[coreboot-gerrit] Patch set updated for coreboot: util/release: make release archives reproducible

Alexander Couzens (lynxis@fe80.eu) gerrit at coreboot.org
Thu Sep 15 02:39:07 CEST 2016 

Alexander Couzens (lynxis at fe80.eu) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/16556

-gerrit

commit 13657a0534bffec1ebc60b6007b4045a51e969cf
Author: Alexander Couzens <lynxis at fe80.eu>
Date:   Fri Sep 9 00:05:54 2016 +0200

    util/release: make release archives reproducible
    
    tar doesn't sort by default and take the order of the OS which is in
    most cases the order of creation. Sort by name and set influencing
    environment TZ and language to be reproducible.
    
    Change-Id: I3d043952417000d12e81353677f1ea4aa2da4fc1
    Signed-off-by: Alexander Couzens <lynxis at fe80.eu>
---
 util/release/build-release | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/util/release/build-release b/util/release/build-release
index d13e038..11e7177 100755
--- a/util/release/build-release
+++ b/util/release/build-release
@@ -9,6 +9,13 @@ USERNAME=${3}
 GPG_KEY_ID=${4}
 
 set -e
+
+# set local + tz to be reproducible
+LC_ALL=C
+LANG=C
+TZ=UTC
+export LC_ALL LANG TZ
+
 if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ]; then
 	echo "usage: $0 <version> [commit id] [gpg key id] [username]"
 	echo "tags a new coreboot version and creates a tar archive"
@@ -32,8 +39,8 @@ fi
 printf "${VERSION_NAME}-$(git log --pretty=%H|head -1)\n" > .coreboot-version
 tstamp=$(git log --pretty=format:%ci -1)
 cd ..
-tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz
-tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz
+tar --sort=name --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz
+tar --sort=name --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz
 if [ -n "${GPG_KEY_ID}" ]; then
 	gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-${VERSION_NAME}.tar.xz
 	gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-blobs-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-blobs-${VERSION_NAME}.tar.xz

More information about the coreboot-gerrit mailing list