From d0e04eeb904f96374ccd4eaebc9e73239b854fcb Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Fri, 16 Oct 2020 23:49:48 -0700 Subject: [PATCH 1/7] disable inode caching in genisoimage to work around miscounted hardlink bug --- config/buildroot/patches/deterministic-iso9660.patch | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/config/buildroot/patches/deterministic-iso9660.patch b/config/buildroot/patches/deterministic-iso9660.patch index d9b8e7a..6460667 100644 --- a/config/buildroot/patches/deterministic-iso9660.patch +++ b/config/buildroot/patches/deterministic-iso9660.patch @@ -1,14 +1,16 @@ diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk -index a129655ce3..3128abd6ff 100644 +index a129655ce3..7cda68f7fb 100644 --- a/fs/iso9660/iso9660.mk +++ b/fs/iso9660/iso9660.mk -@@ -129,7 +129,8 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD +@@ -129,8 +129,9 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD endif # ROOTFS_ISO9660_USE_INITRD define ROOTFS_ISO9660_CMD - $(HOST_DIR)/bin/genisoimage -J -R -b $(ROOTFS_ISO9660_BOOT_IMAGE) \ +- -no-emul-boot -boot-load-size 4 -boot-info-table \ +LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 \ + $(HOST_DIR)/bin/genisoimage -J -r -b $(ROOTFS_ISO9660_BOOT_IMAGE) \ - -no-emul-boot -boot-load-size 4 -boot-info-table \ ++ -no-cache-inodes -no-emul-boot -boot-load-size 4 -boot-info-table \ $(ROOTFS_ISO9660_GENISOIMAGE_OPTS) \ -o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR) + endef From 28ba130ceae64ce7c39b91f8534bc639ce00a7d5 Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Sat, 17 Oct 2020 15:37:12 -0700 Subject: [PATCH 2/7] swap buggy/broken genisofs for maintained xorriso --- .../buildroot/configs/airgap_x86_64_defconfig | 2 +- .../patches/deterministic-iso9660.patch | 24 +++++++++++++++---- scripts/environment | 1 - 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/config/buildroot/configs/airgap_x86_64_defconfig b/config/buildroot/configs/airgap_x86_64_defconfig index 9481fc2..d38cf03 100644 --- a/config/buildroot/configs/airgap_x86_64_defconfig +++ b/config/buildroot/configs/airgap_x86_64_defconfig @@ -3437,7 +3437,7 @@ BR2_PACKAGE_PROVIDES_HOST_RUSTC="host-rust-bin" BR2_PACKAGE_HOST_UTIL_LINUX=y # BR2_PACKAGE_HOST_UTP_COM is not set # BR2_PACKAGE_HOST_VBOOT_UTILS is not set -# BR2_PACKAGE_HOST_XORRISO is not set +BR2_PACKAGE_HOST_XORRISO=y # BR2_PACKAGE_HOST_ZIP is not set # BR2_PACKAGE_HOST_ZSTD is not set diff --git