NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70,352 Commits 5 Branches 387 Tags 143 MiB
Makefile 63.3%
Python 16.3%
C 9.1%
Shell 5.9%
PHP 2.7%
Other 2.3%
5e90868588
Go to file
Yann E. MORIN 5e90868588 Revert "support/download: generate even more reproducible tarballs" 
Commit 768f9f80f6 (support/download: generate even more reproducible
tarballs) causes non-reproducibility in tarballs we previousy
generated, especially the archives for two cargo-vendored packages,
ripgrep and sentry-cli.

The cause is that those two pakcages eventually vendor a file that has
the u+x bit set, but is otehrwise go-x. With 768f9f80f6, the files are
now go+x, so the hash for those generated archives has changed.

Besides, that commit was wrong: it did not account for the 'r' bit for
go part, leaving some non-reproducibility still unaccounted for.

So, to generate really reproducible archives, we would need to fix that
read bit as well, and that has the potential to affect all the archives
we generated so far. If we wanted to do so, we'd need a way to version
all generated archives, like we do for git and svn, but now for all the
different CVSes, as well as for all the vendoring post-processes.

For 768f9f80f6, all that was of conern was the working copies of CVSes
(i.e. git, svn, cvs...) that we cache in the Buildroot download dir, not
the temporary files during post-processing. Indeed, in that latter case,
the user has virtually no way to mangle with the mode of the
intermediate extract before repack.

And we do have a big fat warning that users should not attempt to meddle
with the git tree that Buildroot caches.

As 768f9f80f6 however demonstrates, is that it took quite a long time
between the introduction of the git caching, and the time someone
eventually discovered they could meddle in there. This shows that the
issue it not actually critical in most setups.

Also, the tar manual [0] hints at a better solution to handle
reproducibility, which even avoids touching the files on disk which is
even nicer:

    ‘--mode='go+u,go-w'’
        Omit irrelevant information about file permissions.

If we were to actually handle the mode bit for reproducibility, we'd
need to:
  - introduce archive versioning for all download backends and
    prost-processing
  - use the tar officially suggested method

So, revert that change, as it was incomplete, was not really fixing much
issues, and causes actual issues.

This reverts commit 768f9f80f6.

[0] https://www.gnu.org/software/tar/manual/tar.html#Reproducibility

Thanks to Vincent and Arnout for pointing at the tar manual.

Reported-by: Antoine Coutant <antoine.coutant@smile.fr>
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Vincent Fazio <vfazio@xes-inc.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Tested-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Antoine Coutant <antoine.coutant@smile.fr>
(cherry picked from commit 9fbd3d8574)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-01-13 21:25:14 +01:00
arch arch/powerpc: drop ABI selection 2023-08-20 23:22:27 +02:00
board configs/rock5b: add hash for custom kernel 2024-01-08 12:03:55 +01:00
boot boot/shim: security bump to version 15.6 2024-01-13 14:23:41 +01:00
configs configs/rock5b: add hash for custom kernel 2024-01-08 12:03:55 +01:00
docs doc/manual: rsync is not optional 2024-01-05 11:42:13 +01:00
fs fs/cpio: allow users to provide their own dracut modules 2023-02-06 22:46:35 +01:00
linux {linux, linux-headers}: bump 5.{10, 15}.x / 6.{1, 6}.x series 2024-01-12 19:08:48 +01:00
package package/udev: move back sgx group from systemd 2024-01-13 21:20:38 +01:00
support Revert "support/download: generate even more reproducible tarballs" 2024-01-13 21:25:14 +01:00
system package/openrc: fix uclibc handling 2023-11-29 10:00:43 +01:00
toolchain {toolchain, linux-headers}: add support for 6.6 headers 2023-11-01 19:22:47 +01:00
utils utils/add-custom-hashes: add script to manage global patch dir hashes 2023-11-12 11:59:27 +01:00
.checkpackageignore package/dahdi-linux: bump to version 3.3.0 2024-01-12 18:32:31 +01:00
.clang-format
.defconfig
.editorconfig editorconfig: fix wildcard expansion 2024-01-07 12:21:04 +01:00
.flake8
.gitignore
.gitlab-ci.yml support/misc/gitlab-ci.yml.in: retry a job only if it failed due to a runner issue 2023-08-27 10:09:37 +02:00
.shellcheckrc utils/check-package: improve shellcheck reproducibility 2022-07-25 23:52:47 +02:00
CHANGES Update for 2023.11 2023-12-04 09:08:32 +01:00
Config.in Config.in: rework BR2_DOWNLOAD_FORCE_CHECK_HASHES 2024-01-10 20:29:45 +01:00
Config.in.legacy package/libcamera: pipeline option 'raspberrypi' changed to 'rpi/vc4' 2024-01-10 16:38:43 +01:00
COPYING
DEVELOPERS DEVELOPERS: Remove adam.duskett@amarulasolutions non-flutter related packages 2024-01-12 18:11:18 +01:00
Makefile Update for 2023.11 2023-12-04 09:08:32 +01:00
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on OFTC IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches