diff mbox series

[isar-cip-core] scripts/*/efibootguard-*.py: Make FAT file system image create reproducibly

Message ID 20230817141246.2503-1-venkata.pyla@toshiba-tsip.com (mailing list archive)
State Superseded
Headers show
Series [isar-cip-core] scripts/*/efibootguard-*.py: Make FAT file system image create reproducibly | expand

Commit Message

Venkata Pyla Aug. 17, 2023, 2:12 p.m. UTC 
From: venkata pyla <venkata.pyla@toshiba-tsip.com>

The EFI and BOOT file system images are created non-reproducibly because
when `mkdosfs` create FAT file system it uses random values for volume-id
and creation time, this can be fixed by passing additional option
`--invariant` to `mkdosfs` that uses fixed volume-id and creation time.

Fixes: #73

Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com>
---
 scripts/lib/wic/plugins/source/efibootguard-boot.py | 2 +-
 scripts/lib/wic/plugins/source/efibootguard-efi.py  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

Jan Kiszka Aug. 17, 2023, 2:21 p.m. UTC | #1 
On 17.08.23 16:12, venkata.pyla@toshiba-tsip.com wrote:
> From: venkata pyla <venkata.pyla@toshiba-tsip.com>
> 
> The EFI and BOOT file system images are created non-reproducibly because
> when `mkdosfs` create FAT file system it uses random values for volume-id
> and creation time, this can be fixed by passing additional option
> `--invariant` to `mkdosfs` that uses fixed volume-id and creation time.
> 
> Fixes: #73
> 
> Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com>
> ---
>  scripts/lib/wic/plugins/source/efibootguard-boot.py | 2 +-
>  scripts/lib/wic/plugins/source/efibootguard-efi.py  | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
> index 7435b22..490b19a 100644
> --- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
> +++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
> @@ -160,7 +160,7 @@ class EfibootguardBootPlugin(SourcePlugin):
>          # dosfs image, created by mkdosfs
>          bootimg = "%s/%s.%s.img" % (cr_workdir, part.label, part.lineno)
>  
> -        dosfs_cmd = "mkdosfs -F 16 -S 512 -n %s -C %s %d" % \
> +        dosfs_cmd = "mkdosfs -F 16 -S 512 -n %s -C %s %d --invariant" % \

What does OE/wic do for creating dosfs filesystems in reproducibility
mode? I do not find --invariant in their code base.

Jan

>              (part.label.upper(), bootimg, blocks)
>          exec_cmd(dosfs_cmd)
>  
> diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
> index d6cdf0f..2c69609 100644
> --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
> +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
> @@ -105,7 +105,7 @@ class EfibootguardEFIPlugin(SourcePlugin):
>          # dosfs image, created by mkdosfs
>          efi_part_image = "%s/%s.%s.img" % (cr_workdir, part.label, part.lineno)
>  
> -        dosfs_cmd = "mkdosfs -S 512 -n %s -C %s %d" % \
> +        dosfs_cmd = "mkdosfs -S 512 -n %s -C %s %d --invariant" % \
>              (part.label.upper(), efi_part_image, blocks)
>          exec_cmd(dosfs_cmd)
>
Venkata Pyla Aug. 23, 2023, 8:37 a.m. UTC | #2 
> -----Original Message-----
> From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf
> Of Jan Kiszka via lists.cip-project.org
> Sent: Thursday, August 17, 2023 7:52 PM
> To: pyla venkata(TSIP TMIEC ODG Porting) <Venkata.Pyla@toshiba-
> tsip.com>; cip-dev@lists.cip-project.org
> Cc: dinesh kumar(TSIP TMIEC ODG Porting) <dinesh.kumar@toshiba-
> tsip.com>; hayashi kazuhiro(林 和宏 DME ○DIG□MPS○MP4)
> <kazuhiro3.hayashi@toshiba.co.jp>
> Subject: Re: [cip-dev] [isar-cip-core] scripts/*/efibootguard-*.py: Make FAT
> file system image create reproducibly
> 
> On 17.08.23 16:12, venkata.pyla@toshiba-tsip.com wrote:
> > From: venkata pyla <venkata.pyla@toshiba-tsip.com>
> >
> > The EFI and BOOT file system images are created non-reproducibly
> > because when `mkdosfs` create FAT file system it uses random values
> > for volume-id and creation time, this can be fixed by passing
> > additional option `--invariant` to `mkdosfs` that uses fixed volume-id and
> creation time.
> >
> > Fixes: #73
> >
> > Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com>
> > ---
> >  scripts/lib/wic/plugins/source/efibootguard-boot.py | 2 +-
> > scripts/lib/wic/plugins/source/efibootguard-efi.py  | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py
> > b/scripts/lib/wic/plugins/source/efibootguard-boot.py
> > index 7435b22..490b19a 100644
> > --- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
> > +++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
> > @@ -160,7 +160,7 @@ class EfibootguardBootPlugin(SourcePlugin):
> >          # dosfs image, created by mkdosfs
> >          bootimg = "%s/%s.%s.img" % (cr_workdir, part.label,
> > part.lineno)
> >
> > -        dosfs_cmd = "mkdosfs -F 16 -S 512 -n %s -C %s %d" % \
> > +        dosfs_cmd = "mkdosfs -F 16 -S 512 -n %s -C %s %d --invariant"
> > + % \
> 
> What does OE/wic do for creating dosfs filesystems in reproducibility mode? I
> do not find --invariant in their code base.