a/config/buildroot/patches/deterministic-iso9660.patch b/config/buildroot/patches/deterministic-iso9660.patch index 6460667..ecccc0c 100644 --- a/config/buildroot/patches/deterministic-iso9660.patch +++ b/config/buildroot/patches/deterministic-iso9660.patch @@ -1,16 +1,30 @@ diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk -index a129655ce3..7cda68f7fb 100644 +index a129655ce3..068d332876 100644 --- a/fs/iso9660/iso9660.mk +++ b/fs/iso9660/iso9660.mk -@@ -129,8 +129,9 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD +@@ -24,7 +24,7 @@ + + ROOTFS_ISO9660_BOOT_MENU = $(call qstrip,$(BR2_TARGET_ROOTFS_ISO9660_BOOT_MENU)) + +-ROOTFS_ISO9660_DEPENDENCIES = host-cdrkit linux ++ROOTFS_ISO9660_DEPENDENCIES = host-xorriso host-cdrkit linux + + ifeq ($(BR2_TARGET_ROOTFS_INITRAMFS),y) + ROOTFS_ISO9660_USE_INITRD = YES +@@ -129,8 +129,14 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD endif # ROOTFS_ISO9660_USE_INITRD define ROOTFS_ISO9660_CMD - $(HOST_DIR)/bin/genisoimage -J -R -b $(ROOTFS_ISO9660_BOOT_IMAGE) \ - -no-emul-boot -boot-load-size 4 -boot-info-table \ -+LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 \ -+ $(HOST_DIR)/bin/genisoimage -J -r -b $(ROOTFS_ISO9660_BOOT_IMAGE) \ -+ -no-cache-inodes -no-emul-boot -boot-load-size 4 -boot-info-table \ ++ $(HOST_DIR)/bin/xorriso \ ++ -as mkisofs \ ++ -rock \ ++ -joliet \ ++ -eltorito-boot $(ROOTFS_ISO9660_BOOT_IMAGE) \ ++ -no-emul-boot \ ++ -boot-load-size 4 \ ++ -boot-info-table \ $(ROOTFS_ISO9660_GENISOIMAGE_OPTS) \ -o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR) endef diff --git a/scripts/environment b/scripts/environment index f3c41a6..c604404 100755 --- a/scripts/environment +++ b/scripts/environment @@ -13,4 +13,3 @@ export BUILDROOT_REPO=git://git.busybox.net/buildroot export HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git export FAKETIME="@${GIT_DATETIME?}" export SOURCE_DATE_EPOCH="${GIT_EPOCH?}" -export ROOTFS_ISO9660_GENISOIMAGE_OPTS="-creation-date=${GIT_EPOCH} " From a9020ee29d5eacd8e0d7f90d2e8e9bed226f52be Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Sat, 17 Oct 2020 17:12:59 -0700 Subject: [PATCH 3/7] tested deterministic xorriso options --- .../buildroot/patches/deterministic-iso9660.patch | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/config/buildroot/patches/deterministic-iso9660.patch b/config/buildroot/patches/deterministic-iso9660.patch index ecccc0c..f84d17c 100644 --- a/config/buildroot/patches/deterministic-iso9660.patch +++ b/config/buildroot/patches/deterministic-iso9660.patch @@ -1,5 +1,5 @@ diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk -index a129655ce3..068d332876 100644 +index a129655ce3..1adaf15923 100644 --- a/fs/iso9660/iso9660.mk +++ b/fs/iso9660/iso9660.mk @@ -24,7 +24,7 @@ @@ -11,7 +11,7 @@ index a129655ce3..068d332876 100644 ifeq ($(BR2_TARGET_ROOTFS_INITRAMFS),y) ROOTFS_ISO9660_USE_INITRD = YES -@@ -129,8 +129,14 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD +@@ -129,10 +129,20 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD endif # ROOTFS_ISO9660_USE_INITRD define ROOTFS_ISO9660_CMD @@ -19,12 +19,19 @@ index a129655ce3..068d332876 100644 - -no-emul-boot -boot-load-size 4 -boot-info-table \ + $(HOST_DIR)/bin/xorriso \ + -as mkisofs \ -+ -rock \ ++ -R \ + -joliet \ + -eltorito-boot $(ROOTFS_ISO9660_BOOT_IMAGE) \ + -no-emul-boot \ + -boot-load-size 4 \ + -boot-info-table \ $(ROOTFS_ISO9660_GENISOIMAGE_OPTS) \ - -o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR) +- -o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR) ++ -o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR) \ ++ -- \ ++ -uid 0 \ ++ -gid 0 \ ++ -volume_date all_file_dates "=$(SOURCE_DATE_EPOCH)" endef + + ifeq ($(BR2_TARGET_ROOTFS_ISO9660_HYBRID),y) From 2ccea0848029392b29fdf6e437d26ce9651b04bc Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Sat, 17 Oct 2020 17:20:24 -0700 Subject: [PATCH 4/7] 1.0.0rc11 --- .../airgap_x86_64.iso.8E47A1EC35A1551D.asc | 16 ++++++++++++++++ release/1.0.0rc11/hashes.txt | 3 +++ .../librem13v4.rom.8E47A1EC35A1551D.asc | 16 ++++++++++++++++ .../librem15v4.rom.8E47A1EC35A1551D.asc | 16 ++++++++++++++++ 4 files changed, 51 insertions(+) create mode 100644 release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc create mode 100644 release/1.0.0rc11/hashes.txt create mode 100644 release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc create mode 100644 release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc diff --git a/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc b/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc new file mode 100644 index 0000000..b910374 --- /dev/null +++ b/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+LijkACgkQjkeh7DWh +VR3Vbg/7Bsdy9ZZXpFrX58C6+Zh9C1GfTxOYeN6XiC9JhDU/8C5Oqk+9DXy1a+7Q +ZloT1kUwg1u4UG8Uow70vv/npfHcaT7rK1zu+FL2dAQ4aGha2V4zgb93t9OT4OU9 +BefL60jXpAnkKqQs/LZQoFOQ/ymyN2dN24R2vyU3wridwm5/0+UY0AMOu5gCxF6C +13SZYbm533X49SR9HLIZws2DSKju/iXPKg1zzBt4UTubs2fJOCPPuGGtmrKCoV5p +wRYhgSamcZmKIjVejhlyIpFY8t33J40Iia0eB2mM4hWukGMeTb5eoEGKirH3OwzD +/fGL1n7XFMtmrF6vG5K3SB9EBBVYuDraYPvvNsPYFtf3tn/aD2+Deml5h2KcixyA +9MPQgAmyVmQUOT760agbGTwh9EPBO4ioqn0nIk0ZGhYQ8xdWnFXEAFNWlVpMaiKP +Sp1KzCYCt3+rViCvX9JKpMUHgYoKTGwYCmfDzyjkYepXkuKF0PvejNx5f30snwUo +JINbWfiiwBuNbRCRwO0Z2bRtKlbX7B5r+/UB9tQIBBSWEUrbz8ceeI6mSHSC9+FS +cE3XsfUGx6SI5bPzDZmyKLe7yAts74Z86RX2ZanZP33+I+n3X+BHdxO0EFo3OAH6 +aI5OEDlEDB9LrQu3v2jtZXiprvUSER+YtN+1aiWmBpR4I1cKHmY= +=TD53 +-----END PGP SIGNATURE----- diff --git a/release/1.0.0rc11/hashes.txt b/release/1.0.0rc11/hashes.txt new file mode 100644 index 0000000..34bcc4b --- /dev/null +++ b/release/1.0.0rc11/hashes.txt @@ -0,0 +1,3 @@ +0abd1d50d9b69f5a0692aff9fb0d2aff103eb6ec2b33d9dadecb044e56740d45 *release/1.0.0rc11/librem13v4.rom +1fa4f1bdf515dc890cd728015228a606f7c5ffd9b467254f4d3ac596f20188ec *release/1.0.0rc11/librem15v4.rom +81ee8fcf832b2306ef2af1b4fb37b5f784a1421e05cefc61c20c1df4325dcb0c *release/1.0.0rc11/airgap_x86_64.iso diff --git a/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc b/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc new file mode 100644 index 0000000..387f4cf --- /dev/null +++ b/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+LijUACgkQjkeh7DWh +VR0EdRAArrS2gDegrZ7aGaVMEvGCmKm3G64KZaW8TKFFgyOizoUj21lyXBhXPBNU +q5dsWhi/f8AI/KNHOz+4xTgFh+9xNVOMDhCebWT4ms/TtR7GTI6GeYSSSlA9ytgT +x7ngoq1ZNBCCFGTGUIf26mgG2ZDxfPesJQJLW9zHq/ZHRCkARgak/wuBSEBdJf9R +ohnSsuFB/xBGFxu5Of1m2Glcb29ZvbKGeiqpgo9ITTGsV3xVgUTJtlh+cm6W/CEM +fVcObWFSXtBMvYJa2RdbUyKOYfFcgjJuLBaOmsxay5VRIrzLgz5kyjm/lMoodlWX +cPCeUDyXWT+kGd0q2UUoGsJMQJ/rfBgxratZ0Iv/5tPeKg+HbQMpgECtiDxq4S2/ +12c35zXHyEPnCt/TZMIncI3VFtiTmPDv94ESL+ihxSh4W27PoStpOJq982JC6Qj+ +gsbR8H3y8rjhyKdVXyAGSP+2POYMAUPCFf0IseOux+SXiPiqd1/tnF7Ea82GC37o +GmX3yphm7kw6m+lQVC6Xe+dYdCOtcDsP+EjD1y0rsH9sXEZxkVF4zFqD+xXc29NW +2i7v7k5XtXDNNXOQSknaI+q/riUKAfZ+PrvIWvh92rZ+SkOjrNNJPkABLQ9Lon7N +SsWWsczgvEIe38N7P6N5O1EPhz1McVbcFfaT+HynFPCLBu+5LZ0= +=Tn9k +-----END PGP SIGNATURE----- diff --git a/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc b/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc new file mode 100644 index 0000000..4e63d55 --- /dev/null +++ b/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+LijMACgkQjkeh7DWh +VR1n8Q//VdhBohEVnDybig5Aio29Lt7MItBmqF4XeZQ/BMPEwy5O/OaX0V9w97Wl +oMQm2HO/jMIOxTvQGadZ0JeRCN1iyHY/u+X1uK2MisVtCBJ6OruTJmTYlTejANu8 +AsWajmrLn4UK+dsRAJNJN1I3tXC8nc7ZVgcxRJ8AH24ISyRfigB4iBMsV6EF1cpW +o6UUxvM7A0T27z8TcpJ8OWiRhj7zJarDCAVWulCXiy9Ue8V64jtVCW5txcx7JDB0 +KP9p1+b268JOKn39WM4VjVz8GWgIS3Pg9IXPxZX2X2aBd4HMC89R3o2g01qUKNe5 +YkyuuZk63BdpGIzQ3T+NWtZOILrnrhYZTVGYsPhiyilJBshUoS9XQg1VaZEOfNeJ +lZ9d+yHnUZ9uSfvrezqvza17FQcYVVc9Bng6efE6h3cQYTpfkqg7UhsrAD+xQWdA +JVtmpHz/+Bj/pNSmzoHGRwa0txuj/wauf+nenKXOWnA6sZ5LeeNEv42mkA+iXsfN ++E2ZSk4DR1SJcu/WhTVENyAY0h9fCO00BXH3F8dUk9IgQnNrQ5Bk6fiYuG3HEOHX +eZywNNGJlh1ttj9BD8ifUVd052fRqpRk5Gg1hftIwIYhKJL701H0Sl3v60+zJ+6A +9huKlpjZ89pC3g9IY3CH49J85xfhuhn7s6A+76IfLL1xCA0kgu4= +=cugw +-----END PGP SIGNATURE----- From f58df1bc42447f5458848ce2d76834974425b396 Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Sun, 18 Oct 2020 03:51:58 -0700 Subject: [PATCH 5/7] rehash/resign rc11 --- .../airgap_x86_64.iso.8E47A1EC35A1551D.asc | 26 +++++++++---------- release/1.0.0rc11/hashes.txt | 6 ++--- .../librem13v4.rom.8E47A1EC35A1551D.asc | 26 +++++++++---------- .../librem15v4.rom.8E47A1EC35A1551D.asc | 26 +++++++++---------- 4 files changed, 42 insertions(+), 42 deletions(-) diff --git a/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc b/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc index b910374..3a3c36d 100644 --- a/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc +++ b/release/1.0.0rc11/airgap_x86_64.iso.8E47A1EC35A1551D.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+LijkACgkQjkeh7DWh -VR3Vbg/7Bsdy9ZZXpFrX58C6+Zh9C1GfTxOYeN6XiC9JhDU/8C5Oqk+9DXy1a+7Q -ZloT1kUwg1u4UG8Uow70vv/npfHcaT7rK1zu+FL2dAQ4aGha2V4zgb93t9OT4OU9 -BefL60jXpAnkKqQs/LZQoFOQ/ymyN2dN24R2vyU3wridwm5/0+UY0AMOu5gCxF6C -13SZYbm533X49SR9HLIZws2DSKju/iXPKg1zzBt4UTubs2fJOCPPuGGtmrKCoV5p -wRYhgSamcZmKIjVejhlyIpFY8t33J40Iia0eB2mM4hWukGMeTb5eoEGKirH3OwzD -/fGL1n7XFMtmrF6vG5K3SB9EBBVYuDraYPvvNsPYFtf3tn/aD2+Deml5h2KcixyA -9MPQgAmyVmQUOT760agbGTwh9EPBO4ioqn0nIk0ZGhYQ8xdWnFXEAFNWlVpMaiKP -Sp1KzCYCt3+rViCvX9JKpMUHgYoKTGwYCmfDzyjkYepXkuKF0PvejNx5f30snwUo -JINbWfiiwBuNbRCRwO0Z2bRtKlbX7B5r+/UB9tQIBBSWEUrbz8ceeI6mSHSC9+FS -cE3XsfUGx6SI5bPzDZmyKLe7yAts74Z86RX2ZanZP33+I+n3X+BHdxO0EFo3OAH6 -aI5OEDlEDB9LrQu3v2jtZXiprvUSER+YtN+1aiWmBpR4I1cKHmY= -=TD53 +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+MHi0ACgkQjkeh7DWh +VR3R7g//eMwhYNlK6kiC/d5klvYyTma+xOU8WHoNaEqTLlThgDzfbG2PjqkMLufq +CTNVfFfQn1I+fsIxoGbF5cAsf7J+WfOI/DFuDCyTdDJbF79LmGzFkEsWGBglH13M +v5fd3hRxF6mslWMiiS/zmcGkchPdPggYPz6QHU3YYXHOYAkPSc43Yi9/3AqkhKA/ +YHcy/O1qLGJP8jCnLD2iMuPijVynIW7PceKf7Za9zPZOII72cM5TOP5l8MkIc+nT +2izmizfIxNYIeOePWohehEJfLF8mxDvjHmzE/bcoMv+jxBcRFn4tPU1b+9Aou7cn +S3Zj8bUGpnh6Sae9j+6PG2fmh8yVOG3GpysNn+enFXq5RCGn+c5NxJ+3hQxuXjeE +h+VMS/e3s+TXKvxk6uS3RPcfB6LuzkMiDuQHUbR1i+j9x7+TVa4uuNdxnK3rQZNc +6pwA60Xwtm4Z/hmypVdZsrEY0p5Mbv6QdbNm95Q3lgMRlheKz6/C0IKmdZbE8/fk +8Z7xuga+oXgR1SWhBFfNTZhYmhoKMcwPZGIaqE3t2wvRyUM5XfMzqfYHj8DLrKiN +9MeYhatUr3WuebH2pyculz0H0/KwkWTgeT7Eil57Ds/gi5/SNCyLqdcjmTOqbm+b +CVizlaP5/yZ7QSRbDMgfJYoz5F8mg6LBvXQ0yeEPJ/5iMF5j80c= +=Lwky -----END PGP SIGNATURE----- diff --git a/release/1.0.0rc11/hashes.txt b/release/1.0.0rc11/hashes.txt index 34bcc4b..4d26cb4 100644 --- a/release/1.0.0rc11/hashes.txt +++ b/release/1.0.0rc11/hashes.txt @@ -1,3 +1,3 @@ -0abd1d50d9b69f5a0692aff9fb0d2aff103eb6ec2b33d9dadecb044e56740d45 *release/1.0.0rc11/librem13v4.rom -1fa4f1bdf515dc890cd728015228a606f7c5ffd9b467254f4d3ac596f20188ec *release/1.0.0rc11/librem15v4.rom -81ee8fcf832b2306ef2af1b4fb37b5f784a1421e05cefc61c20c1df4325dcb0c *release/1.0.0rc11/airgap_x86_64.iso +aca395e58cdb23e9bb05aaa32b99695fe0a8e67e2dcd9d3be9c1f9a432af3396 *release/1.0.0rc11/librem13v4.rom +7919f38c385e86586cbd0e7cfc2ef8605674e7f08cb8ef793a4b1ddfc115b116 *release/1.0.0rc11/librem15v4.rom +0eddffabda43ac3c13e572f5aee30339b478835f510d99f35b0239715f246cd3 *release/1.0.0rc11/airgap_x86_64.iso diff --git a/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc b/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc index 387f4cf..dfe887b 100644 --- a/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc +++ b/release/1.0.0rc11/librem13v4.rom.8E47A1EC35A1551D.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+LijUACgkQjkeh7DWh -VR0EdRAArrS2gDegrZ7aGaVMEvGCmKm3G64KZaW8TKFFgyOizoUj21lyXBhXPBNU -q5dsWhi/f8AI/KNHOz+4xTgFh+9xNVOMDhCebWT4ms/TtR7GTI6GeYSSSlA9ytgT -x7ngoq1ZNBCCFGTGUIf26mgG2ZDxfPesJQJLW9zHq/ZHRCkARgak/wuBSEBdJf9R -ohnSsuFB/xBGFxu5Of1m2Glcb29ZvbKGeiqpgo9ITTGsV3xVgUTJtlh+cm6W/CEM -fVcObWFSXtBMvYJa2RdbUyKOYfFcgjJuLBaOmsxay5VRIrzLgz5kyjm/lMoodlWX -cPCeUDyXWT+kGd0q2UUoGsJMQJ/rfBgxratZ0Iv/5tPeKg+HbQMpgECtiDxq4S2/ -12c35zXHyEPnCt/TZMIncI3VFtiTmPDv94ESL+ihxSh4W27PoStpOJq982JC6Qj+ -gsbR8H3y8rjhyKdVXyAGSP+2POYMAUPCFf0IseOux+SXiPiqd1/tnF7Ea82GC37o -GmX3yphm7kw6m+lQVC6Xe+dYdCOtcDsP+EjD1y0rsH9sXEZxkVF4zFqD+xXc29NW -2i7v7k5XtXDNNXOQSknaI+q/riUKAfZ+PrvIWvh92rZ+SkOjrNNJPkABLQ9Lon7N -SsWWsczgvEIe38N7P6N5O1EPhz1McVbcFfaT+HynFPCLBu+5LZ0= -=Tn9k +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+MHisACgkQjkeh7DWh +VR1YFA//dbKhdw1Qnb6fbsE5cRoAj/IVXLDyhhFw+ocHZy3TeMMxw3LhkVnuat/+ +JgvwVnebGwixZR9FNcegpBV/sGkAOr6QWPP4fIBKcA30sqShzuNAWnxUL1mB1Txq +zLtre7MeKwLBkOK/dwMf8r9zNVnjD6f+CwkGdgdttZTc7Ddjhg0iJZgusLJpqf5c +Xs9FJwU1GHsjSOa5cgg8TURLoJmVXfKhz3yb32AjwfVxrYhHjxS02d7j8xipAYeB +ARZmprZ6QFYvuK2qQGeVTD5XdlpwmZ31JlGRyursN3BpDJj4uhYIuoJ8bAYbPVBU +/RM5FkKoWxgL3hGZO+MU666Z/A/KoiTBna5Kcb5Oe5VNIH8KbwHYv6Na0N73+ut1 +Q0pTAIqaxETYyXvfd534SvfucatkH6KaKu0pMdDu7t5hskkvZ3maNyjQjdHsm59f +XQpbTavn0EWMqZIOhDOBChsiHLEKcrWvB2mU9cgY6K96V4HE4IBq9fv9vO2clP+Y +5Qgh+8BEwROIZ1K6pcPqxeWBHJXdYUCqkmsiklC1Y58+etzCBKLNnHlr9s13g7WE +ObvEGdfiZl2odUoQ7FDiM1+JoKiOzWGUaRtjOSjrXgt7xt/wihBF5nA/P6IFgJ/5 +G4YKVJXKA36/EJncq6qUH/FymkQtLyro2tYodvHOT2BhVnlbuhw= +=ZHZT -----END PGP SIGNATURE----- diff --git a/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc b/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc index 4e63d55..59eb193 100644 --- a/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc +++ b/release/1.0.0rc11/librem15v4.rom.8E47A1EC35A1551D.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+LijMACgkQjkeh7DWh -VR1n8Q//VdhBohEVnDybig5Aio29Lt7MItBmqF4XeZQ/BMPEwy5O/OaX0V9w97Wl -oMQm2HO/jMIOxTvQGadZ0JeRCN1iyHY/u+X1uK2MisVtCBJ6OruTJmTYlTejANu8 -AsWajmrLn4UK+dsRAJNJN1I3tXC8nc7ZVgcxRJ8AH24ISyRfigB4iBMsV6EF1cpW -o6UUxvM7A0T27z8TcpJ8OWiRhj7zJarDCAVWulCXiy9Ue8V64jtVCW5txcx7JDB0 -KP9p1+b268JOKn39WM4VjVz8GWgIS3Pg9IXPxZX2X2aBd4HMC89R3o2g01qUKNe5 -YkyuuZk63BdpGIzQ3T+NWtZOILrnrhYZTVGYsPhiyilJBshUoS9XQg1VaZEOfNeJ -lZ9d+yHnUZ9uSfvrezqvza17FQcYVVc9Bng6efE6h3cQYTpfkqg7UhsrAD+xQWdA -JVtmpHz/+Bj/pNSmzoHGRwa0txuj/wauf+nenKXOWnA6sZ5LeeNEv42mkA+iXsfN -+E2ZSk4DR1SJcu/WhTVENyAY0h9fCO00BXH3F8dUk9IgQnNrQ5Bk6fiYuG3HEOHX -eZywNNGJlh1ttj9BD8ifUVd052fRqpRk5Gg1hftIwIYhKJL701H0Sl3v60+zJ+6A -9huKlpjZ89pC3g9IY3CH49J85xfhuhn7s6A+76IfLL1xCA0kgu4= -=cugw +iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAl+MHigACgkQjkeh7DWh +VR3rJA//TTUV0G2Ad78pef8H8y0Pz9afe4fWCqSnMz1P0t7fPor00fONpaMfZdTb +btvM9gpm7ZpPUtEXA7tCQB61kgJk2C01dtdgIK+rdwIZvrK0NxNmE2fdHKbrxqny +KFzg3IOCVrP59/vtDrqaK7kFDdhAzn3zqeLMBRAv25GgWm7IhIeaIpFskCvcrIbo +My5FzbLpyeEA+neKpF9rM/z89RmM/QBo+kBLNWztHOVREUXnf2EibIG7t4riTrC0 +M51vaZs75k6YbZJ95RzLiqSmsHy2enGPe29EeYtCIH3Pn/F4MaDAE4eBU7BeNijK +UTP+hnXfsjUSWHsbPGmqvRVD44uJVJFm95bXIhU1aF0ckk/E1HEe9/X6OJH91ZmP +JlqdEy2De6CV+/yKkH+45O1eWHhEMaIS1+ZZ3M14HQ0XSLwA4QjlLy/EhSDelxb3 +gsVjg9uIeckZDpMLtYjHJZuAFLhZg1OY46hU9Imi1hh6+rWGHcCi8b0tksN/bZdJ +gqvNSW4I4LRoEOO/SSOQ49o89/xy6ce53fLcjmFet1q/sNO5LgdmtmNDa+DMgy/i +ZTtXCdxvRzdX5YmY18Lusox5MO9znphlgimfpXOMk2A09deILZ/z1H4kBOe9mGvA +ytTJWvBv0RdpiCDQ8RpiVOFRPX6v6u5quu0kp4kldmJVmWRv7O4= +=L+qi -----END PGP SIGNATURE----- From fa079ab95367480eaa1b5112a0e21b25c2005615 Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Tue, 20 Oct 2020 01:01:50 -0700 Subject: [PATCH 6/7] drop git --- config/buildroot/configs/airgap_x86_64_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/buildroot/configs/airgap_x86_64_defconfig b/config/buildroot/configs/airgap_x86_64_defconfig index d38cf03..0986c87 100644 --- a/config/buildroot/configs/airgap_x86_64_defconfig +++ b/config/buildroot/configs/airgap_x86_64_defconfig @@ -694,7 +694,7 @@ BR2_PACKAGE_CMAKE_ARCH_SUPPORTS=y # BR2_PACKAGE_GAWK is not set # BR2_PACKAGE_GETTEXT is not set BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny" -BR2_PACKAGE_GIT=y +# BR2_PACKAGE_GIT is not set # # git-crypt needs a toolchain w/ C++, gcc >= 4.9 From 434d641c46b8992368f189cece8615766d552ddb Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Tue, 20 Oct 2020 01:02:39 -0700 Subject: [PATCH 7/7] Switch to bsdtar strategy for deterministic cpio --- .../patches/deterministic-cpio.patch | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/config/buildroot/patches/deterministic-cpio.patch b/config/buildroot/patches/deterministic-cpio.patch index 9af00bc..c68ef8e 100644 --- a/config/buildroot/patches/deterministic-cpio.patch +++ b/config/buildroot/patches/deterministic-cpio.patch @@ -1,16 +1,24 @@ diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk -index 28a435dd5e..81f8c393d1 100644 +index 28a435dd5e..72923ded47 100644 --- a/fs/cpio/cpio.mk +++ b/fs/cpio/cpio.mk -@@ -37,7 +37,11 @@ ROOTFS_CPIO_OPTS += --reproducible +@@ -32,12 +32,17 @@ ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT + # --reproducible option was introduced in cpio v2.12, which may not be + # available in some old distributions, so we build host-cpio + ifeq ($(BR2_REPRODUCIBLE),y) +-ROOTFS_CPIO_DEPENDENCIES += host-cpio +-ROOTFS_CPIO_OPTS += --reproducible ++ROOTFS_CPIO_DEPENDENCIES += host-cpio host-libarchive endif define ROOTFS_CPIO_CMD - cd $(TARGET_DIR) && find . | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc > $@ -+ cd $(TARGET_DIR) && \ -+ find . \ -+ | LC_ALL=C sort \ -+ | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc \ ++ cd $(TARGET_DIR) \ ++ && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \ ++ && find . -mindepth 1 -printf '%P\0' \ ++ | sort -z \ ++ | LANG=C bsdtar --null -cnf - -T - \ ++ | LANG=C bsdtar --uid 0 --gid 0 --null -cf - --format=newc @- \ + > $@ endef