From 878e2a50b50199cb06ee28df53151e396a29d838 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Thu, 2 May 2019 11:14:12 -0700
Subject: [PATCH] Set time and umask on fit-dtb.blob to ensure reproducibile
 builds.

Support for compressed fit-dtb.blob was added in:

  commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in
  U-Boot")

When building compressed (lzop, gzip) fit-dtb.blob images, the
compression tool may embed the time or umask in the image.

Work around this by manually setting the time of the source file using
SOURCE_DATE_EPOCH and a hard-coded 0600 umask.

With gzip, this could be accomplished by using -n/--no-name, but lzop
has no current workaround:

  https://bugs.debian.org/896520

This is essentially the same fix applied to multi-dtb fit SPL images in:

  commit 8664ab7debab ("Set time and umask on multi-dtb fit images to
  ensure reproducibile builds.")

Signed-off-by: Vagrant Cascadian <vagrant@reproducible-builds.org>
---
 Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Makefile b/Makefile
index d1224764ab..afe3bbeaca 100644
--- a/Makefile
+++ b/Makefile
@@ -1058,6 +1058,10 @@ fit-dtb.blob.lzo: fit-dtb.blob
 
 fit-dtb.blob: dts/dt.dtb FORCE
 	$(call if_changed,mkimage)
+ifneq ($(SOURCE_DATE_EPOCH),)
+	touch -d @$(SOURCE_DATE_EPOCH) fit-dtb.blob
+	chmod 0600 fit-dtb.blob
+endif
 
 MKIMAGEFLAGS_fit-dtb.blob = -f auto -A $(ARCH) -T firmware -C none -O u-boot \
 	-a 0 -e 0 -E \
-- 
2.25.1