[arch-releng] [PATCH 5/7] [releng] Add and use mkreproefi reproducible EFI build tool
Daniel Edgecumbe
git at esotericnonsense.com
Sat Sep 7 11:22:38 UTC 2019
It is not possible to deterministically create FAT16 filesystems
using the kernel drivers, so we add this dependency on 'mtools'
and create efiboot.img using it.
Motivation: https://reproducible-builds.org
Signed-off-by: Daniel Edgecumbe <git at esotericnonsense.com>
---
Makefile | 2 ++
archiso/mkreproefi | 62 +++++++++++++++++++++++++++++++++++++++++
configs/releng/build.sh | 10 ++-----
3 files changed, 66 insertions(+), 8 deletions(-)
create mode 100755 archiso/mkreproefi
diff --git a/Makefile b/Makefile
index 4ce70e7..1af9fdf 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,6 @@
# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2005-2019 Arch Linux Release Engineering Team
+# Copyright (C) 2019 Daniel Edgecumbe <email at esotericnonsense.com>
V=42
@@ -22,6 +23,7 @@ install: install-program install-initcpio install-examples install-doc
install-program:
install -D -m 755 archiso/mkarchiso $(DESTDIR)/usr/bin/mkarchiso
+ install -D -m 755 archiso/mkreproefi $(DESTDIR)/usr/bin/mkreproefi
install-initcpio:
install -d $(SCRIPT_DIR) $(HOOKS_DIR) $(INSTALL_DIR)
diff --git a/archiso/mkreproefi b/archiso/mkreproefi
new file mode 100755
index 0000000..ba3ba12
--- /dev/null
+++ b/archiso/mkreproefi
@@ -0,0 +1,62 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (C) 2019 Daniel Edgecumbe <email at esotericnonsense.com>
+
+set -e
+trap '[[ -d "${_tmpdir}" ]] && rm -rf "${_tmpdir}"' exit
+
+_tmpdir=$(mktemp -d)
+touch "${_tmpdir}/mkreproefi_was_here"
+
+die() {
+ echo $@ >&2
+ set -ex
+ exit 1
+}
+
+eecho() {
+ echo "${@}" >&2
+}
+
+usagedie() {
+ eecho "Usage: mkreproefi INPUT OUTPUT [FS_LABEL] [SIZE]"
+ eecho "Create an EFI image from an input directory"
+ eecho "Example: SOURCE_DATE_EPOCH=1234567890 mkreproefi efi/ efi.img MYEFI 64M"
+ die
+}
+
+checkdeps() {
+ type -P mmd > /dev/null || die "mmd not installed; install mtools?"
+ type -P mcopy > /dev/null || die "mcopy not installed; install mtools?"
+ type -P truncate > /dev/null || die "truncate not installed; install coreutils?"
+ type -P mkfs.fat > /dev/null || die "mkfs.fat not installed; install dosfstools?"
+}
+
+checkdeps
+
+[[ ${1} == "--help" ]] && usagedie
+[[ ${1} == "-h" ]] && usagedie
+
+[[ ${1} ]] || usagedie
+_input="${1}"
+
+[[ ${2} ]] || usagedie
+_output="${2}"
+
+if [[ ${3} ]]; then _fs_label="${3}"; else _fs_label="MKREPROEFI"; fi
+
+# Sane default.
+if [[ ${4} ]]; then _size="${4}"; else _size="256M"; fi
+
+[[ -d "${_input}" ]] || die "${_input} is not a directory"
+[[ ! -f "${_output}" ]] || die ${_output} already exists, not removing
+
+cp -a "${_input}"/* "${_tmpdir}"/
+
+# IMPORTANT NOTE: the epoch on FAT16 is 1980-01-01, not 1970-01-01 as in UNIX.
+# @315532800 is the lowest
+[[ ${SOURCE_DATE_EPOCH} ]] && find "${_tmpdir}" -mindepth 1 -print0 | xargs -0 touch -hcd "@${SOURCE_DATE_EPOCH}"
+
+truncate -s "${_size}" "${_output}"
+mkfs.fat --invariant -n "${_fs_label}" "${_output}"
+find "${_tmpdir}" -mindepth 1 -type d -printf '%P\0' | sort -z | xargs -I {} -0 -n 1 mcopy -i "${_output}" -m "${_tmpdir}/{}" "::{}"
diff --git a/configs/releng/build.sh b/configs/releng/build.sh
index 419ad7d..273b501 100755
--- a/configs/releng/build.sh
+++ b/configs/releng/build.sh
@@ -178,13 +178,6 @@ make_efi() {
# Prepare efiboot.img::/EFI for "El Torito" EFI boot mode
make_efiboot() {
- mkdir -p ${work_dir}/iso/EFI/archiso
- truncate -s 64M ${work_dir}/iso/EFI/archiso/efiboot.img
- mkfs.fat -n ARCHISO_EFI ${work_dir}/iso/EFI/archiso/efiboot.img
-
- mkdir -p ${work_dir}/efiboot
- mount ${work_dir}/iso/EFI/archiso/efiboot.img ${work_dir}/efiboot
-
mkdir -p ${work_dir}/efiboot/EFI/archiso
cp ${work_dir}/iso/${install_dir}/boot/x86_64/vmlinuz ${work_dir}/efiboot/EFI/archiso/vmlinuz.efi
cp ${work_dir}/iso/${install_dir}/boot/x86_64/archiso.img ${work_dir}/efiboot/EFI/archiso/archiso.img
@@ -210,7 +203,8 @@ make_efiboot() {
cp ${work_dir}/iso/EFI/shellx64_v2.efi ${work_dir}/efiboot/EFI/
cp ${work_dir}/iso/EFI/shellx64_v1.efi ${work_dir}/efiboot/EFI/
- umount -d ${work_dir}/efiboot
+ mkdir -p ${work_dir}/iso/EFI/archiso
+ mkreproefi ${work_dir}/efiboot ${work_dir}/iso/EFI/archiso/efiboot.img ARCHISO_EFI 64M
}
# Build airootfs filesystem image
--
2.23.0
More information about the arch-releng
mailing list