[yocto] [PATCH] opkg-build: improve package reproducibility

Alejandro del Castillo alejandro.delcastillo at ni.com
Mon Jan 29 02:23:15 PST 2018 

Implements some of the recommendations by reproducible-build.org [1]

- Set modification time to SOURCE_DATE_EPOCH env variable
- Enable deterministic sorting of directory entries
- Do not save timestamp on gzip compressed archive

bugzilla #11242

[1] https://reproducible-builds.org/docs/archives/

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo at ni.com>
---
 opkg-build | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/opkg-build b/opkg-build
index 0fe513a..7bfdd99 100755
--- a/opkg-build
+++ b/opkg-build
@@ -149,6 +149,7 @@ outer=ar
 noclean=0
 opkext=0
 compressor=gzip
+compressorargs="-9n"
 
 # Determine if tar supports the --format argument by checking the help output.
 #
@@ -222,6 +223,15 @@ done
 
 cext=$(compressor_ext $compressor)
 
+if [ $compressor = "gzip" ] ; then
+	# pgzip requires -T to avoid timestamps on the gzip archive
+	if gzip --help 2>&1 | grep -- "-T" > /dev/null; then
+		compressorargs="-9nT"
+	fi
+else
+	compressorargs=""
+fi
+
 shift $(($OPTIND - 1))
 
 # continue on to process additional arguments
@@ -267,9 +277,11 @@ fi
 tmp_dir=$dest_dir/IPKG_BUILD.$$
 mkdir $tmp_dir
 
+build_date="$(date --utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y-%m-%d)"
+
 echo $CONTROL > $tmp_dir/tarX
-( cd $pkg_dir && tar $ogargs -X $tmp_dir/tarX -c --$compressor $tarformat -f $tmp_dir/data.tar.$cext . )
-( cd $pkg_dir/$CONTROL && tar $ogargs -cz $tarformat -f $tmp_dir/control.tar.gz . )
+( cd $pkg_dir && tar $ogargs --sort=name --mtime=$build_date -X $tmp_dir/tarX -c $tarformat . | $compressor $compressorargs > $tmp_dir/data.tar.$cext )
+( cd $pkg_dir/$CONTROL && tar $ogargs --sort=name --mtime=$build_date -c $tarformat . | gzip $compressorargs > $tmp_dir/control.tar.gz )
 rm $tmp_dir/tarX
 
 echo "2.0" > $tmp_dir/debian-binary
@@ -284,7 +296,7 @@ rm -f $pkg_file
 if [ "$outer" = "ar" ] ; then
   ( cd $tmp_dir && ar -crf $pkg_file ./debian-binary ./control.tar.gz ./data.tar.$cext )
 else
-  ( cd $tmp_dir && tar -cz $tarformat -f $pkg_file ./debian-binary ./control.tar.gz ./data.tar.$cext )
+  ( cd $tmp_dir && tar -c --sort=name --mtime=$build_date $tarformat ./debian-binary ./control.tar.gz ./data.tar.$cext | gzip $compressorargs > $pkg_file )
 fi
 
 rm $tmp_dir/debian-binary $tmp_dir/data.tar.$cext $tmp_dir/control.tar.gz
-- 
2.15.1

More information about the yocto mailing list