This patch helps to build cpio images that are binary reproducible. The changes are as follows:
1. By default, cpio from the host is used, which can be quite old. Hence we need to implement a way to use/call cpio-native, which supports new features needed for binary reproducibility, notably the arguments such as "--reproducible" and "--ignore-devno". This can be achieved by specifying the following (in local.conf): do_image_cpio[depends] += "cpio-replacement-native:do_populate_sysroot" EXTRANATIVEPATH += "cpio-native" 2. Provide a way to pass custom arguments to cpio. This is done via a new variable IMAGE_CMD_CPIO. For binary reproducible cpio archives one needs to set (in local.conf) IMAGE_CMD_CPIO = "cpio --ignore-devno --reproducible " 3. A symlink is created as part of the image. Here we make sure it gets the timestamps (mtime) based on the timestamp of the symlink target, rather than the timestamp corresponding to the build time. Signed-off-by: Juro Bystricky <juro.bystri...@intel.com> --- meta/classes/image_types.bbclass | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass index e0368c7..50d0c07 100644 --- a/meta/classes/image_types.bbclass +++ b/meta/classes/image_types.bbclass @@ -122,9 +122,17 @@ IMAGE_CMD_TAR ?= "tar" # ignore return code 1 "file changed as we read it" as other tasks(e.g. do_image_wic) may be hardlinking rootfs IMAGE_CMD_tar = "${IMAGE_CMD_TAR} -cf ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.tar -C ${IMAGE_ROOTFS} . || [ $? -eq 1 ]" +# By default, cpio from the host is used, which can be quite old. If +# you need special parameters (like --ignore-devno --reproducible) which are only +# supported by GNU cpio upstream >= 2.12, then override that default: +# IMAGE_CMD_CPIO = "cpio --ignore-devno" +# do_image_cpio[depends] += "cpio-replacement-native:do_populate_sysroot" +# EXTRANATIVEPATH += "cpio-native" + +IMAGE_CMD_CPIO ?= "cpio" do_image_cpio[cleandirs] += "${WORKDIR}/cpio_append" IMAGE_CMD_cpio () { - (cd ${IMAGE_ROOTFS} && find . | cpio -o -H newc >${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio) + (cd ${IMAGE_ROOTFS} && find . | ${IMAGE_CMD_CPIO} -o -H newc -v >${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio) # We only need the /init symlink if we're building the real # image. The -dbg image doesn't need it! By being clever # about this we also avoid 'touch' below failing, as it @@ -134,10 +142,12 @@ IMAGE_CMD_cpio () { if [ ! -L ${IMAGE_ROOTFS}/init ] && [ ! -e ${IMAGE_ROOTFS}/init ]; then if [ -L ${IMAGE_ROOTFS}/sbin/init ] || [ -e ${IMAGE_ROOTFS}/sbin/init ]; then ln -sf /sbin/init ${WORKDIR}/cpio_append/init + # improve reproducibility: set the link mtime to be the same as the target + touch -h -r ${IMAGE_ROOTFS}/sbin/init ${WORKDIR}/cpio_append/init else touch ${WORKDIR}/cpio_append/init fi - (cd ${WORKDIR}/cpio_append && echo ./init | cpio -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio) + (cd ${WORKDIR}/cpio_append && echo ./init | ${IMAGE_CMD_CPIO} -oA -H newc -F ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.cpio) fi fi } -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core