd done # vmlinux.gz is not built by kernel if (echo "${KERNEL_IMAGETYPES}" | grep -wq "vmlinux\.gz"); then mkdir -p "${KERNEL_OUTPUT_DIR}" - gzip -9c < ${B}/vmlinux > "${KERNEL_OUTPUT_DIR}/vmlinux.gz" + gzip -9cn < ${B}/vmlinux > "${KERNEL_OUTPUT_DIR}/vmlinux.gz" fi } do_compile_kernelmodules() { unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS MACHINE if (grep -q -i -e '^CONFIG_MODULES=y$' ${B}/.config); then - oe_runmake -C ${B} ${PARALLEL_MAKE} modules CC="${KERNEL_CC}" LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} + cc_extra=$(get_cc_option) + oe_runmake -C ${B} ${PARALLEL_MAKE} modules CC="${KERNEL_CC} $cc_extra " LD="${KERNEL_LD}" ${KERNEL_EXTRA_ARGS} # Module.symvers gets updated during the # building of the kernel modules. We need to -- cgit v1.2.3-54-g00ecf