Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/Documentation/kbuild/reproducible-builds.rst 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) ===================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) Reproducible builds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3) ===================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5) It is generally desirable that building the same source code with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6) the same set of tools is reproducible, i.e. the output is always
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) exactly the same.  This makes it possible to verify that the build
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) infrastructure for a binary distribution or embedded system has not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) been subverted.  This can also make it easier to verify that a source
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) or tool change does not make any difference to the resulting binaries.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) The `Reproducible Builds project`_ has more information about this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) general topic.  This document covers the various reasons why building
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) the kernel may be unreproducible, and how to avoid them.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) Timestamps
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) ----------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) The kernel embeds timestamps in three places:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) * The version string exposed by ``uname()`` and included in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22)   ``/proc/version``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) * File timestamps in the embedded initramfs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) * If enabled via ``CONFIG_IKHEADERS``, file timestamps of kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27)   headers embedded in the kernel or respective module,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28)   exposed via ``/sys/kernel/kheaders.tar.xz``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) By default the timestamp is the current time and in the case of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) ``kheaders`` the various files' modification times. This must
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) be overridden using the `KBUILD_BUILD_TIMESTAMP`_ variable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) If you are building from a git commit, you could use its commit date.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) The kernel does *not* use the ``__DATE__`` and ``__TIME__`` macros,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) and enables warnings if they are used.  If you incorporate external
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) code that does use these, you must override the timestamp they
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) correspond to by setting the `SOURCE_DATE_EPOCH`_ environment
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) variable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) User, host
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) ----------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) The kernel embeds the building user and host names in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) ``/proc/version``.  These must be overridden using the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) `KBUILD_BUILD_USER and KBUILD_BUILD_HOST`_ variables.  If you are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) building from a git commit, you could use its committer address.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) Absolute filenames
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) ------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) When the kernel is built out-of-tree, debug information may include
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) absolute filenames for the source files.  This must be overridden by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) including the ``-fdebug-prefix-map`` option in the `KCFLAGS`_ variable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) Depending on the compiler used, the ``__FILE__`` macro may also expand
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) to an absolute filename in an out-of-tree build.  Kbuild automatically
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) uses the ``-fmacro-prefix-map`` option to prevent this, if it is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) supported.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) The Reproducible Builds web site has more information about these
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) `prefix-map options`_.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) Generated files in source packages
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) ----------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) The build processes for some programs under the ``tools/``
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) subdirectory do not completely support out-of-tree builds.  This may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) cause a later source package build using e.g. ``make rpm-pkg`` to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) include generated files.  You should ensure the source tree is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) pristine by running ``make mrproper`` or ``git clean -d -f -x`` before
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) building a source package.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) Module signing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) --------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) If you enable ``CONFIG_MODULE_SIG_ALL``, the default behaviour is to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) generate a different temporary key for each build, resulting in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) modules being unreproducible.  However, including a signing key with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) your source would presumably defeat the purpose of signing modules.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) One approach to this is to divide up the build process so that the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) unreproducible parts can be treated as sources:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 1. Generate a persistent signing key.  Add the certificate for the key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86)    to the kernel source.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 2. Set the ``CONFIG_SYSTEM_TRUSTED_KEYS`` symbol to include the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89)    signing key's certificate, set ``CONFIG_MODULE_SIG_KEY`` to an
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90)    empty string, and disable ``CONFIG_MODULE_SIG_ALL``.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91)    Build the kernel and modules.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 3. Create detached signatures for the modules, and publish them as
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94)    sources.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 4. Perform a second build that attaches the module signatures.  It
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97)    can either rebuild the modules or use the output of step 2.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) Structure randomisation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) -----------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) If you enable ``CONFIG_GCC_PLUGIN_RANDSTRUCT``, you will need to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) pre-generate the random seed in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) ``scripts/gcc-plugins/randomize_layout_seed.h`` so the same value
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) is used in rebuilds.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) Debug info conflicts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) --------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) This is not a problem of unreproducibility, but of generated files
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) being *too* reproducible.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) Once you set all the necessary variables for a reproducible build, a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) vDSO's debug information may be identical even for different kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) versions.  This can result in file conflicts between debug information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) packages for the different kernel versions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) To avoid this, you can make the vDSO different for different
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) kernel versions by including an arbitrary string of "salt" in it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) This is specified by the Kconfig symbol ``CONFIG_BUILD_SALT``.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) .. _KBUILD_BUILD_TIMESTAMP: kbuild.html#kbuild-build-timestamp
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) .. _KBUILD_BUILD_USER and KBUILD_BUILD_HOST: kbuild.html#kbuild-build-user-kbuild-build-host
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) .. _KCFLAGS: kbuild.html#kcflags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) .. _prefix-map options: https://reproducible-builds.org/docs/build-path/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) .. _Reproducible Builds project: https://reproducible-builds.org/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) .. _SOURCE_DATE_EPOCH: https://reproducible-builds.org/docs/source-date-epoch/
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.