Set time and umask on multi-dtb fit images to ensure reproducibile builds.

When building compressed (lzop, gzip) multi-dtb fit images, the
compression tool may embed the time or umask in the image.

Work around this by manually setting the time of the source file using
SOURCE_DATE_EPOCH and a hard-coded 0600 umask.

With gzip, this could be accomplished by using -n/--no-name, but lzop
has no current workaround:

  https://bugs.debian.org/896520

Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
This commit is contained in:
Vagrant Cascadian 2018-06-03 12:26:57 -07:00 committed by Tom Rini
parent dcd8a102ca
commit 8664ab7deb

View File

@ -391,6 +391,10 @@ MKIMAGEFLAGS_$(SPL_BIN).multidtb.fit = -f auto -A $(ARCH) -T firmware -C none -O
$(obj)/$(SPL_BIN).multidtb.fit: /dev/null $(SHRUNK_ARCH_DTB) FORCE $(obj)/$(SPL_BIN).multidtb.fit: /dev/null $(SHRUNK_ARCH_DTB) FORCE
$(call if_changed,mkimage) $(call if_changed,mkimage)
ifneq ($(SOURCE_DATE_EPOCH),)
touch -d @$(SOURCE_DATE_EPOCH) $(obj)/$(SPL_BIN).multidtb.fit
chmod 0600 $(obj)/$(SPL_BIN).multidtb.fit
endif
$(obj)/$(SPL_BIN).multidtb.fit.gz: $(obj)/$(SPL_BIN).multidtb.fit $(obj)/$(SPL_BIN).multidtb.fit.gz: $(obj)/$(SPL_BIN).multidtb.fit
@gzip -kf9 $< > $@ @gzip -kf9 $< > $@