From b8e0f0e74e3071a1cfe0f3f2310979820400996a Mon Sep 17 00:00:00 2001 From: "John M. Harris, Jr" Date: Tue, 22 May 2018 09:38:34 -0400 Subject: Fix bucts URI in oldbuild download script git.stuge.se is down, and has been for a while. --- resources/scripts/helpers/download/bucts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'resources/scripts') diff --git a/resources/scripts/helpers/download/bucts b/resources/scripts/helpers/download/bucts index 7bea3e65..b57df1fd 100755 --- a/resources/scripts/helpers/download/bucts +++ b/resources/scripts/helpers/download/bucts @@ -37,7 +37,7 @@ rm -Rf "bucts/" # ------------------------------------------------------------------------------ # download it using git -git clone git://git.stuge.se/bucts.git +git clone https://notabug.org/libreboot/bucts.git # modifications are required cd "bucts/" -- cgit v1.2.3-70-g09d2 From 817e68fee7c6ddd1852543326b77e2f0887fd6e2 Mon Sep 17 00:00:00 2001 From: "John M. Harris, Jr" Date: Sun, 24 Jun 2018 10:33:44 -0400 Subject: Clone seabios over HTTPS instead of git protocol --- resources/scripts/helpers/download/seabios | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'resources/scripts') diff --git a/resources/scripts/helpers/download/seabios b/resources/scripts/helpers/download/seabios index 75299f2d..b773ec59 100755 --- a/resources/scripts/helpers/download/seabios +++ b/resources/scripts/helpers/download/seabios @@ -35,7 +35,7 @@ rm -rf "seabios/" # ------------------------------------------------------------------------------ # download it using git -git clone git://git.seabios.org/seabios.git seabios +git clone https://git.seabios.org/seabios.git seabios ( # modifications are required -- cgit v1.2.3-70-g09d2 From a8f882d78868970d2ca74a5638c791bd90c6b1f0 Mon Sep 17 00:00:00 2001 From: "John M. Harris, Jr" Date: Mon, 25 Jun 2018 02:58:49 -0400 Subject: Add reproducible build patches to GRUB --- ...e-add-argument-fixed-time-to-override-mti.patch | 73 ++++++++++++++++++++++ ...d-argument-fixed-time-to-get-reproducible.patch | 68 ++++++++++++++++++++ ...e-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch | 30 +++++++++ resources/scripts/helpers/download/grub | 5 ++ 4 files changed, 176 insertions(+) create mode 100644 resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch create mode 100644 resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch create mode 100644 resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch (limited to 'resources/scripts') diff --git a/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch new file mode 100644 index 00000000..1d537e87 --- /dev/null +++ b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch @@ -0,0 +1,73 @@ +From 8dde1d7be2dd321a375570b7ff7e22bb01293044 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens +Date: Fri, 4 Dec 2015 17:10:42 +0100 +Subject: [PATCH 08/10] mkstandalone: add argument --fixed-time to override + mtime of files + +mkstandalone adds several files to an archive. Doing this it uses the +mtime to give these files a timestamp. +--fixed-time overrides these timestamps with a given. + +Replacing all timestamps with a specific one is required +to get reproducible builds. See source epoch specification of +reproducible-builds.org +--- + util/grub-mkstandalone.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44..047f0cd 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -30,6 +30,7 @@ + #pragma GCC diagnostic error "-Wmissing-prototypes" + #pragma GCC diagnostic error "-Wmissing-declarations" + ++static time_t fixed_time; + static char *output_image; + static char **files; + static int nfiles; +@@ -48,6 +49,7 @@ static struct argp_option options[] = { + 0, N_("save output in FILE [required]"), 2}, + {"format", 'O', N_("FILE"), 0, 0, 2}, + {"compression", 'C', "xz|none|auto", OPTION_HIDDEN, 0, 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("Use a fixed timestamp to override mtime of all files. Time since epoch is used."), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -72,6 +74,7 @@ help_filter (int key, const char *text, void *input __attribute__ ((unused))) + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; + if (key == 'C') + key = GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS; + +@@ -80,6 +83,14 @@ argp_parser (int key, char *arg, struct argp_state *state) + + switch (key) + { ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ break; + + case 'o': + if (output_image) +@@ -192,7 +203,8 @@ add_tar_file (const char *from, + if (grub_util_is_special_file (from)) + return; + +- mtime = grub_util_get_mtime (from); ++ /* use fixed_time if given for mtime */ ++ mtime = fixed_time != -1 ? fixed_time : grub_util_get_mtime (from); + + optr = tcn = xmalloc (strlen (to) + 1); + for (iptr = to; *iptr == '/'; iptr++); +-- +1.9.1 + diff --git a/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch new file mode 100644 index 00000000..0612ade0 --- /dev/null +++ b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch @@ -0,0 +1,68 @@ +From 0f1e1a29d4d019e7b2b1a3ac3db7ca22c75e8d88 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens +Date: Fri, 4 Dec 2015 17:10:43 +0100 +Subject: [PATCH 09/10] mkrescue: add argument --fixed-time to get reproducible + uuids + +The uuid generation is based on the time. +--- + util/grub-mkrescue.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 238d484..a3e0155 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -52,6 +52,7 @@ static int xorriso_arg_alloc; + static char **xorriso_argv; + static char *iso_uuid; + static char *iso9660_dir; ++static time_t fixed_time; + + static void + xorriso_push (const char *val) +@@ -110,6 +111,7 @@ static struct argp_option options[] = { + {"product-version", OPTION_PRODUCT_VERSION, N_("STRING"), 0, N_("use STRING as product version"), 2}, + {"sparc-boot", OPTION_SPARC_BOOT, 0, 0, N_("enable sparc boot. Disables HFS+, APM, ARCS and boot as disk image for i386-pc"), 2}, + {"arcs-boot", OPTION_ARCS_BOOT, 0, 0, N_("enable ARCS (big-endian mips machines, mostly SGI) boot. Disables HFS+, APM, sparc64 and boot as disk image for i386-pc"), 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("use a fixed timestamp for uuid generation"), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -153,6 +155,8 @@ enum { + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; ++ + if (grub_install_parse (key, arg)) + return 0; + switch (key) +@@ -212,6 +216,15 @@ argp_parser (int key, char *arg, struct argp_state *state) + xorriso = xstrdup (arg); + return 0; + ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ return 0; ++ + default: + return ARGP_ERR_UNKNOWN; + } +@@ -542,7 +555,7 @@ main (int argc, char *argv[]) + { + time_t tim; + struct tm *tmm; +- tim = time (NULL); ++ tim = fixed_time != -1 ? fixed_time : time (NULL); + tmm = gmtime (&tim); + iso_uuid = xmalloc (55); + grub_snprintf (iso_uuid, 50, +-- +1.9.1 + diff --git a/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch new file mode 100644 index 00000000..f06dbfb5 --- /dev/null +++ b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch @@ -0,0 +1,30 @@ +From 57174ed960905be4f9c229bbf3913b25745dbfd9 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens +Date: Fri, 4 Dec 2015 17:10:44 +0100 +Subject: [PATCH 10/10] Makefile: use FIXED_TIMESTAMP for mkstandalone if set + +mkstandalone sets timestamps for files which can be overriden by a fixed_timestamp. +This makes it possible to build reproducible builds for coreboot. + +To build a reproducible build of grub for coreboot do: +make default_payload.elf FIXED_TIMESTAMP=1134242 +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 00a9663..ed7f148 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -411,7 +411,7 @@ bootcheck: $(BOOTCHECKS) + if COND_i386_coreboot + default_payload.elf: grub-mkstandalone grub-mkimage FORCE + test -f $@ && rm $@ || true +- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg ++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP)) + endif + + endif +-- +1.9.1 + diff --git a/resources/scripts/helpers/download/grub b/resources/scripts/helpers/download/grub index c0a298cb..3ec8a8fb 100755 --- a/resources/scripts/helpers/download/grub +++ b/resources/scripts/helpers/download/grub @@ -49,6 +49,11 @@ git reset --hard e54c99aaff5e5f6f5d3b06028506c57e66d8ef77 # Replace "GNU GRUB version" in GRUB screen with "FREE AS IN FREEDOM" git am "../resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch" +# Enable reproducible builds +git am "../resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch" +git am "../resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch" +git am "../resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch" + cd "../" # Also download SeaBIOS, which we use with GRUB, to implement SeaGRUB -- cgit v1.2.3-70-g09d2