[Buildroot] [PATCH v2] fs/tar: explicitly set extended header values to ensure binary reproducibility

Atharva Lele itsatharva at gmail.com
Thu Jul 4 18:22:41 UTC 2019


On Thursday, July 4, 2019 11:58:21 AM IST Peter Korsgaard wrote:
> >>>>> "Atharva" == Atharva Lele <itsatharva at gmail.com> writes:
>  > Since we use --xattrs-include='*' to include all extended attributes,
>  > tar creates a PAX formatted archive. The archive metadata captures atime
>  > and ctime of files. To fix this, GNU recommends that we pass this added
>  > argument to tar to create binary reproducible packages. Setting of mtime
>  > is handled in fs/common.mk using touch on all files.
>  > 
>  > Diffoscope output pre-change: https://gitlab.com/snippets/1871111
>  > Diffoscope output after change is blank i.e. binary reproducibile rootfs
>  > is created.
>  > 
>  > GNU Recommendation:
>  > https://www.gnu.org/software/tar/manual/tar.html#SEC147
>  > 
>  > Signed-off-by: Atharva Lele <itsatharva at gmail.com>
>  > 
>  >  fs/tar/tar.mk | 4 ++++
>  >  1 file changed, 4 insertions(+)
>  > 
>  > diff --git a/fs/tar/tar.mk b/fs/tar/tar.mk
>  > index 4c6327ace8..f6d11baa84 100644
>  > --- a/fs/tar/tar.mk
>  > +++ b/fs/tar/tar.mk
>  > @@ -8,6 +8,10 @@ TAR_OPTS := $(call
>  > qstrip,$(BR2_TARGET_ROOTFS_TAR_OPTIONS)) > 
>  >  ROOTFS_TAR_DEPENDENCIES = $(BR2_TAR_HOST_DEPENDENCY)
>  > 
>  > +ifeq ($(BR2_REPRODUCIBLE),y)
>  > +TAR_OPTS += --pax-option=exthdr.name=%d/PaxHeaders/%f,atime:=0,ctime:=0
>  > +endif
> 
> It would be good to add a short comment saying something like
> 
> # don't store atime/ctime
> 

Definitely. Will do in a v3.

> Is there any use case for ever storing these in the rootfs, or should we
> just do this fix unconditionally?

Personally, I can't think of a reason why we'd want to store atime/ctime in 
the rootfs. I think they got included when we added --xattrs-include='*'

Arnout, Matt and Yann: any thoughts on that?

-- 
Regards,
Atharva Lele




More information about the buildroot mailing list