#!/bin/bash # Copyright 2014-2015 Holger Levsen # © 2015 Mattia Rizzolo # released under the GPLv=2 DEBUG=false . /srv/jenkins/bin/common-functions.sh common_init "$@" # common code defining db access . /srv/jenkins/bin/reproducible_common.sh set -e # build for different architectures ARCHS="i386" # mips arm riscv" # arm64 cleanup_tmpdir() { cd rm -r $TMPDIR } create_results_dirs() { mkdir -p $BASE/coreboot/dbd } call_debbindiff() { local TMPLOG=(mktemp --tmpdir=$TMPDIR) echo set +e set -x ( timeout $TIMEOUT schroot \ --directory $TMPDIR \ -c source:jenkins-reproducible-${DBDSUITE}-debbindiff \ debbindiff -- \ --html $TMPDIR/$1.html \ $TMPDIR/b1/$1/coreboot.rom \ $TMPDIR/b2/$1/coreboot.rom 2>&1 \ ) 2>&1 >> $TMPLOG RESULT=$? if ! "$DEBUG" ; then set +x ; fi set -e cat $TMPLOG # print dbd output rm -f $TMPLOG case $RESULT in 0) echo "$1/coreboot.rom is reproducible, yay!" ;; 1) echo "$DBDVERSION found issues, please investigate $1/coreboot.rom" ;; 2) echo "$DBDVERSION had trouble comparing the two builds. Please investigate $1/coreboot.rom" ;; 124) if [ ! -s $TMPDIR/$1.html ] ; then echo "$(date -u) - $DBDVERSION produced no output and was killed after running into timeout after ${TIMEOUT}..." else local msg="$DBDVERSION was killed after running into timeout after $TIMEOUT" msg="$msg, but there is still $TMPDIR/$1.html" fi echo $msg ;; *) echo "Something weird happened when running $DBDVERSION (which exited with $RESULT) and I don't know how to handle it" ;; esac } # FIXME: include these variations #build_rebuild() { #( timeout -k 12h 12h nice ionice -c 3 sudo \ # printf "BUILDUSERID=2222\nBUILDUSERNAME=pbuilder2\n" > $TMPCFG # /usr/bin/linux64 --uname-2.6 \ # /usr/bin/unshare --uts -- \ # --hookdir /etc/pbuilder/rebuild-hooks \ # # main # TMPDIR=$(mktemp --tmpdir=/srv/reproducible-results -d) # where everything actually happens trap cleanup_tmpdir INT TERM EXIT cd $TMPDIR DATE=$(date -u +'%Y-%m-%d %H:%M') START=$(date +'%s') mkdir b1 b2 echo "=============================================================================" echo "$(date -u) - Cloning the coreboot git repository with submodules now." echo "=============================================================================" CAFILE=/etc/ssl/ca-global/ca-certificates.crt CACONFIG= [ -f "$CAFILE" ] && CACONFIG="GIT_SSL_CAINFO=$CAFILE" env $CACONFIG git clone --recursive https://review.coreboot.org/p/coreboot.git cd coreboot # still required because coreboot moved submodules and to take care of old git versions env $CACONFIG git submodule update --init --checkout 3rdparty/blobs COREBOOT="$(git log -1)" COREBOOT_VERSION=$(git describe) echo "=============================================================================" echo "$(date -u) - Building cross compilers for ${ARCHS} now." echo "=============================================================================" for ARCH in ${ARCHS} ; do nice ionice -c 3 make crossgcc-$ARCH || true # don't fail the full job just because some targets fail done echo "=============================================================================" echo "$(date -u) - Building coreboot ${COREBOOT_VERSION} images now - first build run." echo "=============================================================================" export TZ="/usr/share/zoneinfo/Etc/GMT+12" # prevent failing using more than one CPU sed -i 's#MAKE=$i#MAKE=make#' util/abuild/abuild # use all cores for first build NUM_CPU=$(cat /proc/cpuinfo |grep '^processor'|wc -l) sed -i "s#cpus=1#cpus=$NUM_CPU#" util/abuild/abuild sed -i 's#USE_XARGS=1#USE_XARGS=0#g' util/abuild/abuild # actually build everything nice ionice -c 3 \ bash util/abuild/abuild || true # don't fail the full job just because some targets fail cd coreboot-builds for i in * ; do if [ -f $i/coreboot.rom ] ; then mkdir $TMPDIR/b1/$i cp -p $i/coreboot.rom $TMPDIR/b1/$i/ fi done cd .. rm coreboot-builds -rf echo "=============================================================================" echo "$(date -u) - Building coreboot images now - second build run." echo "=============================================================================" export TZ="/usr/share/zoneinfo/Etc/GMT-14" export LANG="fr_CH.UTF-8" export LC_ALL="fr_CH.UTF-8" export PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" umask 0002 # use allmost all cores for second build NEW_NUM_CPU=$(echo $NUM_CPU-1|bc) sed -i "s#cpus=$NUM_CPU#cpus=$NEW_NUM_CPU#" util/abuild/abuild nice ionice -c 3 \ linux64 --uname-2.6 \ bash util/abuild/abuild || true # don't fail the full job just because some targets fail # reset environment to default values again export LANG="en_GB.UTF-8" unset LC_ALL export TZ="/usr/share/zoneinfo/UTC" export PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:" umask 0022 cd coreboot-builds for i in * ; do if [ -f $i/coreboot.rom ] ; then mkdir $TMPDIR/b2/$i cp -p $i/coreboot.rom $TMPDIR/b2/$i/ fi done cd .. rm coreboot-builds -r cd .. TIMEOUT="30m" DBDSUITE="unstable" DBDVERSION="$(schroot --directory /tmp -c source:jenkins-reproducible-${DBDSUITE}-debbindiff debbindiff -- --version 2>&1)" echo "=============================================================================" echo "$(date -u) - Running $DBDVERSION on coreboot images now" echo "=============================================================================" # and creating the webpage while we're at it PAGE=$PWD/coreboot/coreboot.html cat > $PAGE <<- EOF coreboot

