[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 1/2] No insert of the build timestamp into the x86 xen efi binary

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 30 Oct 2020 13:23:19 +0100
Cc: Frédéric Pierret (fepitre) <frederic.pierret@xxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 30 Oct 2020 12:23:33 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Oct 30, 2020 at 01:08:44PM +0100, Jan Beulich wrote:
> On 30.10.2020 13:03, Frédéric Pierret (fepitre) wrote:
> 
> > --- a/xen/arch/x86/Makefile
> > +++ b/xen/arch/x86/Makefile
> > @@ -170,6 +170,7 @@ EFI_LDFLAGS += --major-image-version=$(XEN_VERSION)
> >  EFI_LDFLAGS += --minor-image-version=$(XEN_SUBVERSION)
> >  EFI_LDFLAGS += --major-os-version=2 --minor-os-version=0
> >  EFI_LDFLAGS += --major-subsystem-version=2 --minor-subsystem-version=0
> > +EFI_LDFLAGS += --no-insert-timestamp
> 
> Generally I prefer binaries to carry timestamps, when they are
> intended to do so (i.e. when they have a respective field). So
> I think if no timestamp is wanted, it should be as an option
> (not sure about the default).

What about setting it to the SOURCE_DATE_EPOCH[1] variable value, if
present? Of course if there is an option to set explicit timestamp
value.

[1] https://reproducible-builds.org/docs/source-date-epoch/

> This said, I didn't think time stamps got meaningfully in the
> way of reproducible builds - ignoring the minor differences
> cause by them, especially when they sit at well known offsets
> in the binaries, shouldn't be a big deal.

It is a big deal. There is a huge difference between running sha256sum
(or your other favorite hash) on two build artifacts, and using a
specialized tool/script to compare each file separately. Note the
xen.efi may be buried very deep in the thing you compare, for example
inside deb/rpm and then ISO image (installation image), at which point
it's far from "they sit at well known offsets".

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: [PATCH v1 1/2] No insert of the build timestamp into the x86 xen efi binary
  - From: Jan Beulich

References:
- [PATCH v1 0/2] Improve reproducible builds
  - From: Frédéric Pierret (fepitre)
- [PATCH v1 1/2] No insert of the build timestamp into the x86 xen efi binary
  - From: Frédéric Pierret (fepitre)
- Re: [PATCH v1 1/2] No insert of the build timestamp into the x86 xen efi binary
  - From: Jan Beulich

Prev by Date: Re: [PATCH v1 2/2] xen/common/makefile: remove gzip timestamp
Next by Date: Re: [PATCH v2 6/8] evtchn: convert vIRQ lock to an r/w one
Previous by thread: Re: [PATCH v1 1/2] No insert of the build timestamp into the x86 xen efi binary
Next by thread: Re: [PATCH v1 1/2] No insert of the build timestamp into the x86 xen efi binary
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.