@@ -257,4 +257,4 @@ USER_isar[flags] += "clear-text-password"
# Non git repository users can use value from 'stat -c%Y ChangeLog'
# To know more details about this variable and how to set the value refer below
# https://reproducible-builds.org/docs/source-date-epoch/
-#SOURCE_DATE_EPOCH =
+#SOURCE_DATE_EPOCH = ""
@@ -256,11 +256,11 @@ image_postprocess_accounts() {
# chpasswd adds a random salt when running against a clear-text password.
# For reproducible images, we manually generate the password and use the
# SOURCE_DATE_EPOCH to generate the salt in a deterministic way.
- if [ -z "${SOURCE_DATE_EPOCH}"]; then
+ if [ -z "${SOURCE_DATE_EPOCH}" ]; then
chpasswd_args=""
else
- salt="$(echo "${SOURCE_DATE_EPOCH}" | sha256sum -z | cut -c 1-15)"
- password="$(openssl passwd -6 -salt $salt "$password")"
+ salt="$(echo ${SOURCE_DATE_EPOCH} | sha256sum -z | cut -c 1-15)"
+ password="$(openssl passwd -6 -salt $salt $password)"
fi
fi
printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \
@@ -310,8 +310,8 @@ python() {
# invalidate the SSTATE entries for most packages, even if they don't use the
# global SOURCE_DATE_EPOCH variable.
rootfs_install_pkgs_install_prepend() {
- if [ ! -z "${SOURCE_DATE_EPOCH}" ]; then
- export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
+ if [ -n "${SOURCE_DATE_EPOCH}" ]; then
+ export SOURCE_DATE_EPOCH
fi
}
@@ -443,13 +443,16 @@ EOSUDO
# Set same time-stamps to the newly generated file/folders in the
# rootfs image for the purpose of reproducible builds.
- test ! -z "${SOURCE_DATE_EPOCH}" && \
- sudo find ${ROOTFSDIR} -newermt \
- "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \
- -printf "%y %p\n" \
- -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' > ${DEPLOY_DIR_IMAGE}/files.modified_timestamps && \
- bbwarn "$(grep ^f ${DEPLOY_DIR_IMAGE}/files.modified_timestamps) \nModified above file timestamps to build image reproducibly"
-
+ if [ -n "${SOURCE_DATE_EPOCH}" ]; then
+ fn="${DEPLOY_DIR_IMAGE}/files.modified_timestamps"
+ if sudo find ${ROOTFSDIR} -newermt "$(date -d@${SOURCE_DATE_EPOCH} '+%Y-%m-%d %H:%M:%S')" \
+ -printf "%y %p\n" -exec touch '{}' -h -d@${SOURCE_DATE_EPOCH} ';' >"$fn"; then
+ if [ -e "$fn" ]; then
+ bbwarn "modified timestamp (${SOURCE_DATE_EPOCH}) of $(egrep ^f "$fn" | wc -l) files for image reproducibly\n " \
+ "List of files modified could be found here: .${DEPLOY_DIR_IMAGE}/files.modified_timestamps"
+ fi
+ fi
+ fi
}
addtask rootfs_finalize before do_rootfs after do_rootfs_postprocess
@@ -33,8 +33,8 @@ do_generate_initramfs() {
rootfs_do_qemu
# generate reproducible initrd if requested
- if [ ! -z "${SOURCE_DATE_EPOCH}" ]; then
- export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH}"
+ if [ -n "${SOURCE_DATE_EPOCH}" ]; then
+ export SOURCE_DATE_EPOCH
fi
sudo -E chroot "${INITRAMFS_ROOTFS}" \
new file mode 100755
@@ -0,0 +1,52 @@
+#!/bin/bash
+#
+# Copyright (c) Roberto A. Foglietta, 2023
+#
+# Authors:
+# Roberto A. Foglietta <roberto.foglietta@gmail.com>
+#
+# SPDX-License-Identifier: MIT
+#
+#set -ex
+
+if [ "$(whoami)" != "root" ]; then
+ echo
+ echo "WARNING: this script should run as root, sudo!"
+ sudo -E $0 "$@"
+ exit $?
+fi
+
+if [ -e "$1" ]; then
+ fimg=$(readlink -e $1)
+fi
+
+cd $(dirname $0)
+
+if [ ! -n "$1" -a ! -e "$fimg" ]; then
+ fimg=$(ls -1 build/tmp/deploy/images/*/*.wic)
+ n=( $fimg )
+ if [ ${#n[@]} -gt 1 ]; then
+ echo
+ echo "WARNING: more than one image found, choose one:"
+ echo
+ echo "$fimg"
+ echo
+ exit 1
+ fi
+fi
+
+if [ ! -e "$fimg" ]; then
+ echo
+ echo "ERROR: no any image or block device ${1:+'$1' }found, abort!"
+ echo
+ exit 1
+fi
+
+wicf=$fimg
+losetup -Pf $wicf
+ldev=$(losetup -j $wicf | cut -d: -f1 | tail -n1)
+echo loopdev:$ldev
+dd if=${ldev}p2 bs=1M of=${wicf/.wic/.rootfs} status=progress
+chown $(id -u).$(id -g) ${wicf/.wic/.rootfs}
+du -ms ${wicf/.wic/.rootfs}
+losetup -d $ldev