diff mbox series

kernel-yocto: make kernel commits reproducible

Message ID 20241217074547.1601328-1-ejo@pengutronix.de
State New
Headers show
Series kernel-yocto: make kernel commits reproducible | expand

Commit Message

Enrico Jörns Dec. 17, 2024, 7:45 a.m. UTC 
The git commit hashes for the kernel checkout are not reproducible under
certain conditions:

- If the git repository is initialized on an archive (rather than a
  git), the initial git commit not only has the current user name set,
  it also uses the current system time as committer and author date.
  This will affect the initial git hash and thus all subsequent ones.

- The patches applied by the kern-tools have a valid author and date.
  However, their committer again depends on the user building the BSP.

This is an issue, for example, if one compiles a kernel with
CONFIG_LOCALVERSION_AUTO enabled where the commit hash lands into the
kernel and thus the package version. This not only makes the package
version non-reproducible, but also leads to version mismatches between
kernel modules built against a fresh kernel checkout and the kernel
retrieved from the sstate cache.

The class uses 'check_git_config', but this only sets the git user and
only if none existed before. Thus it doesn't really help here.

Since in Git the committer information can be set only from the
environment variables GIT_COMMITTER_NAME, GIT_COMMITTER_EMAIL, and
GIT_COMMITTER_DATE, we introduce the helper function
'reproducible_git_committer' here to set those.
As values simply use PATCH_GIT_USER_NAME, PATCH_GIT_USER_EMAIL (from
patch.bbclass) and SOURCE_DATE_EPOCH.

Using this helper makes the committer date/name/email for the initial
reproducible, as well as the committer name/email for the patches
applied with kern-tools.

What's still missing is the initial commit's date/name/email which we
just set explicitly via command line arguments.

Suggested-by: Felix Klöckner <F.Kloeckner@weinmann-emt.de>
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
---
 meta/classes-recipe/kernel-yocto.bbclass | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/classes-recipe/kernel-yocto.bbclass b/meta/classes-recipe/kernel-yocto.bbclass
index a5d89dc2c8..1ba2f91e62 100644
--- a/meta/classes-recipe/kernel-yocto.bbclass
+++ b/meta/classes-recipe/kernel-yocto.bbclass
@@ -9,6 +9,12 @@  SRCTREECOVEREDTASKS += "do_validate_branches do_kernel_configcheck do_kernel_che
 PATCH_GIT_USER_EMAIL ?= "kernel-yocto@oe"
 PATCH_GIT_USER_NAME ?= "OpenEmbedded"
 
+reproducible_git_committer() {
+	export GIT_COMMITTER_NAME="${PATCH_GIT_USER_NAME}"
+	export GIT_COMMITTER_EMAIL="${PATCH_GIT_USER_EMAIL}"
+	export GIT_COMMITTER_DATE="$(date -d @${SOURCE_DATE_EPOCH})"
+}
+
 # The distro or local.conf should set this, but if nobody cares...
 LINUX_KERNEL_TYPE ??= "standard"
 
@@ -349,6 +355,7 @@  do_patch() {
 	cd ${S}
 
 	check_git_config
+	reproducible_git_committer
 	meta_dir=$(kgit --meta)
 	(cd ${meta_dir}; ln -sf patch.queue series)
 	if [ -f "${meta_dir}/series" ]; then
@@ -431,8 +438,9 @@  do_kernel_checkout() {
 		rm -f .gitignore
 		git init
 		check_git_config
+		reproducible_git_committer
 		git add .
-		git commit -q -n -m "baseline commit: creating repo for ${PN}-${PV}"
+		git commit --author="${PATCH_GIT_USER_NAME} <${PATCH_GIT_USER_EMAIL}>" --date=${SOURCE_DATE_EPOCH} -q -n -m "baseline commit: creating repo for ${PN}-${PV}"
 		git clean -d -f
 	fi