public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make-initrd: create reproducible initrds 

To achieve reproducible results, `cpio` archive members are added in
sorted order and inodes renumbered.

The `cpio-clean.pl` script is made obsolete by setting mtimes via
`touch` & using `cpio --reproducible`.  Suggested by @dezgeg in
https://github.com/NixOS/nixpkgs/pull/21273#issuecomment-268116605.

Note that using `--reproducible` means that initial ramdisk creation now
requires at least `cpio` version 2.12 (released in 2015).
This commit is contained in:
Joachim Fasting 2016-12-20 10:27:13 +01:00 committed by Joachim F
parent 49e3190efa
commit 5a8147479e
3 changed files with 5 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
pkgs/build-support/kernel/cpio-clean.pl
View File

@ -1,17 +0,0 @@
use strict;
# Make inode number, link info and mtime consistent in order to get a consistent hash.
#
# Author: Alexander Kjeldaas <ak@formalprivacy.com>
use Archive::Cpio;
my $cpio = Archive::Cpio->new;
my $IN = \*STDIN;
my $ino = 1;
$cpio->read_with_handler($IN, sub {
my ($e) = @_;
$e->{mtime} = 1;
$cpio->write_one(\*STDOUT, $e);
});
$cpio->write_trailer(\*STDOUT);

5
pkgs/build-support/kernel/make-initrd.nix
View File

@ -12,10 +12,10 @@
# `contents = {object = ...; symlink = /init;}' is a typical # `contents = {object = ...; symlink = /init;}' is a typical
# argument. # argument.
{ stdenv, perl, perlArchiveCpio, cpio, contents, ubootChooser, compressor, prepend }: { stdenv, perl, cpio, contents, ubootChooser, compressor, prepend }:
let let
inputsFun = ubootName : [perl cpio perlArchiveCpio ] inputsFun = ubootName : [ perl cpio ]
++ stdenv.lib.optional (ubootName != null) [ (ubootChooser ubootName) ]; ++ stdenv.lib.optional (ubootName != null) [ (ubootChooser ubootName) ];
makeUInitrdFun = ubootName : (ubootName != null); makeUInitrdFun = ubootName : (ubootName != null);
in in
@ -35,7 +35,6 @@ stdenv.mkDerivation {
exportReferencesGraph = exportReferencesGraph =
map (x: [("closure-" + baseNameOf x.symlink) x.object]) contents; map (x: [("closure-" + baseNameOf x.symlink) x.object]) contents;
pathsFromGraph = ./paths-from-graph.pl; pathsFromGraph = ./paths-from-graph.pl;
cpioClean = ./cpio-clean.pl;
crossAttrs = { crossAttrs = {
nativeBuildInputs = inputsFun stdenv.cross.platform.uboot; nativeBuildInputs = inputsFun stdenv.cross.platform.uboot;

3
pkgs/build-support/kernel/make-initrd.sh
View File

@ -39,7 +39,8 @@ mkdir -p $out
for PREP in $prepend; do for PREP in $prepend; do
cat $PREP >> $out/initrd cat $PREP >> $out/initrd
done done
(cd root && find * -print0 | cpio -o -H newc -R 0:0 --null | perl $cpioClean | $compressor >> $out/initrd) (cd root && find * -print0 | xargs -0r touch -h -d '@1')
(cd root && find * -print0 | sort -z | cpio -o -H newc -R +0:+0 --reproducible --null | $compressor >> $out/initrd)
if [ -n "$makeUInitrd" ]; then if [ -n "$makeUInitrd" ]; then
mv $out/initrd $out/initrd.gz mv $out/initrd $out/initrd.gz