Set time and umask on multi-dtb fit images to ensure reproducibile builds.
authorVagrant Cascadian <vagrant@debian.org>
Sun, 3 Jun 2018 19:26:57 +0000 (12:26 -0700)
committerTom Rini <trini@konsulko.com>
Mon, 4 Jun 2018 15:25:30 +0000 (11:25 -0400)
When building compressed (lzop, gzip) multi-dtb fit images, the
compression tool may embed the time or umask in the image.

Work around this by manually setting the time of the source file using
SOURCE_DATE_EPOCH and a hard-coded 0600 umask.

With gzip, this could be accomplished by using -n/--no-name, but lzop
has no current workaround:

  https://bugs.debian.org/896520

Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
scripts/Makefile.spl

index 057389997de6948d59657eef1f834af52aeeacf7..ef018b5b4056f803cf2983166e6b6c6c6e856c18 100644 (file)
@@ -391,6 +391,10 @@ MKIMAGEFLAGS_$(SPL_BIN).multidtb.fit = -f auto -A $(ARCH) -T firmware -C none -O
 
 $(obj)/$(SPL_BIN).multidtb.fit: /dev/null $(SHRUNK_ARCH_DTB) FORCE
        $(call if_changed,mkimage)
+ifneq ($(SOURCE_DATE_EPOCH),)
+       touch -d @$(SOURCE_DATE_EPOCH) $(obj)/$(SPL_BIN).multidtb.fit
+       chmod 0600 $(obj)/$(SPL_BIN).multidtb.fit
+endif
 
 $(obj)/$(SPL_BIN).multidtb.fit.gz: $(obj)/$(SPL_BIN).multidtb.fit
        @gzip -kf9 $< > $@