|
Harald Hoyer |
89f6fa |
From 80626ded3e849ba840ddd64c1713be5abb1c7449 Mon Sep 17 00:00:00 2001
|
|
Harald Hoyer |
89f6fa |
From: Harald Hoyer <harald@redhat.com>
|
|
Harald Hoyer |
89f6fa |
Date: Thu, 3 Jul 2014 12:52:58 +0200
|
|
Harald Hoyer |
89f6fa |
Subject: [PATCH] Generate reproducible initramfs images
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
With the same source of files, it should be possible to generate the
|
|
Harald Hoyer |
89f6fa |
same image file with every dracut run.
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
To accomplish this, we modify the timestamps of the files we generate at
|
|
Harald Hoyer |
89f6fa |
runtime, call gzip with "-n" and cpio with "--reproducible".
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
The cpio --reproducible option is not yet upstream though, so if you
|
|
Harald Hoyer |
89f6fa |
feel like it should be then please nag at the cpio mailing list.
|
|
Harald Hoyer |
89f6fa |
http://lists.gnu.org/archive/html/bug-cpio/2014-08/msg00000.html
|
|
Harald Hoyer |
89f6fa |
---
|
|
Harald Hoyer |
89f6fa |
dracut.8.asc | 3 +++
|
|
Harald Hoyer |
89f6fa |
dracut.conf.5.asc | 3 +++
|
|
Harald Hoyer |
89f6fa |
dracut.sh | 40 ++++++++++++++++++++++++++++++++++------
|
|
Harald Hoyer |
89f6fa |
3 files changed, 40 insertions(+), 6 deletions(-)
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
diff --git a/dracut.8.asc b/dracut.8.asc
|
|
Harald Hoyer |
89f6fa |
index 51a4e9f..44530bd 100644
|
|
Harald Hoyer |
89f6fa |
--- a/dracut.8.asc
|
|
Harald Hoyer |
89f6fa |
+++ b/dracut.8.asc
|
|
Harald Hoyer |
89f6fa |
@@ -412,6 +412,9 @@ will not be able to boot.
|
|
Harald Hoyer |
89f6fa |
Do not compress the generated initramfs. This will override any other
|
|
Harald Hoyer |
89f6fa |
compression options.
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
+**--reproducible**::
|
|
Harald Hoyer |
89f6fa |
+ Create reproducible images.
|
|
Harald Hoyer |
89f6fa |
+
|
|
Harald Hoyer |
89f6fa |
**--list-modules**::
|
|
Harald Hoyer |
89f6fa |
List all available dracut modules.
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
diff --git a/dracut.conf.5.asc b/dracut.conf.5.asc
|
|
Harald Hoyer |
89f6fa |
index 0b6be6a..9259951 100644
|
|
Harald Hoyer |
89f6fa |
--- a/dracut.conf.5.asc
|
|
Harald Hoyer |
89f6fa |
+++ b/dracut.conf.5.asc
|
|
Harald Hoyer |
89f6fa |
@@ -179,6 +179,9 @@ provide a valid _/etc/fstab_.
|
|
Harald Hoyer |
89f6fa |
*i18n_install_all=*"__{yes|no}__"::
|
|
Harald Hoyer |
89f6fa |
Install everything regardless of generic or hostonly mode.
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
+*reproducible=*"__{yes|no}__"::
|
|
Harald Hoyer |
89f6fa |
+ Create reproducible images.
|
|
Harald Hoyer |
89f6fa |
+
|
|
Harald Hoyer |
89f6fa |
Files
|
|
Harald Hoyer |
89f6fa |
-----
|
|
Harald Hoyer |
89f6fa |
_/etc/dracut.conf_::
|
|
Harald Hoyer |
89f6fa |
diff --git a/dracut.sh b/dracut.sh
|
|
Harald Hoyer |
89f6fa |
index 1844336..2cce85b 100755
|
|
Harald Hoyer |
89f6fa |
--- a/dracut.sh
|
|
Harald Hoyer |
89f6fa |
+++ b/dracut.sh
|
|
Harald Hoyer |
89f6fa |
@@ -191,6 +191,7 @@ Creates initial ramdisk images for preloading modules
|
|
Harald Hoyer |
89f6fa |
--printsize Print out the module install size
|
|
Harald Hoyer |
89f6fa |
--sshkey [SSHKEY] Add ssh key to initramfs (use with ssh-client module)
|
|
Harald Hoyer |
89f6fa |
--logfile [FILE] Logfile to use (overrides configuration setting)
|
|
Harald Hoyer |
89f6fa |
+ --reproducible Create reproducible images
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
If [LIST] has multiple arguments, then you have to put these in quotes.
