Building reproducible binaries may remove certain intentional
randomness intended for increased security. Hence, it is reasonable
to expect there will be cases where this is not desirable.
The user can select his/her preferences via the variable
BUILD_REPRODUCIBLE_BINARIES. The variable defaults to "0" (do not
build reproducible binaries) in order to minimize any potential
regressions. (Once the reproducible binaries code is mature enough,
it can be set to "1".)
If the variable BUILD_REPRODUCIBLE_BINARIES is set to "1",
timestamp values taken from additional variables will be optionally used
when building binary reproducible images:
REPRODUCIBLE_TIMESTAMP_ROOTFS
If the value is specified, all files mtime will be set to this value.
In addition, /etc/timestamp and /etc/version will both contain the
value.
If no value is specified, timestamp will be derived from the top git
commit.
REPRODUCIBLE_TIMESTAMP_IMAGE_PRELINK
Value passed via environment variable PRELINK_TIMESTAMP to the prelink
program.
If the value is specified, the value will be used.
If no value is specified, timestamp will be derived from the top git
commit.
Signed-off-by: Juro Bystricky <juro.bystri...@intel.com>
---
meta/conf/bitbake.conf | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 227babd..6ce1a1a 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -859,3 +859,14 @@ BB_SIGNATURE_EXCLUDE_FLAGS ?= "doc deps depends \
MLPREFIX ??= ""
MULTILIB_VARIANTS ??= ""
+
+BUILD_REPRODUCIBLE_BINARIES ??= "0"
+BUILD_REPRODUCIBLE_BINARIES[export] = "1"
+
+# Unix timestamp
+REPRODUCIBLE_TIMESTAMP_ROOTFS ??= ""
+REPRODUCIBLE_TIMESTAMP_ROOTFS[export] = "1"
+
+# Unix timestamp
+REPRODUCIBLE_TIMESTAMP_IMAGE_PRELINK ??= ""
+REPRODUCIBLE_TIMESTAMP_IMAGE_PRELINK[export] = "1"
--
2.7.4
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
