From e7740995e4ac0d4f95e0d3cc2361f230a1376860 Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Tue, 12 Jul 2022 04:42:03 -0700 Subject: [PATCH] CPIO root filesystem is now deterministic --- Makefile | 50 ++++++++++++++++---------------------- config.env | 7 ++++++ make/toolchain.mk | 10 ++++++-- scripts/busybox_init | 2 -- targets/local/linux.config | 6 ++++- targets/local/rootfs.list | 12 +++++++++ 6 files changed, 53 insertions(+), 34 deletions(-) create mode 100644 targets/local/rootfs.list diff --git a/Makefile b/Makefile index 15f352c..9e8cbd0 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,6 @@ run: default qemu-system-x86_64 \ -m 512M \ -nographic \ - -initrd $(OUT_DIR)/rootfs.cpio \ -kernel $(OUT_DIR)/bzImage # Run ncurses busybox config menu and save output @@ -57,7 +56,6 @@ linux-config: rm $(CONFIG_DIR)/linux.config make $(CONFIG_DIR)/linux.config - $(CONFIG_DIR)/busybox.config: $(toolchain) " \ cd /cache/busybox-$(BUSYBOX_VERSION) && \ @@ -72,32 +70,6 @@ $(CONFIG_DIR)/linux.config: cp .config /config/linux.config; \ " -$(OUT_DIR)/rootfs.cpio: $(OUT_DIR)/busybox - mkdir -p $(CACHE_DIR)/rootfs/bin -ifdef DEBUG - cp $(OUT_DIR)/busybox $(CACHE_DIR)/rootfs/bin; - cp $(SCRIPTS_DIR)/busybox_init $(CACHE_DIR)/rootfs/init; - chmod +x $(CACHE_DIR)/rootfs/init; -endif - $(toolchain) " \ - cd /cache/rootfs \ - && find . \ - | cpio -o -H newc \ - | gzip -f - > /out/rootfs.cpio \ - " - -# Currently broken determinism attempt -# $(toolchain) " \ -# cd /cache/rootfs \ -# && mkdir -p dev \ -# && fakeroot mknod -m 0622 dev/console c 5 1 \ -# && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \ -# && find . -mindepth 1 -printf '%P\0' \ -# | sort -z \ -# | LANG=C bsdtar --uid 0 --gid 0 --null -cnf - -T - \ -# | LANG=C bsdtar --null -cf - --format=newc @- \ -# " > $@ - $(OUT_DIR)/busybox: \ $(CACHE_DIR)/busybox-$(BUSYBOX_VERSION) \ $(CACHE_DIR)/busybox-$(BUSYBOX_VERSION).tar.bz2 \ @@ -109,6 +81,27 @@ $(OUT_DIR)/busybox: \ cp busybox /out/; \ " +$(CACHE_DIR)/linux-$(LINUX_VERSION)/usr/gen_init_cpio: \ + $(CACHE_DIR)/linux-$(LINUX_VERSION) + $(toolchain) " \ + cd /cache/linux-$(LINUX_VERSION) && \ + gcc usr/gen_init_cpio.c -o usr/gen_init_cpio \ + " + +$(OUT_DIR)/rootfs.cpio: \ + $(OUT_DIR)/busybox \ + $(CACHE_DIR)/linux-$(LINUX_VERSION)/usr/gen_init_cpio + mkdir -p $(CACHE_DIR)/rootfs/bin + cp $(SCRIPTS_DIR)/busybox_init $(CACHE_DIR)/rootfs/init + cp $(OUT_DIR)/busybox $(CACHE_DIR)/rootfs/bin/ + $(toolchain) " \ + cd /cache/rootfs \ + && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \ + && find . -mindepth 1 -printf '%P\0' \ + && cd /cache/linux-$(LINUX_VERSION) \ + && usr/gen_initramfs.sh -o /out/rootfs.cpio /config/rootfs.list; \ + " + $(OUT_DIR)/bzImage: \ $(OUT_DIR)/rootfs.cpio \ $(CACHE_DIR)/linux-$(LINUX_VERSION) \ @@ -121,4 +114,3 @@ $(OUT_DIR)/bzImage: \ make -j$(CPUS) ARCH=$(ARCH) bzImage && \ cp arch/x86_64/boot/bzImage /out/; \ " - diff --git a/config.env b/config.env index f1090c9..582fcbe 