aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Atharva Lele <itsatharva@gmail.com>2019-07-06 12:25:01 +0530
committerGravatar Peter Korsgaard <peter@korsgaard.com>2019-07-14 12:21:11 +0200
commit9c449f9dd8d6a5f3545a7c191b64cd7cd886ce58 (patch)
tree6c31037556f1fc07e4265e044a3c6a0831c4133a
parent3a8b7f75acdda9e7155da80e7cf63970a06f34b0 (diff)
downloadbuildroot-9c449f9dd8d6a5f3545a7c191b64cd7cd886ce58.tar.gz
buildroot-9c449f9dd8d6a5f3545a7c191b64cd7cd886ce58.tar.bz2
fs/tar: explicitly set extended header values to ensure binary reproducibility
Since we use --xattrs-include='*' to include all extended attributes, tar creates a PAX formatted archive. The archive metadata captures atime and ctime of files. To fix this, GNU recommends that we pass this added argument to tar to create binary reproducible packages. Setting of mtime is handled in fs/common.mk using touch on all files. Diffoscope output pre-change: https://gitlab.com/snippets/1871111 Diffoscope output after change is blank i.e. binary reproducibile rootfs is created. GNU Recommendation: https://www.gnu.org/software/tar/manual/tar.html#SEC147 Signed-off-by: Atharva Lele <itsatharva@gmail.com> Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--fs/tar/tar.mk3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/tar/tar.mk b/fs/tar/tar.mk
index 4c6327ace8..393d01bfe8 100644
--- a/fs/tar/tar.mk
+++ b/fs/tar/tar.mk
@@ -8,6 +8,9 @@ TAR_OPTS := $(call qstrip,$(BR2_TARGET_ROOTFS_TAR_OPTIONS))
ROOTFS_TAR_DEPENDENCIES = $(BR2_TAR_HOST_DEPENDENCY)
+# do not store atime/ctime in PaxHeaders to ensure reproducbility
+TAR_OPTS += --pax-option=exthdr.name=%d/PaxHeaders/%f,atime:=0,ctime:=0
+
define ROOTFS_TAR_CMD
(cd $(TARGET_DIR); find -print0 | LC_ALL=C sort -z | \
tar $(TAR_OPTS) -cf $@ --null --xattrs-include='*' --no-recursion -T - --numeric-owner)