Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in at 2018-11-13 16:23:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen"
Tue Nov 13 16:23:37 2018 rev:256 rq:647072 version:4.11.0_09
Changes:
--------
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2018-10-18 15:28:32.178841944 +0200
+++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2018-11-13 16:23:56.974832220 +0100
@@ -1,0 +2,8 @@
+Wed Oct 24 08:21:01 UTC 2018 - Bernhard Wiedemann
+
+- make package build reproducible (boo#1047218, boo#1062303)
+ * Set SMBIOS_REL_DATE
+ * Update tmp_build.patch to use SHA instead of random build-id
+ * Add reproducible.patch to use --no-insert-timestamp
+
+-------------------------------------------------------------------
New:
----
reproducible.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xen.spec ++++++
--- /var/tmp/diff_new_pack.kdvWrF/_old 2018-11-13 16:23:59.534827759 +0100
+++ /var/tmp/diff_new_pack.kdvWrF/_new 2018-11-13 16:23:59.538827752 +0100
@@ -268,6 +268,7 @@
# Build patches
Patch99996: xen.stubdom.newlib.patch
Patch99998: tmp_build.patch
+Patch99999: reproducible.patch
Url: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define pyver %(python3 -c "import sys; print(sys.version[:3])")
@@ -517,6 +518,7 @@
# Build patches
%patch99996 -p1
%patch99998 -p1
+%patch99999 -p1
%build
# JWF: Anthony's series to load BIOS from toolstack requires autogen.sh.
@@ -553,7 +555,7 @@
export GIT=$(type -P false)
export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS"
export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS"
-export SMBIOS_DATE="$SMBIOS_DATE"
+export SMBIOS_REL_DATE="$SMBIOS_DATE"
export RELDATE="$RELDATE"
XEN_VERSION=$XEN_VERSION
XEN_SUBVERSION=$XEN_SUBVERSION
++++++ reproducible.patch ++++++
commit e4c8f21e198e739e279b274c17e9246ea9a6d8e5
Author: Bernhard M. Wiedemann
Date: Wed Oct 24 09:50:26 2018 +0200
x86/efi: Do not insert timestamps in efi files
in order to make builds reproducible.
See https://reproducible-builds.org/ for why this is good.
We only add the option, if ld understands it.
Signed-off-by: Bernhard M. Wiedemann
diff --git a/Config.mk b/Config.mk
index 9b13e75a3e..46b064bcae 100644
--- a/Config.mk
+++ b/Config.mk
@@ -151,6 +151,14 @@ export XEN_HAS_BUILD_ID=y
build_id_linker := --build-id=sha1
endif
+ld-ver-timestamp = $(shell $(1) -mi386pep --no-insert-timestamp 2>&1 | \
+ grep -q no-insert-timestamp && echo n || echo y)
+ifeq ($(call ld-ver-timestamp,$(LD)),n)
+ld_no_insert_timestamp :=
+else
+ld_no_insert_timestamp := --no-insert-timestamp
+endif
+
ifndef XEN_HAS_CHECKPOLICY
CHECKPOLICY ?= checkpolicy
XEN_HAS_CHECKPOLICY := $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen && echo y || echo n)
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index 162b0b94c0..866125a8ac 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -158,6 +158,7 @@ note.o: $(TARGET)-syms
EFI_LDFLAGS = $(patsubst -m%,-mi386pep,$(LDFLAGS)) --subsystem=10
EFI_LDFLAGS += --image-base=$(1) --stack=0,0 --heap=0,0 --strip-debug
+EFI_LDFLAGS += $(ld_no_insert_timestamp)
EFI_LDFLAGS += --section-alignment=0x200000 --file-alignment=0x20
EFI_LDFLAGS += --major-image-version=$(XEN_VERSION)
EFI_LDFLAGS += --minor-image-version=$(XEN_SUBVERSION)
++++++ tmp_build.patch ++++++
--- /var/tmp/diff_new_pack.kdvWrF/_old 2018-11-13 16:23:59.902827118 +0100
+++ /var/tmp/diff_new_pack.kdvWrF/_new 2018-11-13 16:23:59.902827118 +0100
@@ -22,7 +22,7 @@
xenstore: xenstore_client.o $(LIBXENSTORE)
$(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
-+ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=uuid -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@
++ $(CC) $< $(CFLAGS) $(LDFLAGS) -Wl,--build-id=sha1 -L. -lxenstore $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o domu-$@
xenstore-control: xenstore_control.o $(LIBXENSTORE)
$(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(LDLIBS_libxentoolcore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)