From e80793bfbf99b4264cd2c8c9b3b8f210f886d053 Mon Sep 17 00:00:00 2001 From: Holger Levsen Date: Sat, 13 Jun 2015 12:06:37 +0200 Subject: reproducible openwrt: also analyse .ipk packages --- TODO | 15 ++++++------- bin/reproducible_openwrt.sh | 54 +++++++++++++++++++++++++++++++++++---------- 2 files changed, 49 insertions(+), 20 deletions(-) diff --git a/TODO b/TODO index 517e1792..a673b4b8 100644 --- a/TODO +++ b/TODO @@ -247,16 +247,15 @@ egrep -R -l '(debbindiff had trouble comparing|maybe there is still )' /var/lib/ *** CONFIG_PAYLOAD_FILO is not set *** CONFIG_PAYLOAD_GRUB2 is not set *** CONFIG_PAYLOAD_TIANOCORE is not set +** do bi-weekly runs * openwrt ----- - wenn man einmal make defconfig ausgeführt hat, gibt's paket und target metadaten in tmp/.packageinfo und tmp/.targetinfo - man kann ne .config mit der target auswahl und CONFIG_ALL=y erstellen und mit make defconfig auffüllen - reicht ja erstmal, mit dem basis paketsatz anzufangen - das wird für ein target deutlich weniger als 12h brauchen - default config ohne CONFIG_ALL dauert bei meinem laptop in der regel <30 min - mit CONFIG_ALL vielleicht 2-3 stunden oder so ----- +** add credit for logo/artwork +** build more archs (http://downloads.openwrt.org/chaos_calmer/15.05-rc1/ lists many to choose from) +** build less images from ar71xx? (and other archs too) +** build all packages? (set CONFIG_ALL=y and run 'make defconfig') +** file dbd bug about unable to inspect these .bin files +** do bi-weekly runs * remote scheduling: ---- diff --git a/bin/reproducible_openwrt.sh b/bin/reproducible_openwrt.sh index 12c00636..ec9c57fd 100755 --- a/bin/reproducible_openwrt.sh +++ b/bin/reproducible_openwrt.sh @@ -23,7 +23,7 @@ create_results_dirs() { } call_debbindiff() { - mkdir -p $TMPDIR/$1 + mkdir -p $TMPDIR/$1/$(dirname $2) local TMPLOG=(mktemp --tmpdir=$TMPDIR) local msg="" set +e @@ -215,14 +215,16 @@ echo "" >> $TOOLCHAIN_HTML rm -r $TMPBUILDDIR/openwrt # run debbindiff on the results +# (this needs refactoring rather badly) TIMEOUT="30m" DBDSUITE="unstable" DBDVERSION="$(schroot --directory /tmp -c source:jenkins-reproducible-${DBDSUITE}-debbindiff debbindiff -- --version 2>&1)" echo "=============================================================================" echo "$(date -u) - Running $DBDVERSION on OpenWRT images and packages." echo "=============================================================================" -IMAGES_HTML=$(mktemp) -echo " " > $IMAGES_HTML +DBD_HTML=$(mktemp) +# run debbindiff on the images +echo "
Images for $TARGET
" > $DBD_HTML GOOD_IMAGES=0 ALL_IMAGES=0 create_results_dirs @@ -237,20 +239,48 @@ for i in * ; do if [ -f $TMPDIR/$i/$j.html ] ; then mkdir -p $BASE/openwrt/dbd/$i mv $TMPDIR/$i/$j.html $BASE/openwrt/dbd/$i/$j.html - echo " " >> $IMAGES_HTML + echo " " >> $DBD_HTML else SHASUM=$(sha256sum $j|cut -d " " -f1) - echo " " >> $IMAGES_HTML + echo " " >> $DBD_HTML let GOOD_IMAGES+=1 rm -f $BASE/openwrt/dbd/$i/$j.html # cleanup from previous (unreproducible) tests - if needed fi done cd .. done -echo "
Images for $TARGET
\"unreproducible $j (${SIZE}K) is unreproducible.
\"unreproducible $j (${SIZE}K) is unreproducible.
\"reproducible $j ($SHASUM, ${SIZE}K) is reproducible.
\"reproducible $j ($SHASUM, ${SIZE}K) is reproducible.
" >> $IMAGES_HTML -GOOD_PERCENT=$(echo "scale=1 ; ($GOOD_IMAGES*100/$ALL_IMAGES)" | bc) +echo " " >> $DBD_HTML +GOOD_PERCENT_IMAGES=$(echo "scale=1 ; ($GOOD_IMAGES*100/$ALL_IMAGES)" | bc) +# run debbindiff on the packages +echo " " >> $DBD_HTML +GOOD_PACKAGES=0 +ALL_PACKAGES=0 +create_results_dirs +cd $TMPDIR/b1 +for i in * ; do + cd $i + for j in $(find * -name "*.ipk" |sort -u ) ; do + let ALL_PACKAGES+=1 + call_debbindiff $i $j + SIZE="$(du -h -b $j | cut -f1)" + SIZE="$(echo $SIZE/1024|bc)" + if [ -f $TMPDIR/$i/$j.html ] ; then + mkdir -p $BASE/openwrt/dbd/$i/$(dirname $j) + mv $TMPDIR/$i/$j.html $BASE/openwrt/dbd/$i/$j.html + echo " " >> $DBD_HTML + else + SHASUM=$(sha256sum $j|cut -d " " -f1) + echo " " >> $DBD_HTML + let GOOD_PACKAGES+=1 + rm -f $BASE/openwrt/dbd/$i/$j.html # cleanup from previous (unreproducible) tests - if needed + fi + done + cd .. +done +echo "
Packages for $TARGET
\"unreproducible $j (${SIZE}K) is unreproducible.
\"reproducible $j ($SHASUM, ${SIZE}K) is reproducible.
" >> $DBD_HTML +GOOD_PERCENT_PACKAGES=$(echo "scale=1 ; ($GOOD_PACKAGES*100/$ALL_PACKAGES)" | bc) # are we there yet? -if [ "$GOOD_PERCENT" = "100.0" ] ; then +if [ "$GOOD_PERCENT_IMAGES" = "100.0" ] || [ "$GOOD_PERCENT_PACKAGES" = "100.0" ]; then MAGIC_SIGN="!" else MAGIC_SIGN="?" @@ -282,10 +312,10 @@ write_page "

