diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2016-12-20 10:27:13 +0100 |
|---|---|---|
| committer | Joachim F <joachifm@users.noreply.github.com> | 2016-12-20 14:00:04 +0100 |
| commit | 5a8147479e794d5932273d01790c3602b8abeedc (patch) | |
| tree | b42232071a36e63f3fc6f685dfc60d643c77ba9c /pkgs/build-support/kernel | |
| parent | 49e3190efa3e307f48d3d3ebfefb421bc5956a6b (diff) | |
| download | nixpkgs-5a8147479e794d5932273d01790c3602b8abeedc.tar nixpkgs-5a8147479e794d5932273d01790c3602b8abeedc.tar.gz nixpkgs-5a8147479e794d5932273d01790c3602b8abeedc.tar.bz2 nixpkgs-5a8147479e794d5932273d01790c3602b8abeedc.tar.lz nixpkgs-5a8147479e794d5932273d01790c3602b8abeedc.tar.xz nixpkgs-5a8147479e794d5932273d01790c3602b8abeedc.tar.zst nixpkgs-5a8147479e794d5932273d01790c3602b8abeedc.zip | |
make-initrd: create reproducible initrds
To achieve reproducible results, `cpio` archive members are added in sorted order and inodes renumbered. The `cpio-clean.pl` script is made obsolete by setting mtimes via `touch` & using `cpio --reproducible`. Suggested by @dezgeg in https://github.com/NixOS/nixpkgs/pull/21273#issuecomment-268116605. Note that using `--reproducible` means that initial ramdisk creation now requires at least `cpio` version 2.12 (released in 2015).
Diffstat (limited to 'pkgs/build-support/kernel')
| -rw-r--r-- | pkgs/build-support/kernel/cpio-clean.pl | 17 | ||||
| -rw-r--r-- | pkgs/build-support/kernel/make-initrd.nix | 7 | ||||
| -rw-r--r-- | pkgs/build-support/kernel/make-initrd.sh | 3 |
3 files changed, 5 insertions, 22 deletions
diff --git a/pkgs/build-support/kernel/cpio-clean.pl b/pkgs/build-support/kernel/cpio-clean.pl deleted file mode 100644 index ddc6435a5a8..00000000000 --- a/pkgs/build-support/kernel/cpio-clean.pl +++ /dev/null @@ -1,17 +0,0 @@ -use strict; - -# Make inode number, link info and mtime consistent in order to get a consistent hash. -# -# Author: Alexander Kjeldaas <ak@formalprivacy.com> - -use Archive::Cpio; - -my $cpio = Archive::Cpio->new; -my $IN = \*STDIN; -my $ino = 1; -$cpio->read_with_handler($IN, sub { - my ($e) = @_; - $e->{mtime} = 1; - $cpio->write_one(\*STDOUT, $e); - }); -$cpio->write_trailer(\*STDOUT); diff --git a/pkgs/build-support/kernel/make-initrd.nix b/pkgs/build-support/kernel/make-initrd.nix index 895160616b7..092ab4586b3 100644 --- a/pkgs/build-support/kernel/make-initrd.nix +++ b/pkgs/build-support/kernel/make-initrd.nix @@ -12,10 +12,10 @@ # `contents = {object = ...; symlink = /init;}' is a typical # argument. -{ stdenv, perl, perlArchiveCpio, cpio, contents, ubootChooser, compressor, prepend }: +{ stdenv, perl, cpio, contents, ubootChooser, compressor, prepend }: let - inputsFun = ubootName : [perl cpio perlArchiveCpio ] + inputsFun = ubootName : [ perl cpio ] ++ stdenv.lib.optional (ubootName != null) [ (ubootChooser ubootName) ]; makeUInitrdFun = ubootName : (ubootName != null); in @@ -30,12 +30,11 @@ stdenv.mkDerivation { objects = map (x: x.object) contents; symlinks = map (x: x.symlink) contents; suffices = map (x: if x ? suffix then x.suffix else "none") contents; - + # For obtaining the closure of `contents'. exportReferencesGraph = map (x: [("closure-" + baseNameOf x.symlink) x.object]) contents; pathsFromGraph = ./paths-from-graph.pl; - cpioClean = ./cpio-clean.pl; crossAttrs = { nativeBuildInputs = inputsFun stdenv.cross.platform.uboot; diff --git a/pkgs/build-support/kernel/make-initrd.sh b/pkgs/build-support/kernel/make-initrd.sh index 89021caa583..0aeaedeb372 100644 --- a/pkgs/build-support/kernel/make-initrd.sh +++ b/pkgs/build-support/kernel/make-initrd.sh @@ -39,7 +39,8 @@ mkdir -p $out for PREP in $prepend; do cat $PREP >> $out/initrd done -(cd root && find * -print0 | cpio -o -H newc -R 0:0 --null | perl $cpioClean | $compressor >> $out/initrd) +(cd root && find * -print0 | xargs -0r touch -h -d '@1') +(cd root && find * -print0 | sort -z | cpio -o -H newc -R +0:+0 --reproducible --null | $compressor >> $out/initrd) if [ -n "$makeUInitrd" ]; then mv $out/initrd $out/initrd.gz |