100644 --- a/config.env +++ b/config.env @@ -1,6 +1,12 @@ export BUSYBOX_VERSION = 1.33.2 export LINUX_VERSION = 5.18.5 +export SOURCE_DATE_EPOCH = 0 +export KBUILD_BUILD_TIMESTAMP = "1970-01-01 00:00:00 UTC" +export KCONFIG_NOTIMESTAMP = 1 +export KBUILD_BUILD_USER = root +export KBUILD_BUILD_HOST = QuorumOS + export BUSYBOX_SERVER = https://busybox.net/downloads/ export LINUX_SERVER = https://cdn.kernel.org/pub/linux/kernel/v5.x/ @@ -9,3 +15,4 @@ export LINUX_KEY = 647F28654894E3BD457199BE38DBBDC86092693E export LINUX_KEYS_REPO = https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git export DEBIAN_HASH = 3f1d6c17773a45c97bd8f158d665c9709d7b29ed7917ac934086ad96f92e4510 + diff --git a/make/toolchain.mk b/make/toolchain.mk index 4e36909..b7a43f9 100644 --- a/make/toolchain.mk +++ b/make/toolchain.mk @@ -1,6 +1,6 @@ .PHONY: toolchain-shell build-shell: toolchain - $(toolchain) + $(toolchain) bash .PHONY: toolchain toolchain: @@ -12,13 +12,19 @@ toolchain: toolchain := \ docker run \ - --interactive \ --rm \ + --interactive \ --user=$(shell id -u):$(shell id -g) \ -v $(PWD)/$(CONFIG_DIR):/config \ -v $(PWD)/$(KEY_DIR):/keys \ -v $(PWD)/$(CACHE_DIR):/cache \ -v $(PWD)/$(OUT_DIR):/out \ + -v $(PWD)/$(SCRIPTS_DIR):/scripts \ -e GNUPGHOME=/cache/.gnupg \ + -e KBUILD_BUILD_USER=$(KBUILD_BUILD_USER) \ + -e KBUILD_BUILD_HOST=$(KBUILD_BUILD_HOST) \ + -e KBUILD_BUILD_TIMESTAMP=$(KBUILD_BUILD_TIMESTAMP) \ + -e KCONFIG_NOTIMESTAMP=$(KCONFIG_NOTIMESTAMP) \ + -e SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ -t local/$(NAME)-build \ bash -c diff --git a/scripts/busybox_init b/scripts/busybox_init index c8b30f0..98d7462 100755 --- a/scripts/busybox_init +++ b/scripts/busybox_init @@ -3,9 +3,7 @@ busybox mount -t devtmpfs none /dev busybox mkdir -p /dev/pts busybox mount -t devpts none /dev/pts -busybox mkdir /sys busybox mount -t sysfs none /sys -busybox mkdir -p /usr/bin /sbin /usr/sbin /sbin /proc /etc busybox mount -t proc none /proc /bin/busybox --install diff --git a/targets/local/linux.config b/targets/local/linux.config index 82fda94..9476adf 100644 --- a/targets/local/linux.config +++ b/targets/local/linux.config @@ -203,7 +203,11 @@ CONFIG_NET_NS=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y -CONFIG_INITRAMFS_SOURCE="" +CONFIG_INITRAMFS_SOURCE="/out/rootfs.cpio" +CONFIG_INITRAMFS_ROOT_UID=0 +CONFIG_INITRAMFS_ROOT_GID=0 +CONFIG_INITRAMFS_COMPRESSION_GZIP=y + CONFIG_RD_GZIP=y CONFIG_RD_BZIP2=y CONFIG_RD_LZMA=y diff --git a/targets/local/rootfs.list b/targets/local/rootfs.list new file mode 100644 index 0000000..64ba1b3 --- /dev/null +++ b/targets/local/rootfs.list @@ -0,0 +1,12 @@ +dir /dev 0755 0 0 +nod /dev/console 0600 0 0 c 5 1 +dir /sys 0755 0 0 +dir /usr 0755 0 0 +dir /etc 0755 0 0 +dir /proc 0755 0 0 +dir /bin 0755 0 0 +dir /sbin 0755 0 0 +dir /usr/bin 0755 0 0 +dir /usr/sbin 0755 0 0 +file /init /cache/rootfs/init 0755 0 0 +file /bin/busybox /cache/rootfs/bin/busybox 0755 0 0