From patchwork Sat Sep 7 11:22:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Edgecumbe X-Patchwork-Id: 1217 Return-Path: Delivered-To: patchwork@archlinux.org Received: from apollo.archlinux.org (localhost [127.0.0.1]) by apollo.archlinux.org (Postfix) with ESMTP id 7BC92130FFF7D for ; Sat, 7 Sep 2019 11:23:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on apollo X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=DKIM_INVALID=1, DKIM_SIGNED=0.1,MAILING_LIST_MULTI=-1,RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001 autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-BL-Results: [127.0.9.2] Received: from orion.archlinux.org (orion.archlinux.org [IPv6:2a01:4f8:160:6087::1]) by apollo.archlinux.org (Postfix) with ESMTPS for ; Sat, 7 Sep 2019 11:23:03 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id BD90515323E0FC; Sat, 7 Sep 2019 11:23:01 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [5.9.250.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by orion.archlinux.org (Postfix) with ESMTPS; Sat, 7 Sep 2019 11:23:01 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 4A4EA2C444; Sat, 7 Sep 2019 11:22:54 +0000 (UTC) Authentication-Results: luna.archlinux.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=esotericnonsense.com header.i=@esotericnonsense.com header.b=gI5FG3+v; dkim=fail reason="signature verification failed" (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=BhPSFdie Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 1817E2BDD4 for ; Sat, 7 Sep 2019 11:22:51 +0000 (UTC) Received: from orion.archlinux.org (orion.archlinux.org [88.198.91.70]) by luna.archlinux.org (Postfix) with ESMTPS for ; Sat, 7 Sep 2019 11:22:51 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id A858C15323E0D9 for ; Sat, 7 Sep 2019 11:22:49 +0000 (UTC) Received: from new2-smtp.messagingengine.com (new2-smtp.messagingengine.com [66.111.4.224]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by orion.archlinux.org (Postfix) with ESMTPS for ; Sat, 7 Sep 2019 11:22:49 +0000 (UTC) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailnew.nyi.internal (Postfix) with ESMTP id 7FBB620BA; Sat, 7 Sep 2019 07:22:48 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Sat, 07 Sep 2019 07:22:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= esotericnonsense.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=f0LAoB7GCwgMIwx2SdIZvRFdr2e+Wt0FjQplLqnDSR8=; b=gI5FG 3+vc2UNb7+cf3BmonCJqu0DMLTNIdI15BKNeFhXTqmF1GSriXEoO7yRZiNEdl9b5 kv9WhZ3UYEZoNJqWAeY6zgZLmCRfk46t6lrxtpSUBYi3FbrwVPK5jyTlIhzbNQtt 3ZUIdDhTHkUwIgB+HL+BeMB21V9aBEv14WG6QiMzgY1ggiFNUQCBvvGlhJwBYr2j brcES8qQVKNPWbnqIH5ahRfQtZQ8JfzEbzGSqE1ITDJE8OcbGCaff55+JpJ++o2l 8ETI9E0nEtJhODl293z05zWkCasIX3xKbreW/COhHGjycxyJCB6f6tTD9wR/GAva BWg4vxR73R2J1ZJ0A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=f0LAoB7GCwgMIwx2SdIZvRFdr2e+Wt0FjQplLqnDSR8=; b=BhPSFdie cnEFTDt0Ne7dosg61MdTERnuAjf2/1aGB8eaXehtZe3AOMoSaKWNJcslbbs1awrg Pa3r9+tjin5lylIujStU05klRHwipFJfdmqt2rm74zOgQfuMQnfbjSWpumiNKERi zhGicSLOw3WSPepVxqbS+ZCnJMd12jdNmxbiMiqoWSyYnLCEK0uGaLfZg2JGGdMS O1Ja1rD94C/3jogNCshpjyQyxtb4Rvwps5zGxJRmUfSR0tfQ6ECudLHZe3iFE23Q xsZNhTvIZhQG7hSGNkrKlDLt/sLof70Zy6p+xGVAP9if8Z900yHGq0mcDYT6JklG 7HBbpcTKXSmRBg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrudekuddgfeekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucgorfhhihhshhhinhhgqdfkphfpvghtfihorhhkuc dlfedttddmnecujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhm peffrghnihgvlhcugfgughgvtghumhgsvgcuoehgihhtsegvshhothgvrhhitghnohhnsh gvnhhsvgdrtghomheqnecuffhomhgrihhnpehrvghprhhoughutghisghlvgdqsghuihhl ughsrdhorhhgnecukfhppedufeelrdduiedvrddufedurddvfeejnecurfgrrhgrmhepmh grihhlfhhrohhmpegvmhgrihhlsegvshhothgvrhhitghnohhnshgvnhhsvgdrtghomhen ucevlhhushhtvghrufhiiigvpeei X-ME-Proxy: Received: from localhost.localdomain (test.electronrelocation.com [139.162.131.237]) by mail.messagingengine.com (Postfix) with ESMTPA id CEC8DD6005A; Sat, 7 Sep 2019 07:22:47 -0400 (EDT) From: Daniel Edgecumbe To: arch-releng@archlinux.org Date: Sat, 7 Sep 2019 12:22:38 +0100 Message-Id: <20190907112240.1028433-6-git@esotericnonsense.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190907112240.1028433-1-git@esotericnonsense.com> References: <20190907112240.1028433-1-git@esotericnonsense.com> MIME-Version: 1.0 Subject: [arch-releng] [PATCH 5/7] [releng] Add and use mkreproefi reproducible EFI build tool X-BeenThere: arch-releng@archlinux.