[Git][reproducible-builds/reproducible-website][master] 4 commits: _docs/archives.md: Add section on initramfs images / cpio archives

Tue Nov 19 19:29:35 UTC 2019


Holger Levsen pushed to branch master at Reproducible Builds / reproducible-website


Commits:
c584cec4 by Daniel Edgecumbe at 2019-11-17T17:24:52Z
_docs/archives.md: Add section on initramfs images / cpio archives

- - - - -
ca41b31c by Bernhard M. Wiedemann at 2019-11-19T10:15:19Z
Document tar PaxHeader nondeterminism

based on
https://git.savannah.gnu.org/cgit/tar.git/tree/doc/tar.texi?id=f122fc94a7#n10592
https://git.savannah.gnu.org/cgit/tar.git/tree/tests/append02.at?id=f122fc94a7#n64
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=ef0f882382f6

If you create an archive in POSIX format
and the environment variable `POSIXLY_CORRECT` is set, then the
two archives created using the same options on the same set of files
will not be byte-to-byte equivalent even with the above option.  This
is because the posix default for extended header names includes the
PID of the tar process, which is different at each run.

- - - - -
783a8e16 by Holger Levsen at 2019-11-19T19:28:10Z
Merge branch 'mr-origin-49'

- - - - -
c75dd6bb by Holger Levsen at 2019-11-19T19:29:15Z
Merge branch 'mr-origin-50'

- - - - -


1 changed file:

- _docs/archives.md


Changes:

=====================================
_docs/archives.md
=====================================
@@ -106,6 +106,15 @@ record 0 as values:
 $ tar --owner=0 --group=0 --numeric-owner -cf product.tar build
 {% endhighlight %}
 
+PAX headers
+-----------
+
+GNU tar defaults to the pax format and if `POSIXLY_CORRECT` is set, that adds files' ctime, atime and the PID of the tar process as non-deterministic metadata.
+
+To avoid this, either `unset POSIXLY_CORRECT` (only works with [tar>1.32](https://git.savannah.gnu.org/cgit/tar.git/commit/?id=ef0f882382f6)) or add to the tar call
+`--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime` or `--format=gnu` (both only available in GNU tar)
+or use `--format=ustar` if the limitations in that format are not a problem.
+
 Full example
 ------------
 
@@ -117,6 +126,7 @@ The recommended way to create a Tar archive is thus:
 $ tar --sort=name \
       --mtime="@${SOURCE_DATE_EPOCH}" \
       --owner=0 --group=0 --numeric-owner \
+      --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
       -cf product.tar build
 {% endhighlight %}
 </div>
@@ -166,3 +176,28 @@ or `objcopy`:
 The above does not fix [file ordering]({{ "/docs/stable-inputs/" | prepend: site.baseurl }}).
 
 [^distros-with-default]: Debian since [version 2.25-6](https://tracker.debian.org/news/675691)/stretch, Ubuntu since version 2.25-8ubuntu1/artful 17.10. It is the default for Fedora 22 and Fedora 23, but it seems this will be [reverted in Fedora 24](https://bugzilla.redhat.com/show_bug.cgi?id=1195883).
+
+Initramfs images
+----------------
+
+*cpio* archives are commonly used for initramfs images. The *cpio* header
+format (see `man 5 cpio`) can contain device and inode numbers, which whilst
+deterministic, can vary from system to system.
+
+One way to filter these is by piping through bsdtar.
+
+Example of non-deterministic code:
+```
+echo ucode.bin |
+    bsdcpio -o -H newc -R 0:0 > ucode.img
+```
+
+Example of deterministic code:
+```
+echo ucode.bin |
+    bsdtar --uid 0 --gid 0 -cnf - -T - |
+    bsdtar --null -cf - --format=newc @- > ucode.img
+```
+
+Note that other issues such as timestamps may still require rectification prior
+to archival.



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/5fea229ec945231f487eaf06908770f8acb89bd5...c75dd6bb71cd04755b9098923a855779f4fd2279

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/5fea229ec945231f487eaf06908770f8acb89bd5...c75dd6bb71cd04755b9098923a855779f4fd2279
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20191119/fe5cd9d7/attachment.htm>
