Message ID | 1479460224-6119-7-git-send-email-jezz@sysmic.org |
---|---|
State | Superseded |
Headers | show |
On 18-11-16 10:10, Jérôme Pouiller wrote: > By default, Linux kernel enable 'build-id'. 'build-id' tends to add random > bytes in section .notes of kernel image[1]: Err, no, these are not random bytes, these are a sha1 of the content of the file. If the build ID changes, it means the content has changed. One common way that the build ID can differ while the output files don't differ is because of the source path that is recorded in the debug sections (which are stripped in the end). But I think that reproducible builds when the source path differs are very far away at this point... > > $ readelf -Wn .../vmlinux > Displaying notes found at file offset 0x00008000 with length 0x00000024: > Owner Data size Description > GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring) > Build ID: ca689e2ed3944f49474715908e2ac1bb04907fb2 > > Therefore, we patch kernel Makefile to disable 'build-id'. > > [1] https://kernelnewbies.org/BuildId > > This work was sponsored by `BA Robotic Systems'. > > Signed-off-by: Jérôme Pouiller <jezz@sysmic.org> > --- > linux/linux.mk | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/linux/linux.mk b/linux/linux.mk > index 7e826cc..a63d1f3 100644 > --- a/linux/linux.mk > +++ b/linux/linux.mk > @@ -209,6 +209,13 @@ define LINUX_TRY_PATCH_TIMECONST > endef > LINUX_POST_PATCH_HOOKS += LINUX_TRY_PATCH_TIMECONST > > +ifeq ($(BR2_REPRODUCIBLE),y) > +define LINUX_REMOVE_BUILD_ID > + sed -i -e s/--build-id/--build-id=none/ $(@D)/Makefile build-id is also used in the VDSO, and there it is really mandatory to have it. Did you encounter a concrete problem with the build ID? And it didn't occur for the VDSO, only for the vmlinux image? Could you trace it back to the individual object file that has a different build ID? Regards, Arnout > +endef > +LINUX_POST_PATCH_HOOKS += LINUX_REMOVE_BUILD_ID > +endif > + > ifeq ($(BR2_LINUX_KERNEL_USE_DEFCONFIG),y) > LINUX_KCONFIG_DEFCONFIG = $(call qstrip,$(BR2_LINUX_KERNEL_DEFCONFIG))_defconfig > else ifeq ($(BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG),y) >
On Saturday 19 November 2016 10:31:51 Arnout Vandecappelle wrote: > > On 18-11-16 10:10, Jérôme Pouiller wrote: > > By default, Linux kernel enable 'build-id'. 'build-id' tends to add random > > bytes in section .notes of kernel image[1]: > > Err, no, these are not random bytes, these are a sha1 of the content of the > file. If the build ID changes, it means the content has changed. > > One common way that the build ID can differ while the output files don't differ > is because of the source path that is recorded in the debug sections (which are > stripped in the end). But I think that reproducible builds when the source path > differs are very far away at this point... Oh, you are right! I didn't understood why my build-id changes while all sections was identical. In fact, in some circumstances, symbol order in debug sections is not defined. I don't know yet exactly why nor how to fix it.
diff --git a/linux/linux.mk b/linux/linux.mk index 7e826cc..a63d1f3 100644 --- a/linux/linux.mk +++ b/linux/linux.mk @@ -209,6 +209,13 @@ define LINUX_TRY_PATCH_TIMECONST endef LINUX_POST_PATCH_HOOKS += LINUX_TRY_PATCH_TIMECONST +ifeq ($(BR2_REPRODUCIBLE),y) +define LINUX_REMOVE_BUILD_ID + sed -i -e s/--build-id/--build-id=none/ $(@D)/Makefile +endef +LINUX_POST_PATCH_HOOKS += LINUX_REMOVE_BUILD_ID +endif + ifeq ($(BR2_LINUX_KERNEL_USE_DEFCONFIG),y) LINUX_KCONFIG_DEFCONFIG = $(call qstrip,$(BR2_LINUX_KERNEL_DEFCONFIG))_defconfig else ifeq ($(BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG),y)
By default, Linux kernel enable 'build-id'. 'build-id' tends to add random bytes in section .notes of kernel image[1]: $ readelf -Wn .../vmlinux Displaying notes found at file offset 0x00008000 with length 0x00000024: Owner Data size Description GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: ca689e2ed3944f49474715908e2ac1bb04907fb2 Therefore, we patch kernel Makefile to disable 'build-id'. [1] https://kernelnewbies.org/BuildId This work was sponsored by `BA Robotic Systems'. Signed-off-by: Jérôme Pouiller <jezz@sysmic.org> --- linux/linux.mk | 7 +++++++ 1 file changed, 7 insertions(+)