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Arch Linux Release Engineering List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Arch Linux Release Engineering Cc: Daniel Edgecumbe Errors-To: arch-releng-bounces@archlinux.org Sender: "arch-releng" It is not possible to deterministically create FAT16 filesystems using the kernel drivers, so we add this dependency on 'mtools' and create efiboot.img using it. Motivation: https://reproducible-builds.org Signed-off-by: Daniel Edgecumbe --- Makefile | 2 ++ archiso/mkreproefi | 62 +++++++++++++++++++++++++++++++++++++++++ configs/releng/build.sh | 10 ++----- 3 files changed, 66 insertions(+), 8 deletions(-) create mode 100755 archiso/mkreproefi diff --git a/Makefile b/Makefile index 4ce70e7..1af9fdf 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,6 @@ # SPDX-License-Identifier: GPL-2.0 # Copyright (C) 2005-2019 Arch Linux Release Engineering Team +# Copyright (C) 2019 Daniel Edgecumbe V=42 @@ -22,6 +23,7 @@ install: install-program install-initcpio install-examples install-doc install-program: install -D -m 755 archiso/mkarchiso $(DESTDIR)/usr/bin/mkarchiso + install -D -m 755 archiso/mkreproefi $(DESTDIR)/usr/bin/mkreproefi install-initcpio: install -d $(SCRIPT_DIR) $(HOOKS_DIR) $(INSTALL_DIR) diff --git a/archiso/mkreproefi b/archiso/mkreproefi new file mode 100755 index 0000000..ba3ba12 --- /dev/null +++ b/archiso/mkreproefi @@ -0,0 +1,62 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2019 Daniel Edgecumbe + +set -e +trap '[[ -d "${_tmpdir}" ]] && rm -rf "${_tmpdir}"' exit + +_tmpdir=$(mktemp -d) +touch "${_tmpdir}/mkreproefi_was_here" + +die() { + echo $@ >&2 + set -ex + exit 1 +} + +eecho() { + echo "${@}" >&2 +} + +usagedie() { + eecho "Usage: mkreproefi INPUT OUTPUT [FS_LABEL] [SIZE]" + eecho "Create an EFI image from an input directory" + eecho "Example: SOURCE_DATE_EPOCH=1234567890 mkreproefi efi/ efi.img MYEFI 64M" + die +} + +checkdeps() { + type -P mmd > /dev/null || die "mmd not installed; install mtools?" + type -P mcopy > /dev/null || die "mcopy not installed; install mtools?" + type -P truncate > /dev/null || die "truncate not installed; install coreutils?" + type -P mkfs.fat > /dev/null || die "mkfs.fat not installed; install dosfstools?" +} + +checkdeps + +[[ ${1} == "--help" ]] && usagedie +[[ ${1} == "-h" ]] && usagedie + +[[ ${1} ]] || usagedie +_input="${1}" + +[[ ${2} ]] || usagedie +_output="${2}" + +if [[ ${3} ]]; then _fs_label="${3}"; else _fs_label="MKREPROEFI"; fi + +# Sane default. +if [[ ${4} ]]; then _size="${4}"; else _size="256M"; fi + +[[ -d "${_input}" ]] || die "${_input} is not a directory" +[[ ! -f "${_output}" ]] || die ${_output} already exists, not removing + +cp -a "${_input}"/* "${_tmpdir}"/ + +# IMPORTANT NOTE: the epoch on FAT16 is 1980-01-01, not 1970-01-01 as in UNIX. +# @315532800 is the lowest +[[ ${SOURCE_DATE_EPOCH} ]] && find "${_tmpdir}" -mindepth 1 -print0 | xargs -0 touch -hcd "@${SOURCE_DATE_EPOCH}" + +truncate -s "${_size}" "${_output}" +mkfs.fat --invariant -n "${_fs_label}" "${_output}" +find "${_tmpdir}" -mindepth 1 -type d -printf '%P\0' | sort -z | xargs -I {} -0 -n 1 mcopy -i "${_output}" -m "${_tmpdir}/{}" "::{}" diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 419ad7d..273b501 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -178,13 +178,6 @@ make_efi() { # Prepare efiboot.img::/EFI for "El Torito" EFI boot mode make_efiboot() { - mkdir -p ${work_dir}/iso/EFI/archiso - truncate -s 64M ${work_dir}/iso/EFI/archiso/efiboot.img - mkfs.fat -n ARCHISO_EFI ${work_dir}/iso/EFI/archiso/efiboot.img - - mkdir -p ${work_dir}/efiboot - mount ${work_dir}/iso/EFI/archiso/efiboot.img ${work_dir}/efiboot - mkdir -p ${work_dir}/efiboot/EFI/archiso cp ${work_dir}/iso/${install_dir}/boot/x86_64/vmlinuz ${work_dir}/efiboot/EFI/archiso/vmlinuz.efi cp ${work_dir}/iso/${install_dir}/boot/x86_64/archiso.img ${work_dir}/efiboot/EFI/archiso/archiso.img @@ -210,7 +203,8 @@ make_efiboot() { cp ${work_dir}/iso/EFI/shellx64_v2.efi ${work_dir}/efiboot/EFI/ cp ${work_dir}/iso/EFI/shellx64_v1.efi ${work_dir}/efiboot/EFI/ - umount -d ${work_dir}/efiboot + mkdir -p ${work_dir}/iso/EFI/archiso + mkreproefi ${work_dir}/efiboot ${work_dir}/iso/EFI/archiso/efiboot.img ARCHISO_EFI 64M } # Build airootfs filesystem image