[PATCH/RFC] kernel-defaults.mk: get rid of BuildID
nbd at nbd.name
Tue Apr 5 12:13:07 PDT 2022
On 05.04.22 20:51, Daniel Golle wrote:
> On Tue, Apr 05, 2022 at 05:05:43PM +0200, Felix Fietkau wrote:
>> On 05.04.22 03:14, Daniel Golle wrote:
>> > When building the Linux kernel, the linker generates a hash of all
>> > versions of tools involved in a build called BuildID in ELF header.
>> > This breaks reproducibility accross different buildhosts eventhough
>> > OpenWrt builds the toolchain from source -- the build-id hash ends up
>> > to be the only thing which differs in the resulting builds.
>> > The cause is most likely a result of the build hosts' architectures,
>> > OSs and standard C libraries being different.
>> > While in theory it is true that tools may produce a different output
>> > depending on archtecture, OS and libc of the buildhost, in practice
>> > this is (fortunately) hardly ever the case and hence it contradicts
>> > ld(1) which states:
>> > 'The "md5" and "sha1" styles produces an identifier that is always
>> > the same in an identical output file, but will be unique among all
>> > nonidentical output files.'
>> > (the kernel is using sha1 style build-id, rebuilding the kernel on a
>> > different buildhost results in everything being identical **except**
>> > for the build-id)
>> > Hence, to achieve reproducible builds we will either have to resort to
>> > identical containers/VMs for building or get rid of the BuildID hash
>> > alltogether (or use a different build-id style)
>> > At this point, this seems to be what Debian is doing as well in order
>> > to achieve reproducible kernel builds, see.
>> > : https://wiki.debian.org/SameKernel#How_this_works
>> > Signed-off-by: Daniel Golle <daniel at makrotopia.org>
>> > diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
>> > index 1e82f7d739..9c8d5fbe97 100644
>> > --- a/include/kernel-defaults.mk
>> > +++ b/include/kernel-defaults.mk
>> > @@ -46,6 +46,7 @@ else
>> > if [ -d $(LINUX_DIR)/user_headers ]; then \
>> > rm -rf $(LINUX_DIR)/user_headers; \
>> > fi
>> > + $(SED) -i $(LINUX_DIR)/Makefile -e 's/--build-id=.*/--build-id=none/g'
>> I don't like running sed on the linux Makefile, as this interferes with
>> creating patches for it. I think it would be better to simply override
>> KBUILD_LDFLAGS_MODULE on the kernel/module build command line.
> You probably meant LDFLAGS_vmlinux because from what I understand
> KBUILD_LDFLAGS_MODULE only applies when building modules but not when
> linking vmlinux.
> As ld only cares about the last mentioned --build-id= parameter
> supplied, we can override it using KBUILD_LDFLAGS (which should apply
> to both, vmlinux.elf as well as modules).
> I haven't tried any of that yet though.Right, I overlooked that one. Either way, you likely need to patch the
kernel in order to not have to override the full set of linker
arguments. I still think explicit patching + variable override is
preferable over sed based Makefile patching.
More information about the openwrt-devel