From 43ef78bb34be6cbed43cdd247c1f5c05acaee51b Mon Sep 17 00:00:00 2001 From: Roland Clobus Date: Tue, 25 Jan 2022 11:02:05 +0100 Subject: [PATCH] Reproducible hooks: Regenerate initrd.img in chroot_hacks only when chroot_hooks did not regenerate it already. Hook 1003 is replaced by 8000, which is more generic and does not need to modify original files. --- .../1003-reproducible-plymouth.hook.chroot | 27 ---------------- ...eproducible-fonts_in_initramfs.hook.chroot | 32 +++++++++++++++++++ scripts/build/chroot_hacks | 7 +++- 3 files changed, 38 insertions(+), 28 deletions(-) delete mode 100755 examples/hooks/reproducible/1003-reproducible-plymouth.hook.chroot create mode 100755 examples/hooks/reproducible/8000-reproducible-fonts_in_initramfs.hook.chroot diff --git a/examples/hooks/reproducible/1003-reproducible-plymouth.hook.chroot b/examples/hooks/reproducible/1003-reproducible-plymouth.hook.chroot deleted file mode 100755 index da1bd423e..000000000 --- a/examples/hooks/reproducible/1003-reproducible-plymouth.hook.chroot +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -set -e - -# The hook of plymouth in update-initramfs calls fc-cache - -# Don't run if plymouth is not installed -if [ ! -e /usr/share/initramfs-tools/hooks/plymouth ]; -then - exit 0 -fi - -# If the hook already contains references to LD_PRELOAD, there is no need to patch the file -if grep -q LD_PRELOAD /usr/share/initramfs-tools/hooks/plymouth; -then - exit 0 -fi - -# Don't patch if the LD_PRELOAD module is not compiled -if [ ! -e /usr/lib/unrandomize_uuid_generate_random.so ]; -then - echo "P: $(basename $0) Reproducible hook inactive: The UUID module was not found" - exit 0 -fi - -sed -i -e 's|fc-cache -s|LD_PRELOAD=/usr/lib/unrandomize_uuid_generate_random.so fc-cache|' /usr/share/initramfs-tools/hooks/plymouth - -echo "P: $(basename $0) Reproducible hook has been applied" diff --git a/examples/hooks/reproducible/8000-reproducible-fonts_in_initramfs.hook.chroot b/examples/hooks/reproducible/8000-reproducible-fonts_in_initramfs.hook.chroot new file mode 100755 index 000000000..4efab92ea --- /dev/null +++ b/examples/hooks/reproducible/8000-reproducible-fonts_in_initramfs.hook.chroot @@ -0,0 +1,32 @@ +#!/bin/sh +set -e + +# fontconfig creates non-reproducible files with UUIDs +# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864082 +# +# Because the UUIDs should not be deleted, the proposed work-around is: +# * Use LD_PRELOAD to replace uuid_generate_random with a less random version + +# Don't run if fontconfig is not installed +if [ ! -e /usr/bin/fc-cache ]; +then + exit 0 +fi + +# Don't run if the LD_PRELOAD module is not compiled +if [ ! -e /usr/lib/unrandomize_uuid_generate_random.so ]; +then + echo "P: $(basename $0) Reproducible hook inactive: The UUID module was not found" + exit 0 +fi + +# Don't run if there is no font in the initrd.img file +if ! zless /initrd.img | cpio --list --quiet | grep "^var/cache/fontconfig" | grep ".cache-7$" > /dev/null; +then + exit 0 +fi + +LD_PRELOAD=/usr/lib/unrandomize_uuid_generate_random.so update-initramfs -k all -u +touch /initrd.img_has_already_been_regenerated + +echo "P: $(basename $0) Reproducible hook has been applied" diff --git a/scripts/build/chroot_hacks b/scripts/build/chroot_hacks index 56918a344..a59bef044 100755 --- a/scripts/build/chroot_hacks +++ b/scripts/build/chroot_hacks @@ -54,6 +54,8 @@ case "${LB_IMAGE_TYPE}" in then echo "NFSROOT=auto" >> chroot/etc/initramfs-tools/initramfs.conf fi + # initrd.img must be regenerated with the settings above + rm -f chroot/initrd.img_has_already_been_regenerated ;; esac @@ -66,10 +68,13 @@ esac if [ "${LB_INITRAMFS}" != "none" ] then - Chroot chroot "${UPDATE_INITRAMFS_OPTIONS} update-initramfs -k all -t -u" + if [ ! -e chroot/initrd.img_has_already_been_regenerated ]; then + Chroot chroot "${UPDATE_INITRAMFS_OPTIONS} update-initramfs -k all -t -u" + fi rm -f chroot/vmlinuz.old rm -f chroot/initrd.img.old fi +rm -f chroot/initrd.img_has_already_been_regenerated # We probably ought to use COMPRESS= in a temporary file in # /etc/initramfs-tools/conf.d/ instead, but it's hard to pass options that