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
@@ -372,6 +373,7 @@ rearrange_params()
|
|
Harald Hoyer |
89f6fa |
--long noimageifnotneeded \
|
|
Harald Hoyer |
89f6fa |
--long early-microcode \
|
|
Harald Hoyer |
89f6fa |
--long no-early-microcode \
|
|
Harald Hoyer |
89f6fa |
+ --long reproducible \
|
|
Harald Hoyer |
89f6fa |
-- "$@")
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
if (( $? != 0 )); then
|
|
Harald Hoyer |
89f6fa |
@@ -557,7 +559,7 @@ while :; do
|
|
Harald Hoyer |
89f6fa |
--printsize) printsize="yes";;
|
|
Harald Hoyer |
89f6fa |
--regenerate-all) regenerate_all="yes";;
|
|
Harald Hoyer |
89f6fa |
--noimageifnotneeded) noimageifnotneeded="yes";;
|
|
Harald Hoyer |
89f6fa |
-
|
|
Harald Hoyer |
89f6fa |
+ --reproducible) reproducible_l="yes";;
|
|
Harald Hoyer |
89f6fa |
--) shift; break;;
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
*) # should not even reach this point
|
|
Harald Hoyer |
89f6fa |
@@ -801,6 +803,8 @@ stdloglvl=$((stdloglvl + verbosity_mod_l))
|
|
Harald Hoyer |
89f6fa |
[[ $early_microcode_l ]] && early_microcode=$early_microcode_l
|
|
Harald Hoyer |
89f6fa |
[[ $early_microcode ]] || early_microcode=no
|
|
Harald Hoyer |
89f6fa |
[[ $logfile_l ]] && logfile="$logfile_l"
|
|
Harald Hoyer |
89f6fa |
+[[ $reproducible_l ]] && reproducible="$reproducible_l"
|
|
Harald Hoyer |
89f6fa |
+
|
|
Harald Hoyer |
89f6fa |
# eliminate IFS hackery when messing with fw_dir
|
|
Harald Hoyer |
89f6fa |
fw_dir=${fw_dir//:/ }
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
@@ -810,7 +814,7 @@ case $compress in
|
|
Harald Hoyer |
89f6fa |
bzip2) compress="bzip2 -9";;
|
|
Harald Hoyer |
89f6fa |
lzma) compress="lzma -9 -T0";;
|
|
Harald Hoyer |
89f6fa |
xz) compress="xz --check=crc32 --lzma2=dict=1MiB -T0";;
|
|
Harald Hoyer |
89f6fa |
- gzip) compress="gzip -9"; command -v pigz > /dev/null 2>&1 && compress="pigz -9";;
|
|
Harald Hoyer |
89f6fa |
+ gzip) compress="gzip -n -9 --rsyncable"; command -v pigz > /dev/null 2>&1 && compress="pigz -9 -n -T -R";;
|
|
Harald Hoyer |
89f6fa |
lzo) compress="lzop -9";;
|
|
Harald Hoyer |
89f6fa |
lz4) compress="lz4 -l -9";;
|
|
Harald Hoyer |
89f6fa |
esac
|
|
Harald Hoyer |
89f6fa |
@@ -821,6 +825,8 @@ fi
|
|
Harald Hoyer |
89f6fa |
[[ $hostonly = yes ]] && hostonly="-h"
|
|
Harald Hoyer |
89f6fa |
[[ $hostonly != "-h" ]] && unset hostonly
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
+[[ $reproducible == yes ]] && DRACUT_REPRODUCIBLE=1
|
|
Harald Hoyer |
89f6fa |
+
|
|
Harald Hoyer |
89f6fa |
readonly TMPDIR="$tmpdir"
|
|
Harald Hoyer |
89f6fa |
readonly initdir="$(mktemp --tmpdir="$TMPDIR/" -d -t initramfs.XXXXXX)"
|
|
Harald Hoyer |
89f6fa |
[ -d "$initdir" ] || {
|
|
Harald Hoyer |
89f6fa |
@@ -1498,7 +1504,7 @@ if [[ $acpi_override = yes ]] && [[ -d $acpi_table_dir ]]; then
|
|
Harald Hoyer |
89f6fa |
mkdir -p $_dest_dir
|
|
Harald Hoyer |