Reproducible OpenWRT - reproducible wireless fre write_page "

Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is a lot more information about reproducible builds on the Debian wiki and on https://reproducible.debian.net. The wiki has a lot more information, eg. why this is useful, what common issues exist and which workarounds and solutions are known.
" write_page " Reproducible OpenWRT is an effort to apply this to OpenWRT. Thus each OpenWR target is build twice, with a few varitations added and then the resulting images from the two builds are compared using debbindiff. Please note that the toolchain is not varied at all as the rebuild happens on exactly the same system. More variations are expected to be seen in the wild.

" write_page "

There is a monthly run jenkins job to test the master branch of openwrt.git. Currently this job is triggered more often though, because this is still under development and brand new. The jenkins job is simply running reproducible_openwrt.sh in a Debian environemnt and this script is solely responsible for creating this page. Feel invited to join #debian-reproducible (on irc.oftc.net) to request job runs whenever sensible. Patches and other feedback are very much appreciated!

" -write_page "

$GOOD_IMAGES ($GOOD_PERCENT%) out of $ALL_IMAGES built openwrt images were reproducible in our test setup." +write_page "

$GOOD_IMAGES ($GOOD_PERCENT_IMAGES%) out of $ALL_IMAGES built images and $GOOD_PACKAGES ($GOOD_PERCENT_PACKAGES%) out of $ALL_PACKAGES built packages were reproducible in our test setup." write_page " These tests were last run on $DATE for version ${OPENWRT_VERSION}.

" write_explaination_table OpenWRT -cat $IMAGES_HTML >> $PAGE +cat $DBD_HTML >> $PAGE write_page "
git commit built
>" echo -n "$OPENWRT" >> $PAGE write_page "
" @@ -293,12 +323,12 @@ cat $TOOLCHAIN_HTML >> $PAGE write_page " " write_page_footer OpenWRT publish_page -rm -f $IMAGES_HTML $TOOLCHAIN_HTML +rm -f $DBD_HTML $TOOLCHAIN_HTML # the end calculate_build_duration print_out_duration -irc_message "$REPRODUCIBLE_URL/openwrt/ has been updated. ($GOOD_PERCENT% reproducible)" +irc_message "$REPRODUCIBLE_URL/openwrt/ has been updated. ($GOOD_PERCENT_IMAGES% images and $GOOD_PERCENT_PACKAGES% reproducible)" echo "=============================================================================" # remove everything, we don't need it anymore... -- cgit v1.2.3-70-g09d2