diff --git a/config/buildroot/configs/airgap_x86_64_defconfig b/config/buildroot/configs/airgap_x86_64_defconfig index 9481fc2..0986c87 100644 --- a/config/buildroot/configs/airgap_x86_64_defconfig +++ b/config/buildroot/configs/airgap_x86_64_defconfig @@ -694,7 +694,7 @@ BR2_PACKAGE_CMAKE_ARCH_SUPPORTS=y # BR2_PACKAGE_GAWK is not set # BR2_PACKAGE_GETTEXT is not set BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" -BR2_PACKAGE_GIT=y +# BR2_PACKAGE_GIT is not set # # git-crypt needs a toolchain w/ C++, gcc >= 4.9 @@ -3437,7 +3437,7 @@ BR2_PACKAGE_PROVIDES_HOST_RUSTC="host-rust-bin" BR2_PACKAGE_HOST_UTIL_LINUX=y # BR2_PACKAGE_HOST_UTP_COM is not set # BR2_PACKAGE_HOST_VBOOT_UTILS is not set -# BR2_PACKAGE_HOST_XORRISO is not set +BR2_PACKAGE_HOST_XORRISO=y # BR2_PACKAGE_HOST_ZIP is not set # BR2_PACKAGE_HOST_ZSTD is not set diff --git a/config/buildroot/patches/deterministic-cpio.patch b/config/buildroot/patches/deterministic-cpio.patch index 9af00bc..c68ef8e 100644 --- a/config/buildroot/patches/deterministic-cpio.patch +++ b/config/buildroot/patches/deterministic-cpio.patch @@ -1,16 +1,24 @@ diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk -index 28a435dd5e..81f8c393d1 100644 +index 28a435dd5e..72923ded47 100644 --- a/fs/cpio/cpio.mk +++ b/fs/cpio/cpio.mk -@@ -37,7 +37,11 @@ ROOTFS_CPIO_OPTS += --reproducible +@@ -32,12 +32,17 @@ ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT + # --reproducible option was introduced in cpio v2.12, which may not be + # available in some old distributions, so we build host-cpio + ifeq ($(BR2_REPRODUCIBLE),y) +-ROOTFS_CPIO_DEPENDENCIES += host-cpio +-ROOTFS_CPIO_OPTS += --reproducible ++ROOTFS_CPIO_DEPENDENCIES += host-cpio host-libarchive endif define ROOTFS_CPIO_CMD - cd $(TARGET_DIR) && find . | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc > $@ -+ cd $(TARGET_DIR) && \ -+ find . \ -+ | LC_ALL=C sort \ -+ | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc \ ++ cd $(TARGET_DIR) \ ++ && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \ ++ && find . -mindepth 1 -printf '%P\0' \ ++ | sort -z \ ++ | LANG=C bsdtar --null -cnf - -T - \ ++ | LANG=C bsdtar --uid 0 --gid 0 --null -cf - --format=newc @- \ + > $@ endef diff --git a/config/buildroot/patches/deterministic-iso9660.patch b/config/buildroot/patches/deterministic-iso9660.patch index d9b8e7a..f84d17c 100644 --- a/config/buildroot/patches/deterministic-iso9660.patch +++ b/config/buildroot/patches/deterministic-iso9660.patch @@ -1,14 +1,37 @@ diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk -index a129655ce3..3128abd6ff 100644 +index a129655ce3..1adaf15923 100644 --- a/fs/iso9660/iso9660.mk +++ b/fs/iso9660/iso9660.mk -@@ -129,7 +129,8 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD +@@ -24,7 +24,7 @@ + + ROOTFS_ISO9660_BOOT_MENU = $(call qstrip,$(BR2_TARGET_ROOTFS_ISO9660_BOOT_MENU)) + +-ROOTFS_ISO9660_DEPENDENCIES = host-cdrkit linux ++ROOTFS_ISO9660_DEPENDENCIES = host-xorriso host-cdrkit linux + + ifeq ($(BR2_TARGET_ROOTFS_INITRAMFS),y) + ROOTFS_ISO9660_USE_INITRD = YES +@@ -129,10 +129,20 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD endif # ROOTFS_ISO9660_USE_INITRD define ROOTFS_ISO9660_CMD - $(HOST_DIR)/bin/genisoimage -J -R -b $(ROOTFS_ISO9660_BOOT_IMAGE) \ -+LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 \ -+ $(HOST_DIR)/bin/genisoimage -J -r -b $(ROOTFS_ISO9660_BOOT_IMAGE) \ - -no-emul-boot -boot-load-size 4 -boot-info-table \ +- -no-emul-boot -boot-load-size 4 -boot-info-table \ ++ $(HOST_DIR)/bin/xorriso \ ++ -as mkisofs \ ++ -R \ ++ -joliet \ ++ -eltorito-boot $(ROOTFS_ISO9660_BOOT_IMAGE) \ ++ -no-emul-boot \ ++ -boot-load-size 4 \ ++ -boot-info-table \ $(ROOTFS_ISO9660_GENISOIMAGE_OPTS) \ - -o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR) +- -o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR) ++ -o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR) \ ++ -- \ ++ -uid 0 \ ++ -gid 0 \ ++ -volume_date all_file_dates "=$(SOURCE_DATE_EPOCH)" + endef + + ifeq ($(BR2_TARGET_ROOTFS_ISO9660_HYBRID),y) diff --git a/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc b/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc new file mode 100644 index 0000000..3a3c36d --- /dev/null +++ b/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+MHi0ACgkQjkeh7DWh +VR3R7g//eMwhYNlK6kiC/d5klvYyTma+xOU8WHoNaEqTLlThgDzfbG2PjqkMLufq +CTNVfFfQn1I+fsIxoGbF5cAsf7J+WfOI/DFuDCyTdDJbF79LmGzFkEsWGBglH13M +v5fd3hRxF6mslWMiiS/zmcGkchPdPggYPz6QHU3YYXHOYAkPSc43Yi9/3AqkhKA/ +YHcy/O1qLGJP8jCnLD2iMuPijVynIW7PceKf7Za9zPZOII72cM5TOP5l8MkIc+nT +2izmizfIxNYIeOePWohehEJfLF8mxDvjHmzE/bcoMv+jxBcRFn4tPU1b+9Aou7cn +S3Zj8bUGpnh6Sae9j+6PG2fmh8yVOG3GpysNn+enFXq5RCGn+c5NxJ+3hQxuXjeE +h+VMS/e3s+TXKvxk6uS3RPcfB6LuzkMiDuQHUbR1i+j9x7+TVa4uuNdxnK3rQZNc +6pwA60Xwtm4Z/hmypVdZsrEY0p5Mbv6QdbNm95Q3lgMRlheKz6/C0IKmdZbE8/fk +8Z7xuga+oXgR1SWhBFfNTZhYmhoKMcwPZGIaqE3t2wvRyUM5XfMzqfYHj8DLrKiN +9MeYhatUr3WuebH2pyculz0H0/KwkWTgeT7Eil57Ds/gi5/SNCyLqdcjmTOqbm+b +CVizlaP5/yZ7QSRbDMgfJYoz5F8mg6LBvXQ0yeEPJ/5iMF5j80c= +=Lwky +-----END PGP SIGNATURE----- diff --git a/release/1.0.0rc11/hashes.txt b/release/1.0.0rc11/hashes.txt new file mode 100644 index 0000000..4d26cb4 --- /dev/null +++ b/release/1.0.0rc11/hashes.txt @@ -0,0 +1,3 @@ +aca395e58cdb23e9bb05aaa32b99695fe0a8e67e2dcd9d3be9c1f9a432af3396 *release/1.0.0rc11/librem13v4.rom +7919f38c385e86586cbd0e7cfc2ef8605674e7f08cb8ef793a4b1ddfc115b116 *release/1.0.0rc11/librem15v4.rom +0eddffabda43ac3c13e572f5aee30339b478835f510d99f35b0239715f246cd3 *release/1.0.0rc11/airgap_x86_64.iso diff --git a/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc b/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc new file mode 100644 index 0000000..dfe887b --- /dev/null +++ b/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+MHisACgkQjkeh7DWh +VR1YFA//dbKhdw1Qnb6fbsE5cRoAj/IVXLDyhhFw+ocHZy3TeMMxw3LhkVnuat/+ +JgvwVnebGwixZR9FNcegpBV/sGkAOr6QWPP4fIBKcA30sqShzuNAWnxUL1mB1Txq +zLtre7MeKwLBkOK/dwMf8r9zNVnjD6f+CwkGdgdttZTc7Ddjhg0iJZgusLJpqf5c +Xs9FJwU1GHsjSOa5cgg8TURLoJmVXfKhz3yb32AjwfVxrYhHjxS02d7j8xipAYeB +ARZmprZ6QFYvuK2qQGeVTD5XdlpwmZ31JlGRyursN3BpDJj4uhYIuoJ8bAYbPVBU +/RM5FkKoWxgL3hGZO+MU666Z/A/KoiTBna5Kcb5Oe5VNIH8KbwHYv6Na0N73+ut1 +Q0pTAIqaxETYyXvfd534SvfucatkH6KaKu0pMdDu7t5hskkvZ3maNyjQjdHsm59f +XQpbTavn0EWMqZIOhDOBChsiHLEKcrWvB2mU9cgY6K96V4HE4IBq9fv9vO2clP+Y +5Qgh+8BEwROIZ1K6pcPqxeWBHJXdYUCqkmsiklC1Y58+etzCBKLNnHlr9s13g7WE +ObvEGdfiZl2odUoQ7FDiM1+JoKiOzWGUaRtjOSjrXgt7xt/wihBF5nA/P6IFgJ/5 +G4YKVJXKA36/EJncq6qUH/FymkQtLyro2tYodvHOT2BhVnlbuhw= +=ZHZT +-----END PGP SIGNATURE----- diff --git a/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc b/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc new file mode 100644 index 0000000..59eb193 --- /dev/null +++ b/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+MHigACgkQjkeh7DWh +VR3rJA//TTUV0G2Ad78pef8H8y0Pz9afe4fWCqSnMz1P0t7fPor00fONpaMfZdTb +btvM9gpm7ZpPUtEXA7tCQB61kgJk2C01dtdgIK+rdwIZvrK0NxNmE2fdHKbrxqny +KFzg3IOCVrP59/vtDrqaK7kFDdhAzn3zqeLMBRAv25GgWm7IhIeaIpFskCvcrIbo +My5FzbLpyeEA+neKpF9rM/z89RmM/QBo+kBLNWztHOVREUXnf2EibIG7t4riTrC0 +M51vaZs75k6YbZJ95RzLiqSmsHy2enGPe29EeYtCIH3Pn/F4MaDAE4eBU7BeNijK +UTP+hnXfsjUSWHsbPGmqvRVD44uJVJFm95bXIhU1aF0ckk/E1HEe9/X6OJH91ZmP +JlqdEy2De6CV+/yKkH+45O1eWHhEMaIS1+ZZ3M14HQ0XSLwA4QjlLy/EhSDelxb3 +gsVjg9uIeckZDpMLtYjHJZuAFLhZg1OY46hU9Imi1hh6+rWGHcCi8b0tksN/bZdJ +gqvNSW4I4LRoEOO/SSOQ49o89/xy6ce53fLcjmFet1q/sNO5LgdmtmNDa+DMgy/i +ZTtXCdxvRzdX5YmY18Lusox5MO9znphlgimfpXOMk2A09deILZ/z1H4kBOe9mGvA +ytTJWvBv0RdpiCDQ8RpiVOFRPX6v6u5quu0kp4kldmJVmWRv7O4= +=L+qi +-----END PGP SIGNATURE----- diff --git a/scripts/environment b/scripts/environment index f3c41a6..c604404 100755 --- a/scripts/environment +++ b/scripts/environment @@ -13,4 +13,3 @@ export BUILDROOT_REPO=git://git.busybox.net/buildroot export HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git export FAKETIME="@${GIT_DATETIME?}" export SOURCE_DATE_EPOCH="${GIT_EPOCH?}" -export ROOTFS_ISO9660_GENISOIMAGE_OPTS="-creation-date=${GIT_EPOCH} "