From: Vagrant Cascadian Date: Thu, 2 May 2019 18:14:12 +0000 (-0700) Subject: Set time and umask on fit-dtb.blob to ensure reproducibile builds. X-Git-Tag: v2025.01-rc5-pxa1908~2987^2~3 X-Git-Url: http://git.dujemihanovic.xyz/img/%7B%7B%20%28.OutputFormats.Get?a=commitdiff_plain;h=878e2a50b50199cb06ee28df53151e396a29d838;p=u-boot.git Set time and umask on fit-dtb.blob to ensure reproducibile builds. Support for compressed fit-dtb.blob was added in: commit 95f4bbd581cf ("lib: fdt: Allow LZO and GZIP DT compression in U-Boot") When building compressed (lzop, gzip) fit-dtb.blob images, the compression tool may embed the time or umask in the image. Work around this by manually setting the time of the source file using SOURCE_DATE_EPOCH and a hard-coded 0600 umask. With gzip, this could be accomplished by using -n/--no-name, but lzop has no current workaround: https://bugs.debian.org/896520 This is essentially the same fix applied to multi-dtb fit SPL images in: commit 8664ab7debab ("Set time and umask on multi-dtb fit images to ensure reproducibile builds.") Signed-off-by: Vagrant Cascadian --- diff --git a/Makefile b/Makefile index d1224764ab..afe3bbeaca 100644 --- a/Makefile +++ b/Makefile @@ -1058,6 +1058,10 @@ fit-dtb.blob.lzo: fit-dtb.blob fit-dtb.blob: dts/dt.dtb FORCE $(call if_changed,mkimage) +ifneq ($(SOURCE_DATE_EPOCH),) + touch -d @$(SOURCE_DATE_EPOCH) fit-dtb.blob + chmod 0600 fit-dtb.blob +endif MKIMAGEFLAGS_fit-dtb.blob = -f auto -A $(ARCH) -T firmware -C none -O u-boot \ -a 0 -e 0 -E \