 

coreboot

coreboot™: fast, flexible and reproducible Open Source firmware?


EOF write_page "

Reproducible Coreboot

" write_page "

This is work in progress started on 2015-06-04." write_page "

Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source. There is a lot more information about reproducible builds on the Debian wiki and on https://reproducible.debian.net.

" write_page "

Reproducible Coreboot is an effort to apply this to coreboot. Thus each coreboot.rom is build twice, with a few varitations added and then those two ROMs are compared using debbindiff.

" write_page "

Currently this set up to be updated monthly, but as this is brand new, the udate frequency is much higher. Patches are very much welcome, the coreboot pages are solely generated by reproducible_coreboot.sh.

" write_page "

Test were run on $DATE for version ${COREBOOT_VERSION}.

$COREBOOT

" write_explaination_table coreboot write_page "
    " ROMS=0 RROMS=0 create_results_dirs cd b1 for i in * ; do let ROMS+=1 call_debbindiff $i if [ -f $TMPDIR/$i.html ] ; then mv $TMPDIR/$i.html $BASE/coreboot/dbd/$i.html write_page "
  • \"unreproducible $i is unreproducible.
  • " else write_page "
  • \"reproducible$i had no debbindiff output so its probably reproducible :)
  • " let RROMS+=1 fi done PERCENT=$(echo "scale=1 ; ($RROMS*100/$ROMS)" | bc) write_page "

$RROMS ($PERCENT%) out of $ROMS built coreboot images were reproducible.

" cat >> $PAGE <<- EOF
EOF write_page_footer cd .. PAGE=coreboot/coreboot.html publish_page # the end calculate_build_duration print_out_duration irc_message "$REPRODUCIBLE_URL/coreboot/ has been updated." # remove coreboot tree, we don't need it anymore... rm coreboot -r cleanup_tmpdir trap - INT TERM EXIT