Reproducible hooks: Regenerate initrd.img in chroot_hacks only when chroot_hooks did not regenerate it already.

Hook 1003 is replaced by 8000, which is more generic and does not need
to modify original files.

examples/hooks/reproducible/1003-reproducible-plymouth.hook.chroot

@@ -1,27 +0,0 @@
-#!/bin/sh
-set -e
-
-# The hook of plymouth in update-initramfs calls fc-cache
-
-# Don't run if plymouth is not installed
-if [ ! -e /usr/share/initramfs-tools/hooks/plymouth ];
-then
-  exit 0
-fi
-
-# If the hook already contains references to LD_PRELOAD, there is no need to patch the file
-if grep -q LD_PRELOAD /usr/share/initramfs-tools/hooks/plymouth;
-then
-  exit 0
-fi
-
-# Don't patch if the LD_PRELOAD module is not compiled
-if [ ! -e /usr/lib/unrandomize_uuid_generate_random.so ];
-then
-  echo "P: $(basename $0) Reproducible hook inactive: The UUID module was not found"
-  exit 0
-fi
-
-sed -i -e 's|fc-cache -s|LD_PRELOAD=/usr/lib/unrandomize_uuid_generate_random.so fc-cache|' /usr/share/initramfs-tools/hooks/plymouth
-
-echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/8000-reproducible-fonts_in_initramfs.hook.chroot

@@ -0,0 +1,32 @@
+#!/bin/sh
+set -e
+
+# fontconfig creates non-reproducible files with UUIDs
+# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864082
+#
+# Because the UUIDs should not be deleted, the proposed work-around is:
+# * Use LD_PRELOAD to replace uuid_generate_random with a less random version
+
+# Don't run if fontconfig is not installed
+if [ ! -e /usr/bin/fc-cache ];
+then
+  exit 0
+fi
+
+# Don't run if the LD_PRELOAD module is not compiled
+if [ ! -e /usr/lib/unrandomize_uuid_generate_random.so ];
+then
+  echo "P: $(basename $0) Reproducible hook inactive: The UUID module was not found"
+  exit 0
+fi
+
+# Don't run if there is no font in the initrd.img file
+if ! zless /initrd.img | cpio --list --quiet | grep "^var/cache/fontconfig" | grep ".cache-7$" > /dev/null;
+then
+  exit 0
+fi
+
+LD_PRELOAD=/usr/lib/unrandomize_uuid_generate_random.so update-initramfs -k all -u
+touch /initrd.img_has_already_been_regenerated
+
+echo "P: $(basename $0) Reproducible hook has been applied"

scripts/build/chroot_hacks

@@ -54,6 +54,8 @@ case "${LB_IMAGE_TYPE}" in
 		then
 			echo "NFSROOT=auto" >> chroot/etc/initramfs-tools/initramfs.conf
 		fi
+		# initrd.img must be regenerated with the settings above
+		rm -f chroot/initrd.img_has_already_been_regenerated
 		;;
 esac
 
@@ -66,10 +68,13 @@ esac
 
 if [ "${LB_INITRAMFS}" != "none" ]
 then
-	Chroot chroot "${UPDATE_INITRAMFS_OPTIONS} update-initramfs -k all -t -u"
+	if [ ! -e chroot/initrd.img_has_already_been_regenerated ]; then
+		Chroot chroot "${UPDATE_INITRAMFS_OPTIONS} update-initramfs -k all -t -u"
+	fi
 	rm -f chroot/vmlinuz.old
 	rm -f chroot/initrd.img.old
 fi
+rm -f chroot/initrd.img_has_already_been_regenerated
 
 # We probably ought to use COMPRESS= in a temporary file in
 # /etc/initramfs-tools/conf.d/ instead, but it's hard to pass options that