Message ID | 20240304103716.1100116-1-Adithya.Balakumar@toshiba-tsip.com |
---|---|
Headers | show |
Series | Fix reproducibility of /etc/shadow file when image built on different days | expand |
On 04.03.24 11:37, Adithya Balakumar wrote: > The third field in the /etc/shadow file (sp_lstchg) contains the date of > the last password change expressed as the number of days since Jan 1, 1970. > As this is a relative time, creating a user today will result in: > > username:17238:0:99999:7::: > whilst creating the same user tomorrow will result in: > > username:17239:0:99999:7::: > > This impacts reproducibility of images when built on different days. > > Since /etc/shadow honours SOURCE_DATE_EPOCH, this patchset makes the > SOURCE_DATE_EPOCH variable available when the /etc/shadow file is > created/modified. > Yeah, this is what I learned the hard way these days as well while trying to make the kas container images bit-identical reproducible. Jan
On Mon, 2024-03-04 at 16:07 +0530, Adithya Balakumar wrote: > The third field in the /etc/shadow file (sp_lstchg) contains the date > of > the last password change expressed as the number of days since Jan 1, > 1970. > As this is a relative time, creating a user today will result in: > > username:17238:0:99999:7::: > whilst creating the same user tomorrow will result in: > > username:17239:0:99999:7::: > > This impacts reproducibility of images when built on different days. > > Since /etc/shadow honours SOURCE_DATE_EPOCH, this patchset makes the > SOURCE_DATE_EPOCH variable available when the /etc/shadow file is > created/modified. Good catch! Thanks for finding and fixing. Acked-by: Felix Moessbauer <felix.moessbauer@siemens.com> Felix > > Adithya Balakumar (2): > isar-bootstrap.inc: Export SOURCE_DATE_EPOCH variable > image-account-extension.bbclass: Export SOURCE_DATE_EPOCH variable > > meta/classes/image-account-extension.bbclass | 5 +++++ > meta/recipes-core/isar-bootstrap/isar-bootstrap.inc | 4 ++++ > 2 files changed, 9 insertions(+) > > -- > 2.39.2 > >