Your message dated Wed, 30 Nov 2016 19:21:05 +0000
with message-id <[email protected]>
and subject line Bug#845194: fixed in amd64-microcode 3.20160316.3
has caused the Debian Bug report #845194,
regarding amd64-microcode: please make the early initramfs image reproducible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
845194: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845194
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: amd64-microcode
Version: 3.20160316.2
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: timestamps fileordering toolchain
X-Debbugs-Cc: [email protected]
Hi,
Whilst working on the Reproducible Builds effort [0] on behalf of the
Tails operating system [1], I noticed that amd64-microcode generates
a prepended initramfs image that is not reproducible.
Patch attached.
[0] https://reproducible-builds.org/
[1] https://tails.boum.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
diff --git a/debian/initramfs.hook b/debian/initramfs.hook
index d250719..b290d21 100755
--- a/debian/initramfs.hook
+++ b/debian/initramfs.hook
@@ -89,9 +89,18 @@ EFWCD="${EFWD}/d/kernel/x86/microcode"
EFWF="${EFWCD}/AuthenticAMD.bin"
mkdir -p "${EFWCD}" && \
- find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -print0 | xargs -0 -r cat
2>/dev/null >"${EFWF}" && \
+ find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -print0 | LC_ALL=C sort -z |
xargs -0 -r cat 2>/dev/null >"${EFWF}" && \
+ # if SOURCE_DATE_EPOCH is set, try and create a reproducible image
+ if [ "${SOURCE_DATE_EPOCH}" != "" ]; then
+ # ensure that no timestamps are newer than $SOURCE_DATE_EPOCH
+ find "${EFWD}" -newermt "@${SOURCE_DATE_EPOCH}" -print0 | \
+ xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}"
+
+ # --reproducible requires cpio >= 2.12
+ cpio --usage | grep -qs -- "--reproducible" &&
cpio_reproducible="--reproducible"
+ fi && \
test -s "${EFWF}" && \
- ( cd "${EFWD}/d" ; find . -print0 | sort -z | cpio --null -R 0:0 -H newc -o
--quiet > "${EFWE}" ) \
+ ( cd "${EFWD}/d" ; find . -print0 | LC_ALL=C sort -z | cpio --null
$cpio_reproducible -R 0:0 -H newc -o --quiet > "${EFWE}" ) \
&& prepend_earlyinitramfs "${EFWE}" || {
[ -d "${EFWD}" ] && rm -fr "${EFWD}"
echo "E: amd64-microcode: failed to create or prepend the early initramfs
to the initramfs" >&2
--- End Message ---
--- Begin Message ---
Source: amd64-microcode
Source-Version: 3.20160316.3
We believe that the bug you reported is fixed in the latest version of
amd64-microcode, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <[email protected]> (supplier of updated
amd64-microcode package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 Nov 2016 23:54:53 -0200
Source: amd64-microcode
Binary: amd64-microcode
Architecture: source amd64
Version: 3.20160316.3
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <[email protected]>
Changed-By: Henrique de Moraes Holschuh <[email protected]>
Description:
amd64-microcode - Processor microcode firmware for AMD CPUs
Closes: 845194
Changes:
amd64-microcode (3.20160316.3) unstable; urgency=medium
.
* initramfs: Make the early initramfs reproducible (closes: #845194)
* rules: switch to simplified dh-based build (debhelper v9)
Checksums-Sha1:
03ed905f3859d4c820d2f06fff672dffb0e254ed 1681 amd64-microcode_3.20160316.3.dsc
495f315ecd044a4f33e3dbdcdd8cf479a3272d63 30360
amd64-microcode_3.20160316.3.tar.xz
459895af5d51d6148952f93d27c80271aa33929d 4446
amd64-microcode_3.20160316.3_amd64.buildinfo
f90a3027b515adf397afd3a5facf09c6afe61bab 31116
amd64-microcode_3.20160316.3_amd64.deb
Checksums-Sha256:
c317333a9bc89ec111e7075b37dd6fc5e8de2ddfd233a223620df92c8ef3fddb 1681
amd64-microcode_3.20160316.3.dsc
650693df889b95b83ebbc91f7e08cbbb983674d8718dc31fd1ebafd7a76b677f 30360
amd64-microcode_3.20160316.3.tar.xz
e2199182323db479f98cd1f559eec8acf0d87206687d78cecdded873e3c745d1 4446
amd64-microcode_3.20160316.3_amd64.buildinfo
f7bddaf712ffaa833ff65ef94bdd86720d55c2c56ae982c3db58181bbe70f147 31116
amd64-microcode_3.20160316.3_amd64.deb
Files:
e5b438021aa70c0006856f6a0635dd73 1681 non-free/admin standard
amd64-microcode_3.20160316.3.dsc
0dc6fab6a7650cd5866a2ccea7f66b24 30360 non-free/admin standard
amd64-microcode_3.20160316.3.tar.xz
f910c5274abf248894dca37af24243a3 4446 non-free/admin standard
amd64-microcode_3.20160316.3_amd64.buildinfo
7056e449d8bac87d85a4e434379d0e6e 31116 non-free/admin standard
amd64-microcode_3.20160316.3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJYPjIFAAoJEP4Rv6aLFY6YglEP/3wbJdoqtysRjJCqxOaxqxni
eKNz6D8q9QqpWinOx3PxAf+eTQT6xP8vmTAPvHzOvpmb2fPtLjFeZLVf9yNHKlrG
HUnGLngWvS+FaK4YTuQvfVsDT0N03/t81W6vnRrXTn8GfGTkt/iXGh9nIIGsCEAT
0OQXPFK7wi7QRqjypD+T8gprGWetgC9J+QnwbmCbweLxh2ATwELX/6GExbimbzsx
9cdmKet9UextJoTe0EEL5RqwDRgWPPpD07QigRQiSjTe5AQXh/+rkLHZ6fW8pRRu
Kr09OcfBKmgmHI3uKKBHjAXNX6R/6u+XdPardk/JLNcfzcSbq0ulpNc1aHxHnuB7
efrPSdTYrmRIaZDENG2JTsZIOnZYLu4E5mMmdQS2IkR5PhkN3joSmd/UXkXxi4wK
ztnDJDcRDPTVT04iYMa+mBNd/78hoXRS82L0J1dZpqirL7LH0U2diPaRVm6so56t
9VIslkXhHYKO9sjh+0v+BYqKm7kc2cgQ/YQx0+7mmhuJTMHoRbu+xnc/jbr8zvET
d7sCq03mPXstjLSTjtDD43p+t7B2dMNmDk+xZhjyNyNSBOEMag0FaObXzJQ0fSoq
jddkUJCCqzK4UJE/gKmTOGq6eZtbqAzb2/G+Qp8cMUMTwaE1F0A1bmanJSTLV9ev
LFAIkTOVQcOL2Hpjlofz
=ScmT
-----END PGP SIGNATURE-----
--- End Message ---