89f6fa |
for table in $acpi_table_dir/*.aml; do
|
|
Harald Hoyer |
89f6fa |
dinfo " Adding ACPI table: $table"
|
|
Harald Hoyer |
89f6fa |
- cp $table $_dest_dir
|
|
Harald Hoyer |
89f6fa |
+ cp -a $table $_dest_dir
|
|
Harald Hoyer |
89f6fa |
create_early_cpio="yes"
|
|
Harald Hoyer |
89f6fa |
done
|
|
Harald Hoyer |
89f6fa |
fi
|
|
Harald Hoyer |
89f6fa |
@@ -1512,15 +1518,37 @@ fi
|
|
Harald Hoyer |
89f6fa |
rm -f -- "$outfile"
|
|
Harald Hoyer |
89f6fa |
dinfo "*** Creating image file ***"
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
+if [[ $DRACUT_REPRODUCIBLE ]]; then
|
|
Harald Hoyer |
89f6fa |
+ find "$initdir" -newer "$dracutbasedir/dracut-functions.sh" -print0 \
|
|
Harald Hoyer |
89f6fa |
+ | xargs -r -0 touch -h -m -c -r "$dracutbasedir/dracut-functions.sh"
|
|
Harald Hoyer |
89f6fa |
+
|
|
Harald Hoyer |
89f6fa |
+ [[ "$(cpio --help)" == *--reproducible* ]] && CPIO_REPRODUCIBLE=1
|
|
Harald Hoyer |
89f6fa |
+fi
|
|
Harald Hoyer |
89f6fa |
+
|
|
Harald Hoyer |
89f6fa |
[[ "$UID" != 0 ]] && cpio_owner_root="-R 0:0"
|
|
Harald Hoyer |
89f6fa |
|
|
Harald Hoyer |
89f6fa |
if [[ $create_early_cpio = yes ]]; then
|
|
Harald Hoyer |
89f6fa |
echo 1 > "$early_cpio_dir/d/early_cpio"
|
|
Harald Hoyer |
89f6fa |
+
|
|
Harald Hoyer |
89f6fa |
+ if [[ $DRACUT_REPRODUCIBLE ]]; then
|
|
Harald Hoyer |
89f6fa |
+ find "$early_cpio_dir/d" -newer "$dracutbasedir/dracut-functions.sh" -print0 \
|
|
Harald Hoyer |
89f6fa |
+ | xargs -r -0 touch -h -m -c -r "$dracutbasedir/dracut-functions.sh"
|
|
Harald Hoyer |
89f6fa |
+ fi
|
|
Harald Hoyer |
89f6fa |
+
|
|
Harald Hoyer |
89f6fa |
# The microcode blob is _before_ the initramfs blob, not after
|
|
Harald Hoyer |
89f6fa |
- (cd "$early_cpio_dir/d"; find . -print0 | cpio --null $cpio_owner_root -H newc -o --quiet > $outfile)
|
|
Harald Hoyer |
89f6fa |
+ (
|
|
Harald Hoyer |
89f6fa |
+ cd "$early_cpio_dir/d"
|
|
Harald Hoyer |
89f6fa |
+ find . -print0 | sort -z \
|
|
Harald Hoyer |
89f6fa |
+ | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null $cpio_owner_root -H newc -o --quiet > $outfile
|
|
Harald Hoyer |
89f6fa |
+ )
|
|
Harald Hoyer |
89f6fa |
fi
|
|
Harald Hoyer |
89f6fa |
-if ! ( umask 077; cd "$initdir"; find . -print0 | cpio --null $cpio_owner_root -H newc -o --quiet | \
|
|
Harald Hoyer |
89f6fa |
- $compress >> "$outfile"; ); then
|
|
Harald Hoyer |
89f6fa |
+
|
|
Harald Hoyer |
89f6fa |
+if ! (
|
|
Harald Hoyer |
89f6fa |
+ umask 077; cd "$initdir"
|
|
Harald Hoyer |
89f6fa |
+ find . -print0 | sort -z \
|
|
Harald Hoyer |
89f6fa |
+ | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null $cpio_owner_root -H newc -o --quiet \
|
|
Harald Hoyer |
89f6fa |
+ | $compress >> "$outfile"
|
|
Harald Hoyer |
89f6fa |
+ ); then
|
|
Harald Hoyer |
89f6fa |
dfatal "dracut: creation of $outfile failed"
|
|
Harald Hoyer |
89f6fa |
exit 1
|
|
Harald Hoyer |
89f6fa |
fi
|