Re: [PATCH] build: store buildsystem revision in packages

[Holger Levsen]

Hi Paul,

On Wed, Jul 15, 2020 at 02:56:58PM -1000, Paul Spooren wrote:
> To support the verification efforts of the reproducible-builds.org team
> this patch adds the buildsystem revision to the package index. This way
> external feeds all external feeds can be rebuild and verified.
 
cool! :) I've also seen the 2nd version of this patch at 
http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030325.html and
wondering what the status of merging it is?


-- 
cheers,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Dance like no one's watching. Encrypt like everyone is.


signature.asc
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[PATCH] build: store buildsystem revision in packages

[Paul Spooren]

In the past buildinfo files where added to enable testing for
reproducible builds. The combination of the three buildinfo files
feeds.buildinfo, config.buildinfo and version.buildinfo allow to
recreate the buildsystem and check if compiled binaries are bit for bit
the same as distributed on official servers.

To support the verification efforts of the reproducible-builds.org team
this patch adds the buildsystem revision to the package index. This way
external feeds all external feeds can be rebuild and verified.

Instead of adding a single file to the Packages folder containing the
revision, the per package storage of revisions allow iterative updates.
Even though the buildbots currently rebuild all packages, it would also
be possible to only rebuild upgraded packages in the future.

To keep the `Packages` small, it is ignored when creating the index.

Tested with buildsystem and SDK on ath79/generic.

Signed-off-by: Paul Spooren 
---
 include/package-ipkg.mk | 1 +
 package/Makefile| 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
index 622cbf3223..1dc8dc8f56 100644
--- a/include/package-ipkg.mk
+++ b/include/package-ipkg.mk
@@ -184,6 +184,7 @@ $$(call addfield,Depends,$$(Package/$(1)/DEPENDS)
 )$$(call addfield,License,$(LICENSE)
 )$$(call addfield,LicenseFiles,$(LICENSE_FILES)
 )$$(call addfield,Section,$(SECTION)
+)$$(call addfield,BuildsystemRevision,$(REVISION)
 )$$(call addfield,Require-User,$(USERID)
 )$(if $(PKG_CPE_ID),CPE-ID: $(PKG_CPE_ID)
 )$(if $(filter hold,$(PKG_FLAGS)),Status: unknown hold not-installed
diff --git a/package/Makefile b/package/Makefile
index 58c1ba2bbf..9ab99dadc3 100644
--- a/package/Makefile
+++ b/package/Makefile
@@ -84,7 +84,7 @@ $(curdir)/index: FORCE
mkdir -p $$d; \
cd $$d || continue; \
$(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages.manifest; \
-   grep -vE '^(Maintainer|LicenseFiles|Source|SourceName|Require)' 
Packages.manifest > Packages; \
+   grep -vE 
'^(Maintainer|LicenseFiles|Source|SourceName|Require|BuildsystemRevision)' 
Packages.manifest > Packages; \
case "$$(((64 + $$(stat -L -c%s Packages)) % 128))" in 110|111) 
\
$(call ERROR_MESSAGE,WARNING: Applying padding in 
$$d/Packages to workaround usign SHA-512 bug!); \
{ echo ""; echo ""; } >> Packages;; \
-- 
2.25.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel