[PATCH/RFC] kernel-defaults.mk: get rid of BuildID
Daniel Golle
daniel at makrotopia.org
Tue Apr 5 11:51:14 PDT 2022
On Tue, Apr 05, 2022 at 05:05:43PM +0200, Felix Fietkau wrote:
> On 05.04.22 03:14, Daniel Golle wrote:
> > When building the Linux kernel, the linker generates a hash of all
> > versions of tools involved in a build called BuildID in ELF header.
> > This breaks reproducibility accross different buildhosts eventhough
> > OpenWrt builds the toolchain from source -- the build-id hash ends up
> > to be the only thing which differs in the resulting builds.
> >
> > The cause is most likely a result of the build hosts' architectures,
> > OSs and standard C libraries being different.
> >
> > While in theory it is true that tools may produce a different output
> > depending on archtecture, OS and libc of the buildhost, in practice
> > this is (fortunately) hardly ever the case and hence it contradicts
> > ld(1) which states:
> >
> > 'The "md5" and "sha1" styles produces an identifier that is always
> > the same in an identical output file, but will be unique among all
> > nonidentical output files.'
> >
> > (the kernel is using sha1 style build-id, rebuilding the kernel on a
> > different buildhost results in everything being identical **except**
> > for the build-id)
> >
> > Hence, to achieve reproducible builds we will either have to resort to
> > identical containers/VMs for building or get rid of the BuildID hash
> > alltogether (or use a different build-id style)
> >
> > At this point, this seems to be what Debian is doing as well in order
> > to achieve reproducible kernel builds, see[1].
> >
> > [1]: https://wiki.debian.org/SameKernel#How_this_works
> > Signed-off-by: Daniel Golle <daniel at makrotopia.org>
> >
> > diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
> > index 1e82f7d739..9c8d5fbe97 100644
> > --- a/include/kernel-defaults.mk
> > +++ b/include/kernel-defaults.mk
> > @@ -46,6 +46,7 @@ else
> > if [ -d $(LINUX_DIR)/user_headers ]; then \
> > rm -rf $(LINUX_DIR)/user_headers; \
> > fi
> > + $(SED) -i $(LINUX_DIR)/Makefile -e 's/--build-id=.*/--build-id=none/g'
> I don't like running sed on the linux Makefile, as this interferes with
> creating patches for it. I think it would be better to simply override
> KBUILD_LDFLAGS_MODULE on the kernel/module build command line.
You probably meant LDFLAGS_vmlinux because from what I understand
KBUILD_LDFLAGS_MODULE only applies when building modules but not when
linking vmlinux.
As ld only cares about the last mentioned --build-id= parameter
supplied, we can override it using KBUILD_LDFLAGS (which should apply
to both, vmlinux.elf as well as modules).
I haven't tried any of that yet though.
More information about the openwrt-devel
mailing list