From 871da8e580de48de41082cc80895cd84e77221ca Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Fri, 9 Sep 2016 00:05:54 +0200 Subject: [PATCH] util/release: make release archives reproducible tar doesn't sort by default and takes the order of the OS which is in most cases the order of creation. Sort by name and set influencing environment TZ and language to be reproducible. Change-Id: I3d043952417000d12e81353677f1ea4aa2da4fc1 Signed-off-by: Alexander Couzens Reviewed-on: https://review.coreboot.org/16556 Tested-by: build bot (Jenkins) Reviewed-by: Philipp Deppenwiese --- util/release/build-release | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/util/release/build-release b/util/release/build-release index d13e0388f4..11e71778c2 100755 --- a/util/release/build-release +++ b/util/release/build-release @@ -9,6 +9,13 @@ USERNAME=${3} GPG_KEY_ID=${4} set -e + +# set local + tz to be reproducible +LC_ALL=C +LANG=C +TZ=UTC +export LC_ALL LANG TZ + if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ]; then echo "usage: $0 [commit id] [gpg key id] [username]" echo "tags a new coreboot version and creates a tar archive" @@ -32,8 +39,8 @@ fi printf "${VERSION_NAME}-$(git log --pretty=%H|head -1)\n" > .coreboot-version tstamp=$(git log --pretty=format:%ci -1) cd .. -tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz -tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz +tar --sort=name --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz +tar --sort=name --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz if [ -n "${GPG_KEY_ID}" ]; then gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-${VERSION_NAME}.tar.xz gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-blobs-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-blobs-${VERSION_NAME}.tar.xz