[opensuse-kernel] [PATCH] rpm/kernel-obs-build.spec.in: Strip date from initrd (boo#1047218)

without this patch, there were such diffs in build-compare: +++ new//.build.initrd.kvm.cpio.extract.6630.6643/etc/shadow @@ -1 +1 @@ -root:*:18110:::::: +root:*:23621:::::: --- If this patch is not good enough, there is also https://github.com/shadow-maint/shadow/pull/146 part of Factory's shadow-4.7 but it seems that it is the build host's shadow version used or SOURCE_DATE_EPOCH is not set in that context. --- rpm/kernel-obs-build.spec.in | 1 + 1 file changed, 1 insertion(+) diff --git a/rpm/kernel-obs-build.spec.in b/rpm/kernel-obs-build.spec.in index 91ad608e44..262113fe1b 100644 --- a/rpm/kernel-obs-build.spec.in +++ b/rpm/kernel-obs-build.spec.in @@ -80,6 +80,7 @@ loaded during build when installing the kernel package. %prep %build +sed -i 's/^root:\*:[1-9][0-9]*::::::/root:*:42::::::/' /etc/shadow # strip date from dracut-generated initrd to make build reproducible (boo#1047218) mkdir -p /usr/lib/dracut/modules.d/80obs cat > /usr/lib/dracut/modules.d/80obs/module-setup.sh <<EOF #!/bin/bash -- 2.16.4 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

On Fri, 02 Aug 2019 14:13:40 +0200, Bernhard M. Wiedemann wrote:
without this patch, there were such diffs in build-compare: +++ new//.build.initrd.kvm.cpio.extract.6630.6643/etc/shadow @@ -1 +1 @@ -root:*:18110:::::: +root:*:23621::::::
---
If this patch is not good enough, there is also https://github.com/shadow-maint/shadow/pull/146 part of Factory's shadow-4.7 but it seems that it is the build host's shadow version used or SOURCE_DATE_EPOCH is not set in that context.
Well, the purpose of this package isn't to provide any package to be used, but rather preparing for the QA test with the latest kernel. So I don't think we need too much hack for the reproducible builds. It needs triggering after each build, after all. thanks, Takashi
--- rpm/kernel-obs-build.spec.in | 1 + 1 file changed, 1 insertion(+)
diff --git a/rpm/kernel-obs-build.spec.in b/rpm/kernel-obs-build.spec.in index 91ad608e44..262113fe1b 100644 --- a/rpm/kernel-obs-build.spec.in +++ b/rpm/kernel-obs-build.spec.in @@ -80,6 +80,7 @@ loaded during build when installing the kernel package. %prep
%build +sed -i 's/^root:\*:[1-9][0-9]*::::::/root:*:42::::::/' /etc/shadow # strip date from dracut-generated initrd to make build reproducible (boo#1047218) mkdir -p /usr/lib/dracut/modules.d/80obs cat > /usr/lib/dracut/modules.d/80obs/module-setup.sh <<EOF #!/bin/bash -- 2.16.4
-- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

On 09/08/2019 17.34, Takashi Iwai wrote:
On Fri, 02 Aug 2019 14:13:40 +0200, Bernhard M. Wiedemann wrote:
without this patch, there were such diffs in build-compare: +++ new//.build.initrd.kvm.cpio.extract.6630.6643/etc/shadow @@ -1 +1 @@ -root:*:18110:::::: +root:*:23621::::::
Well, the purpose of this package isn't to provide any package to be used, but rather preparing for the QA test with the latest kernel.
maybe you are thinking about kernel-obs-qa.spec that has BuildRequires: kernel-obs-build
So I don't think we need too much hack for the reproducible builds. It needs triggering after each build, after all.
https://build.opensuse.org/project/prjconf/openSUSE:Factory has VMinstall: kernel-obs-build so this is used in every OBS build. It is also published to the normal download.o.o repos, so even if nobody uses it, it wastes mirror bandwidth to publish unchanged rebuilds. [1] has general background. Ciao Bernhard M. [1] https://bugzilla.opensuse.org/show_bug.cgi?id=1047218 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

