Simplify building reproducible images by using DISTRO="poky-reproducible"
Sets some variables to reasonable values so users do not have to set them in local.conf. Signed-off-by: Juro Bystricky <juro.bystri...@intel.com> --- meta-poky/conf/distro/include/reproducible-group | 50 +++++++++++++++++++++++ meta-poky/conf/distro/include/reproducible-passwd | 25 ++++++++++++ meta-poky/conf/distro/poky-reproducible.conf | 38 +++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 meta-poky/conf/distro/include/reproducible-group create mode 100644 meta-poky/conf/distro/include/reproducible-passwd create mode 100644 meta-poky/conf/distro/poky-reproducible.conf diff --git a/meta-poky/conf/distro/include/reproducible-group b/meta-poky/conf/distro/include/reproducible-group new file mode 100644 index 0000000..4213d4e --- /dev/null +++ b/meta-poky/conf/distro/include/reproducible-group @@ -0,0 +1,50 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mail:x:8: +news:x:9: +uucp:x:10: +man:x:12: +proxy:x:13: +kmem:x:15: +input:x:19: +dialout:x:20: +fax:x:21: +voice:x:22: +cdrom:x:24: +floppy:x:25: +tape:x:26: +sudo:x:27: +audio:x:29:pulse +dip:x:30: +www-data:x:33: +backup:x:34: +operator:x:37: +list:x:38: +irc:x:39: +src:x:40: +gnats:x:41: +shadow:x:42: +utmp:x:43: +video:x:44: +sasl:x:45: +plugdev:x:46: +staff:x:50: +games:x:60: +shutdown:x:70: +users:x:100: +crontab:x:993: +sshd:x:994: +avahi:x:995: +rpcuser:x:996: +rpc:x:997: +messagebus:x:998: +netdev:x:999: +tracing:x:1000: +pulse:x:1001:pulse +nogroup:x:65534: diff --git a/meta-poky/conf/distro/include/reproducible-passwd b/meta-poky/conf/distro/include/reproducible-passwd new file mode 100644 index 0000000..876195e --- /dev/null +++ b/meta-poky/conf/distro/include/reproducible-passwd @@ -0,0 +1,25 @@ +root:x:0:0:root:/home/root:/bin/sh +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:65534:sync:/bin:/bin/sync +games:x:5:60:games:/usr/games:/bin/sh +man:x:6:12:man:/var/cache/man:/bin/sh +lp:x:7:7:lp:/var/spool/lpd:/bin/sh +mail:x:8:8:mail:/var/mail:/bin/sh +news:x:9:9:news:/var/spool/news:/bin/sh +uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +list:x:38:38:Mailing List Manager:/var/list:/bin/sh +irc:x:39:39:ircd:/var/run/ircd:/bin/sh +gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +pulse:x:993:1001::/var/run/pulse:/bin/false +distcc:x:994:65534::/dev/null:/bin/sh +sshd:x:995:994::/var/run/sshd:/bin/false +avahi:x:996:995::/var/run/avahi-daemon:/bin/false +rpcuser:x:997:996::/var/lib/nfs:/bin/false +rpc:x:998:997::/:/bin/false +messagebus:x:999:998::/var/lib/dbus:/bin/false +nobody:x:65534:65534:nobody:/nonexistent:/bin/sh diff --git a/meta-poky/conf/distro/poky-reproducible.conf b/meta-poky/conf/distro/poky-reproducible.conf new file mode 100644 index 0000000..c94f673 --- /dev/null +++ b/meta-poky/conf/distro/poky-reproducible.conf @@ -0,0 +1,38 @@ +require conf/distro/poky.conf +DISTRO = "poky-reproducible" + +BUILD_REPRODUCIBLE_BINARIES = "1" +REPRODUCIBLE_TIMESTAMP_ROOTFS ?= "1483228802" +LDCONFIGDEPEND = "" +do_image_cpio[depends] += "cpio-replacement-native:do_populate_sysroot" +EXTRANATIVEPATH += "cpio-native" +IMAGE_CMD_CPIO = "cpio --ignore-devno --reproducible " + +IMAGE_CMD_TAR = "tar -v --sort=name " + +PACKAGE_CLASSES ="package_deb" + +# For reproducibility, we need to consistently assign the UID/GID values. +# Use the static uid and gid mechanism from OE-core for that: +# http://www.yoctoproject.org/docs/latest/mega-manual/mega-manual.html#ref-classes-useradd +# +# Dynamically assigned IDs are detected and lead to an error during +# the build. +# +# Developers who need to add new entries should add their own mapping +# file to USERADD_UID_TABLES and/or USERADD_GID_TABLES, either in a +# derived distro config or in their local.conf. +# +# It is also possible to disable the mechanism by modifying USERADD_ERROR_DYNAMIC: +# "warn" merely prints a warning, empty value silently allows dynamic +# ID allocation. +# +# The actual files for UID/GID values come from core-image-minimal-sdk +# /etc/group +# /etc/passwd + +USERADDEXTENSION = "useradd-staticids" +USERADD_ERROR_DYNAMIC ??= "error" +USERADD_UID_TABLES += "conf/distro/include/reproducible-passwd" +USERADD_GID_TABLES += "conf/distro/include/reproducible-group" + -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
