Bug 1217973

Summary: warewulf: non-deterministic cpio files
Product: [openSUSE] openSUSE Tumbleweed Reporter: Bernhard Wiedemann <bwiedemann>
Component: OtherAssignee: Egbert Eich <eich>
Status: VERIFIED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: bwiedemann, cgoll
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1134568    

Description Bernhard Wiedemann 2023-12-12 08:05:44 UTC 
While working on reproducible builds for openSUSE, I found that
our warewulf package varies in every build.

8 cpio files in /var/lib/warewulf/initramfs/x86_64/ vary every time:
base
capabilities/provision-adhoc
capabilities/provision-files
capabilities/provision-selinux
capabilities/provision-vnfs
capabilities/setup-filesystems
capabilities/setup-ipmi
capabilities/transport-http

Here is a partial PoC patch that helped to produce bit-reproducible results:

--- a/provision/initramfs/capabilities/transport-http/Makefile.am
+++ b/provision/initramfs/capabilities/transport-http/Makefile.am
@@ -16,7 +16,7 @@ rootfs:
        done
 
 capability.cpio: rootfs
-       cd rootfs/; find . | cpio -o -H newc -F ../capability.cpio
+       cd rootfs/; find . | xargs touch -d @1690848000 ; find . | sort | cpio -o -H newc --reproducible -F ../capability.cpio
 
 install-data-local: capability.cpio
        install -d -m 755 $(DESTDIR)/$(WAREWULF_STATEDIR)/warewulf/initramfs/$(MACHINE)/capabilities



I'm not sure if the mtimes of files in the cpio files matter.
The source tar is from 2018, so not sure if upstream would be interested in this.
Comment 1 Egbert Eich 2024-03-23 16:45:59 UTC 
@Bernhard: the time stamp is not really relevant, however, I would like to use a time stamp from the sources.
I've got a package ready with the appropriate patch applied in my home on IBS (home:eeich:branches:network:cluster/warewulf). I assume you can test whether a package can be built reproducibly, I'd like to check if this change is sufficient.
Comment 2 Bernhard Wiedemann 2024-03-23 19:25:17 UTC 
There are still 3 unreproducible cpio files left:
/var/lib/warewulf/initramfs/x86_64/base
/var/lib/warewulf/initramfs/x86_64/capabilities/provision-vnfs
/var/lib/warewulf/initramfs/x86_64/capabilities/setup-ipmi



--- RPMS.1/var/lib/warewulf/initramfs/x86_64/capabilities/provision-vnfs
+++ RPMS.2/var/lib/warewulf/initramfs/x86_64/capabilities/provision-vnfs
@@ -2,7 +2,7 @@
 drwxr-xr-x   2 399      399    0 Mar 12  2018 warewulf
 drwxr-xr-x   2 399      399    0 Mar 12  2018 warewulf/provision
 -rwxr-xr-x   1 399      399  483 Mar 12  2018 warewulf/provision/30-getvnfs
--rwxr-xr-x   1 399      399 1604 Mar 23 19:16 warewulf/provision/50-config
+-rwxr-xr-x   1 399      399 1604 Apr 25  2040 warewulf/provision/50-config
 -rwxr-xr-x   1 399      399 2606 Mar 12  2018 warewulf/provision/60-runtimesupport
 -rwxr-xr-x   1 399      399  474 Mar 12  2018 warewulf/provision/70-devtree
--rwxr-xr-x   1 399      399 1119 Mar 23 19:16 warewulf/provision/70-kernelmodules
+-rwxr-xr-x   1 399      399 1119 Apr 25  2040 warewulf/provision/70-kernelmodules

> find rootfs/ -type d | xargs touch -r 30-getvnfs
It seems, you only touch directories, but not files.
Comment 3 Egbert Eich 2024-03-27 06:14:02 UTC 
The version in  home:eeich:branches:network:cluster/warewulf should be ok, now.
Please check.
Comment 4 Egbert Eich 2024-03-27 12:30:29 UTC 
Factory SR#1162862

Submitted upstream as https://github.com/warewulf/warewulf3/pull/324.
Comment 5 OBSbugzilla Bot 2024-03-27 15:35:01 UTC 
This is an autogenerated message for OBS integration:
This bug (1217973) was mentioned in
https://build.opensuse.org/request/show/1162930 Factory / warewulf
Comment 6 Bernhard Wiedemann 2024-03-31 06:12:45 UTC 
confirmed in test