From: Vagrant Cascadian Date: Sun, 3 Jun 2018 19:26:57 +0000 (-0700) Subject: Set time and umask on multi-dtb fit images to ensure reproducibile builds. X-Git-Tag: v2025.01-rc5-pxa1908~4156 X-Git-Url: http://git.dujemihanovic.xyz/img/%7B%7B%20%28.OutputFormats.Get?a=commitdiff_plain;h=8664ab7debabfb6e1049c81030c2a18fd3eecb58;p=u-boot.git Set time and umask on multi-dtb fit images to ensure reproducibile builds. When building compressed (lzop, gzip) multi-dtb fit images, the compression tool may embed the time or umask in the image. Work around this by manually setting the time of the source file using SOURCE_DATE_EPOCH and a hard-coded 0600 umask. With gzip, this could be accomplished by using -n/--no-name, but lzop has no current workaround: https://bugs.debian.org/896520 Signed-off-by: Vagrant Cascadian --- diff --git a/scripts/Makefile.spl b/scripts/Makefile.spl index 057389997d..ef018b5b40 100644 --- a/scripts/Makefile.spl +++ b/scripts/Makefile.spl @@ -391,6 +391,10 @@ MKIMAGEFLAGS_$(SPL_BIN).multidtb.fit = -f auto -A $(ARCH) -T firmware -C none -O $(obj)/$(SPL_BIN).multidtb.fit: /dev/null $(SHRUNK_ARCH_DTB) FORCE $(call if_changed,mkimage) +ifneq ($(SOURCE_DATE_EPOCH),) + touch -d @$(SOURCE_DATE_EPOCH) $(obj)/$(SPL_BIN).multidtb.fit + chmod 0600 $(obj)/$(SPL_BIN).multidtb.fit +endif $(obj)/$(SPL_BIN).multidtb.fit.gz: $(obj)/$(SPL_BIN).multidtb.fit @gzip -kf9 $< > $@