Sorry for the delay in responding, I am understanding how OE is implementing the reproducible images for dosfs images, OE passes explicitly the volume-ID to mkdosfs and SOURCE_DATE_EPOCH for creating reproducible vfat images, but with the "--invariant" option in mkdosfs (used in this patch) will internally use constant values for volume-id and time stamp and creates reproducible images.

Earlier one is better approach because user can pass the constant values instead the tool fixes them.

I will resend v2 for this.

> 
> Jan
> 
> >              (part.label.upper(), bootimg, blocks)
> >          exec_cmd(dosfs_cmd)
> >
> > diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py
> > b/scripts/lib/wic/plugins/source/efibootguard-efi.py
> > index d6cdf0f..2c69609 100644
> > --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
> > +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
> > @@ -105,7 +105,7 @@ class EfibootguardEFIPlugin(SourcePlugin):
> >          # dosfs image, created by mkdosfs
> >          efi_part_image = "%s/%s.%s.img" % (cr_workdir, part.label,
> > part.lineno)
> >
> > -        dosfs_cmd = "mkdosfs -S 512 -n %s -C %s %d" % \
> > +        dosfs_cmd = "mkdosfs -S 512 -n %s -C %s %d --invariant" % \
> >              (part.label.upper(), efi_part_image, blocks)
> >          exec_cmd(dosfs_cmd)
> >
> 
> --
> Siemens AG, Technology
> Linux Expert Center
diff mbox series

Patch

diff --git a/scripts/lib/wic/plugins/source/efibootguard-boot.py b/scripts/lib/wic/plugins/source/efibootguard-boot.py
index 7435b22..490b19a 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-boot.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-boot.py
@@ -160,7 +160,7 @@  class EfibootguardBootPlugin(SourcePlugin):
         # dosfs image, created by mkdosfs
         bootimg = "%s/%s.%s.img" % (cr_workdir, part.label, part.lineno)
 
-        dosfs_cmd = "mkdosfs -F 16 -S 512 -n %s -C %s %d" % \
+        dosfs_cmd = "mkdosfs -F 16 -S 512 -n %s -C %s %d --invariant" % \
             (part.label.upper(), bootimg, blocks)
         exec_cmd(dosfs_cmd)
 
diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index d6cdf0f..2c69609 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -105,7 +105,7 @@  class EfibootguardEFIPlugin(SourcePlugin):
         # dosfs image, created by mkdosfs
         efi_part_image = "%s/%s.%s.img" % (cr_workdir, part.label, part.lineno)
 
-        dosfs_cmd = "mkdosfs -S 512 -n %s -C %s %d" % \
+        dosfs_cmd = "mkdosfs -S 512 -n %s -C %s %d --invariant" % \
             (part.label.upper(), efi_part_image, blocks)
         exec_cmd(dosfs_cmd)