@@ -44,4 +44,4 @@ SYSTEMD_BOOTLOADER_INSTALL:focal = "systemd:${DISTRO_ARCH}"
SYSTEMD_BOOTLOADER_INSTALL:jammy = "systemd:${DISTRO_ARCH}"
# snapshot mirror for reproducible builds
-DISTRO_APT_SNAPSHOT_PREMIRROR ??= "(http|https)://archive.ubuntu.com/(.*) https://snapshot.ubuntu.com/\2/${ISAR_APT_SNAPSHOT_DATE}\n"
+DISTRO_APT_SNAPSHOT_PREMIRROR ??= "(http|https)://archive.ubuntu.com/(.*) https://snapshot.ubuntu.com/\2/${ISAR_APT_SNAPSHOT_DATE_INTERNAL}\n"
@@ -27,8 +27,9 @@ DISTRO_VARS_PREFIX ?= "${@'HOST_' if bb.utils.to_boolean(d.getVar('BOOTSTRAP_FOR
BOOTSTRAP_DISTRO = "${@d.getVar('HOST_DISTRO' if bb.utils.to_boolean(d.getVar('BOOTSTRAP_FOR_HOST')) else 'DISTRO')}"
BOOTSTRAP_BASE_DISTRO = "${@d.getVar('HOST_BASE_DISTRO' if bb.utils.to_boolean(d.getVar('BOOTSTRAP_FOR_HOST')) else 'BASE_DISTRO')}"
BOOTSTRAP_DISTRO_ARCH = "${@d.getVar('HOST_ARCH' if bb.utils.to_boolean(d.getVar('BOOTSTRAP_FOR_HOST')) else 'DISTRO_ARCH')}"
-ISAR_APT_SNAPSHOT_DATE ?= "${@ get_isar_apt_snapshot_date(d)}"
-ISAR_APT_SNAPSHOT_DATE[security] ?= "${@ get_isar_apt_snapshot_date(d, 'security')}"
+# use internal variables to track where the value comes from
+ISAR_APT_SNAPSHOT_DATE_INTERNAL ?= "${@ get_isar_apt_snapshot_date(d)}"
+ISAR_APT_SNAPSHOT_DATE_INTERNAL[security] ?= "${@ get_isar_apt_snapshot_date(d, 'security')}"
python () {
distro_bootstrap_keys = (d.getVar("DISTRO_BOOTSTRAP_KEYS") or "").split()
@@ -104,6 +105,12 @@ def parse_aptsources_list_line(source_list_line):
def get_isar_apt_snapshot_date(d, dist=None):
import time
+ snapshot_date = d.getVar('ISAR_APT_SNAPSHOT_DATE')
+ if dist:
+ snapshot_date = d.getVarFlag('ISAR_APT_SNAPSHOT_DATE', dist) or snapshot_date
+ if snapshot_date:
+ return snapshot_date
+ # no ISAR_APT_SNAPSHOT_DATE set, compute from timestamp
source_date_epoch = d.getVar('ISAR_APT_SNAPSHOT_TIMESTAMP')
if dist:
source_date_epoch = d.getVarFlag('ISAR_APT_SNAPSHOT_TIMESTAMP', dist) or source_date_epoch
@@ -45,6 +45,6 @@ DISTRO_BOOTSTRAP_BASE_PACKAGES:append:bullseye = " usrmerge"
# snapshot mirror for reproducible builds
DISTRO_APT_SNAPSHOT_PREMIRROR ??= " \
- deb.debian.org/(debian-security)/? snapshot.debian.org/archive/\1/${@d.getVarFlag('ISAR_APT_SNAPSHOT_DATE', 'security', expand=False)}\n \
- deb.debian.org/(.*)/? snapshot.debian.org/archive/\1/${ISAR_APT_SNAPSHOT_DATE}\n \
+ deb.debian.org/(debian-security)/? snapshot.debian.org/archive/\1/${@d.getVarFlag('ISAR_APT_SNAPSHOT_DATE_INTERNAL', 'security', expand=False)}\n \
+ deb.debian.org/(.*)/? snapshot.debian.org/archive/\1/${ISAR_APT_SNAPSHOT_DATE_INTERNAL}\n \
"
The final snapshot timestamp can be specified either by setting ISAR_APT_SNAPSHOT_TIMESTAMP or by setting the otherwise derived variable ISAR_APT_SNAPSHOT_DATE. However, the corresponding distribution specific flag (e.g. [security]) always reads the value from the TIMESTAMP component, hence if only ISAR_APT_SNAPSHOT_DATE is set, the date for the security distribution is still computed from the ISAR_APT_SNAPSHOT_TIMESTAMP which itself is derived from the source date epoch. By that, the timestamp of the security component was wrong if only ISAR_APT_SNAPSHOT_DATE is set but not ISAR_APT_SNAPSHOT_DATE[security]. We fix it by tracking where the value comes from and set the flagged version according to the parent value if not set. Fixes: 394e9540 ("snapshots: add option to use separate timestamp ...") Reported-by: Clara Kowalsky <clara.kowalsky@siemens.com> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> --- meta-isar/conf/distro/ubuntu-common.inc | 2 +- meta/classes/bootstrap.bbclass | 11 +++++++++-- meta/conf/distro/debian-common.conf | 4 ++-- 3 files changed, 12 insertions(+), 5 deletions(-)