fix: reproducibility of rootfs-tree.tar#10302
Draft
basvandijk wants to merge 3 commits into
Draft
Conversation
Drop dependence on the host's fakeroot/faketime wrapper scripts when building ext4 partition images. The wrapper binaries hard-code host library paths (e.g. /usr/$LIB/faketime/libfaketime.so.1) which makes them unsuitable for reproducible builds. Instead, extract just libfaketime.so.1, faked-sysv and libfakeroot-sysv.so from the pinned noble apt snapshot, and have build_ext4_image.py spawn faked-sysv and apply LD_PRELOAD itself. Note: e2fsdroid is still resolved from PATH; replacing it with a source-built hermetic copy is a follow-up.
…ketime clock Pin Google's Android SDK platform-tools r33.0.2 zip via http_archive, expose the bundled statically-built e2fsdroid binary to build_ext4_image via a new --e2fsdroid flag, and freeze the libfaketime clock with the 'x0' speed multiplier so e2fsdroid records a deterministic i_crtime for every inode it creates (otherwise inodes created in different real seconds end up with crtime=0 vs crtime=1, cascading non-determinism through the dm-verity root hash into partition-boot).
The two artifacts are now reproducible after pinning hermetic fakeroot/faketime/e2fsdroid and freezing the libfaketime clock.
basvandijk
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.