Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-11-13 16:23:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen" Tue Nov 13 16:23:37 2018 rev:256 rq:647072 version:4.11.0_09 Changes: -------- --- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-10-18 15:28:32.178841944 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-11-13 16:23:56.974832220 +0100 @@ -1,0 +2,8 @@ +Wed Oct 24 08:21:01 UTC 2018 - Bernhard Wiedemann <bwiedem...@suse.com> + +- make package build reproducible (boo#1047218, boo#1062303) + * Set SMBIOS_REL_DATE + * Update tmp_build.patch to use SHA instead of random build-id + * Add reproducible.patch to use --no-insert-timestamp + +------------------------------------------------------------------- New: ---- reproducible.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xen.spec ++++++ --- /var/tmp/diff_new_pack.kdvWrF/_old 2018-11-13 16:23:59.534827759 +0100 +++ /var/tmp/diff_new_pack.kdvWrF/_new 2018-11-13 16:23:59.538827752 +0100 @@ -268,6 +268,7 @@ # Build patches Patch99996: xen.stubdom.newlib.patch Patch99998: tmp_build.patch +Patch99999: reproducible.patch Url: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ BuildRoot: %{_tmppath}/%{name}-%{version}-build %define pyver %(python3 -c "import sys; print(sys.version[:3])") @@ -517,6 +518,7 @@ # Build patches %patch99996 -p1 %patch99998 -p1 +%patch99999 -p1 %build # JWF: Anthony's series to load BIOS from toolstack requires autogen.sh. @@ -553,7 +555,7 @@ export GIT=$(type -P false) export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS" export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" -export SMBIOS_DATE="$SMBIOS_DATE" +export SMBIOS_REL_DATE="$SMBIOS_DATE" export RELDATE="$RELDATE" XEN_VERSION=$XEN_VERSION XEN_SUBVERSION=$XEN_SUBVERSION ++++++ reproducible.patch ++++++ commit e4c8f21e198e739e279b274c17e9246ea9a6d8e5 Author: Bernhard M. Wiedemann <bwiedem...@suse.de> Date: Wed Oct 24 09:50:26 2018 +0200 x86/efi: Do not insert timestamps in efi files in order to make builds reproducible. See https://reproducible-builds.org/ for why this is good. We only add the option, if ld understands it. Signed-off-by: Bernhard M. Wiedemann <bwiedem...@suse.de> diff --git a/Config.mk b/Config.mk index 9b13e75a3e..46b064bcae 100644 --- a/Config.mk +++ b/Config.mk @@ -151,6 +151,14 @@ export XEN_HAS_BUILD_ID=y build_id_linker := --build-id=sha1 endif +ld-ver-timestamp = $(shell $(1) -mi386pep --no-insert-timestamp 2>&1 | \ + grep -q no-insert-timestamp && echo n || echo y) +ifeq ($(call ld-ver-timestamp,$(LD)),n) +ld_no_insert_timestamp := +else +ld_no_insert_timestamp := --no-insert-timestamp +endif + ifndef XEN_HAS_CHECKPOLICY CHECKPOLICY ?= checkpolicy XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen && echo y || echo n) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 162b0b94c0..866125a8ac 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -158,6 +158,7 @@ note.o: $(TARGET)-syms EFI_LDFLAGS = $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10 EFI_LDFLAGS += --image-base=$(1) --stack=0,0 --heap=0,0 --strip-debug +EFI_LDFLAGS += $(ld_no_insert_timestamp) EFI_LDFLAGS += --section-alignment=0x200000 --file-alignment=0x20 EFI_LDFLAGS += --major-image-version=$(XEN_VERSION) EFI_LDFLAGS += --minor-image-version=$(XEN_SUBVERSION) ++++++ tmp_build.patch ++++++ --- /var/tmp/diff_new_pack.kdvWrF/_old 2018-11-13 16:23:59.902827118 +0100 +++ /var/tmp/diff_new_pack.kdvWrF/_new 2018-11-13 16:23:59.902827118 +0100 @@ -22,7 +22,7 @@ xenstore: xenstore_client.o $(LIBXENSTORE) $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS) -+ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=uuid -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@ ++ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=sha1 -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@ xenstore-control: xenstore_control.o $(LIBXENSTORE) $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