On Wed, 21 Aug 2019 14:30:35 +0200, Bernhard M. Wiedemann wrote:
On 09/08/2019 17.34, Takashi Iwai wrote:
On Fri, 02 Aug 2019 14:13:40 +0200, Bernhard M. Wiedemann wrote:
without this patch, there were such diffs in build-compare: +++ new//.build.initrd.kvm.cpio.extract.6630.6643/etc/shadow @@ -1 +1 @@ -root:*:18110:::::: +root:*:23621::::::
Well, the purpose of this package isn't to provide any package to be used, but rather preparing for the QA test with the latest kernel.
maybe you are thinking about kernel-obs-qa.spec that has BuildRequires: kernel-obs-build
So I don't think we need too much hack for the reproducible builds. It needs triggering after each build, after all.
https://build.opensuse.org/project/prjconf/openSUSE:Factory has VMinstall: kernel-obs-build
so this is used in every OBS build. It is also published to the normal download.o.o repos, so even if nobody uses it, it wastes mirror bandwidth to publish unchanged rebuilds. [1] has general background.
Oh well, it's a pure waste of resource to publish this. The OBS build uses it because it's the base of kernel-obs-* QA. But it's no normal package to be installed on users. Takashi -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

Am 21.08.19 um 15:03 schrieb Takashi Iwai:
Oh well, it's a pure waste of resource to publish this. The OBS build uses it because it's the base of kernel-obs-* QA. But it's no normal package to be installed on users.
No. People running private OBS instances also need this. Major PITA that this was not included in SLES11 SDKs for example. So kernel-obs-build definitely needs to get published with kernel updates ;-) -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

On Sun, 25 Aug 2019 13:46:23 +0200, Stefan Seyfried wrote:
Am 21.08.19 um 15:03 schrieb Takashi Iwai:
Oh well, it's a pure waste of resource to publish this. The OBS build uses it because it's the base of kernel-obs-* QA. But it's no normal package to be installed on users.
No. People running private OBS instances also need this.
Needs for which purpose? I'm really curious why this is required for any real usage (i.e. installing on a running system), since the kernel binary packages are built fine without any of such extra QA-related packages. thanks, Takashi -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

Hi Takashi, Am 25.08.19 um 18:17 schrieb Takashi Iwai:
On Sun, 25 Aug 2019 13:46:23 +0200, Stefan Seyfried wrote:
Am 21.08.19 um 15:03 schrieb Takashi Iwai:
Oh well, it's a pure waste of resource to publish this. The OBS build uses it because it's the base of kernel-obs-* QA. But it's no normal package to be installed on users.
No. People running private OBS instances also need this.
Needs for which purpose? I'm really curious why this is required for any real usage (i.e. installing on a running system), since the kernel binary packages are built fine without any of such extra QA-related packages.
The obs build script / obsworker uses kernel-obs-build (if available) for booting the build VMs. If no kernel-obs-build is available, the kernel & initrd of the obsworker host is used, which may or may not work well. ...in the past I actually had to build/package a kernel-obs-build for CentOS7 to be able to use kiwi in OBS with CentOS, because the RH patched LVM tools silently errored out on a SUSE kernel (probably a non-implemented private IOCTL or similar). https://github.com/seife/kernel-obs-build But then kernel-obs-build is just a repackaged kernel-default vmlinuz + slightly customized initrd. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org

On Mon, 26 Aug 2019 14:08:24 +0200, Stefan Seyfried wrote:
Hi Takashi,
Am 25.08.19 um 18:17 schrieb Takashi Iwai:
On Sun, 25 Aug 2019 13:46:23 +0200, Stefan Seyfried wrote:
Am 21.08.19 um 15:03 schrieb Takashi Iwai:
Oh well, it's a pure waste of resource to publish this. The OBS build uses it because it's the base of kernel-obs-* QA. But it's no normal package to be installed on users.
No. People running private OBS instances also need this.
Needs for which purpose? I'm really curious why this is required for any real usage (i.e. installing on a running system), since the kernel binary packages are built fine without any of such extra QA-related packages.
The obs build script / obsworker uses kernel-obs-build (if available) for booting the build VMs. If no kernel-obs-build is available, the kernel & initrd of the obsworker host is used, which may or may not work well.
...in the past I actually had to build/package a kernel-obs-build for CentOS7 to be able to use kiwi in OBS with CentOS, because the RH patched LVM tools silently errored out on a SUSE kernel (probably a non-implemented private IOCTL or similar). https://github.com/seife/kernel-obs-build
But then kernel-obs-build is just a repackaged kernel-default vmlinuz + slightly customized initrd.
OK, now point taken. Then it's a valid requirement of kernel-obs-build. So, back to the original problem: I believe this should be better addressed in shadow itself, instead of papering over each place via ugly hacks. thanks, Takashi -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
participants (3)
-
Bernhard M. Wiedemann
-
Stefan Seyfried
-
Takashi Iwai