[PATCH v2] build: store buildsystem revision in packages

[Paul Spooren]

On Mon Jul 20, 2020 at 9:53 AM HST, Paul Spooren wrote:
> Buildinfo files were added to allow reproducible builds testing. The
> combination of the three buildinfo files
> {feeds,config,version}.buildinfo allows to recreate the buildsystem and
> check if compiled binaries are bit for bit the same as distributed on
> official servers.
>
> To support the verification efforts of the reproducible-builds.org team
> this patch adds the buildsystem revision to the packages manifest. This
> way all external feeds can be rebuild and verified.
>
> Instead of adding a single file to the package folder containing the
> revision, the *in package storage* of revisions allows incremental
> updates. Even though the buildbots currently rebuild all packages in
> each cycle, it would also be possible to only rebuild upgraded packages
> in the future.
>
> To keep the packages index small, as it is downloaded and stored on
> devices,
> it isn't added to the index and but only to the manifest.
>
> Tested with buildsystem and SDK on ath79/generic.
>
> Signed-off-by: Paul Spooren <mail at aparcar.org>

On second thought, this is a bad idea as packages are constantly rebuild
with changing build system revision, however keeping the same package
versions. This will greatly confuse opkg and bring no improvement to
reproducible builds. Once (if ever) specific package builds rather than
full rebuilds are possible, this patch should be applied.

> ---
> v2: Improved the commit message
>
> include/package-ipkg.mk | 1 +
> package/Makefile | 2 +-
> 2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
> index 622cbf3223..1dc8dc8f56 100644
> --- a/include/package-ipkg.mk
> +++ b/include/package-ipkg.mk
> @@ -184,6 +184,7 @@ $$(call addfield,Depends,$$(Package/$(1)/DEPENDS)
> )$$(call addfield,License,$(LICENSE)
> )$$(call addfield,LicenseFiles,$(LICENSE_FILES)
> )$$(call addfield,Section,$(SECTION)
> +)$$(call addfield,BuildsystemRevision,$(REVISION)
> )$$(call addfield,Require-User,$(USERID)
> )$(if $(PKG_CPE_ID),CPE-ID: $(PKG_CPE_ID)
> )$(if $(filter hold,$(PKG_FLAGS)),Status: unknown hold not-installed
> diff --git a/package/Makefile b/package/Makefile
> index 58c1ba2bbf..9ab99dadc3 100644
> --- a/package/Makefile
> +++ b/package/Makefile
> @@ -84,7 +84,7 @@ $(curdir)/index: FORCE
> mkdir -p $$d; \
> cd $$d || continue; \
> $(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages.manifest; \
> - grep -vE '^(Maintainer|LicenseFiles|Source|SourceName|Require)'
> Packages.manifest > Packages; \
> + grep -vE
> '^(Maintainer|LicenseFiles|Source|SourceName|Require|BuildsystemRevision)'
> Packages.manifest > Packages; \
> case "$$(((64 + $$(stat -L -c%s Packages)) % 128))" in 110|111) \
> $(call ERROR_MESSAGE,WARNING: Applying padding in $$d/Packages to
> workaround usign SHA-512 bug!); \
> { echo ""; echo ""; } >> Packages;; \
> --
> 2.25.1