Bug 1217973 - warewulf: non-deterministic cpio files
Summary: warewulf: non-deterministic cpio files
Status: VERIFIED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Egbert Eich
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1134568
  Show dependency treegraph
 
Reported: 2023-12-12 08:05 UTC by Bernhard Wiedemann
Modified: 2024-03-31 06:12 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2023-12-12 08:05:44 UTC 
While working on reproducible builds for openSUSE, I found that
our warewulf package varies in every build.

8 cpio files in /var/lib/warewulf/initramfs/x86_64/ vary every time:
base
capabilities/provision-adhoc
capabilities/provision-files
capabilities/provision-selinux
capabilities/provision-vnfs
capabilities/setup-filesystems
capabilities/setup-ipmi
capabilities/transport-http

Here is a partial PoC patch that helped to produce bit-reproducible results:

--- a/provision/initramfs/capabilities/transport-http/Makefile.am
+++ b/provision/initramfs/capabilities/transport-http/Makefile.am
@@ -16,7 +16,7 @@ rootfs:
        done
 
 capability.cpio: rootfs
-       cd rootfs/; find . | cpio -o -H newc -F ../capability.cpio
+       cd rootfs/; find . | xargs touch -d @1690848000 ; find . | sort | cpio -o -H newc --reproducible -F ../capability.cpio
 
 install-data-local: capability.cpio
        install -d -m 755 $(DESTDIR)/$(WAREWULF_STATEDIR)/warewulf/initramfs/$(MACHINE)/capabilities



I'm not sure if the mtimes of files in the cpio files matter.
The source tar is from 2018, so not sure if upstream would be interested in this.
Comment 1 Egbert Eich 2024-03-23 16:45:59 UTC 
@Bernhard: the time stamp is not really relevant, however, I would like to use a time stamp from the sources.
I've got a package ready with the appropriate patch applied in my home on IBS (home:eeich:branches:network:cluster/warewulf). I assume you can test whether a package can be built reproducibly, I'd like to check if this change is sufficient.
Comment 2 Bernhard Wiedemann 2024-03-23 19:25:17 UTC 
There are still 3 unreproducible cpio files left:
/var/lib/warewulf/initramfs/x86_64/base
/var/lib/warewulf/initramfs/x86_64/capabilities/provision-vnfs
/var/lib/warewulf/initramfs/x86_64/capabilities/setup-ipmi



--- RPMS.1/var/lib/warewulf/initramfs/x86_64/capabilities/provision-vnfs
+++ RPMS.2/var/lib/warewulf/initramfs/x86_64/capabilities/provision-vnfs
@@ -2,7 +2,7 @@
 drwxr-xr-x   2 399      399    0 Mar 12  2018 warewulf
 drwxr-xr-x   2 399      399    0 Mar 12  2018 warewulf/provision
 -rwxr-xr-x   1 399      399  483 Mar 12  2018 warewulf/provision/30-getvnfs
--rwxr-xr-x   1 399      399 1604 Mar 23 19:16 warewulf/provision/50-config
+-rwxr-xr-x   1 399      399 1604 Apr 25  2040 warewulf/provision/50-config
 -rwxr-xr-x   1 399      399 2606 Mar 12  2018 warewulf/provision/60-runtimesupport
 -rwxr-xr-x   1 399      399  474 Mar 12  2018 warewulf/provision/70-devtree
--rwxr-xr-x   1 399      399 1119 Mar 23 19:16 warewulf/provision/70-kernelmodules
+-rwxr-xr-x   1 399      399 1119 Apr 25  2040 warewulf/provision/70-kernelmodules

> find rootfs/ -type d | xargs touch -r 30-getvnfs
It seems, you only touch directories, but not files.
Comment 3 Egbert Eich 2024-03-27 06:14:02 UTC 
The version in  home:eeich:branches:network:cluster/warewulf should be ok, now.
Please check.
Comment 4 Egbert Eich 2024-03-27 12:30:29 UTC 
Factory SR#1162862

Submitted upstream as https://github.com/warewulf/warewulf3/pull/324.
Comment 5 OBSbugzilla Bot 2024-03-27 15:35:01 UTC 
This is an autogenerated message for OBS integration:
This bug (1217973) was mentioned in
https://build.opensuse.org/request/show/1162930 Factory / warewulf
Comment 6 Bernhard Wiedemann 2024-03-31 06:12:45 UTC 
confirmed in test