| Message ID | 874k89kl8o.fsf@ponder |
|---|---|
| State | Superseded |
| Headers | show |
| Series | reproducible builds: strip embedded file paths | expand |
在 2021-11-18星期四的 17:05 -0800,Vagrant Cascadian写道: > > Unfortunately, the use of __FILE__ can embed the absolute build path > in > the resulting binary, resulting in different binaries depending on > which > path the build was performed in. Under what scenarios will absolute paths be embed. Regards, Xiang W
On 21 Nov 2021, at 16:40, Xiang W <wxjstz@126.com> wrote: > > 在 2021-11-18星期四的 17:05 -0800,Vagrant Cascadian写道: >> >> Unfortunately, the use of __FILE__ can embed the absolute build path >> in >> the resulting binary, resulting in different binaries depending on >> which >> path the build was performed in. > > Under what scenarios will absolute paths be embed. As Vagrant said: "A recent commit 12753d22563f7d2d01f2c6644c7b66b06eb5c90f introduced a use of __FILE__ to display the file in some debugging output.” The lazy BUG macro, added in that commit, uses __FILE__. Jess
On 2021-11-22, Xiang W. wrote: > 在 2021-11-18星期四的 17:05 -0800,Vagrant Cascadian写道: >> >> Unfortunately, the use of __FILE__ can embed the absolute build path >> in >> the resulting binary, resulting in different binaries depending on >> which >> path the build was performed in. > > Under what scenarios will absolute paths be embed. In each of the directories below, I built using the same toolchain from the same git commit... $ cd /home/vagrant/src/opensbi/opensbi1 $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n PLATFORM=generic ... $ strings build/platform/generic/firmware/fw_dynamic.bin | grep /home/vagrant /home/vagrant/src/opensbi/opensbi1/lib/sbi/riscv_asm.c $ cd /home/vagrant/src/opensbi/opensbi2 $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n PLATFORM=generic ... $ strings build/platform/generic/firmware/fw_dynamic.bin | grep /home/vagrant /home/vagrant/src/opensbi/opensbi2/lib/sbi/riscv_asm.c With the patch applied: $ cd /home/vagrant/src/opensbi/opensbi3 $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n PLATFORM=generic ... $ strings build/platform/generic/firmware/fw_dynamic.bin | grep /home/vagrant $ strings build/platform/generic/firmware/fw_dynamic.bin | grep riscv_asm.c ./lib/sbi/riscv_asm.c A relative path within the source should be sufficient for the debug message to properly identify the relevent source files... An alternate approach would be to not use __FILE__ at all, but that would probably take more code than passing -ffile-prefix-map at compile time. Thanks! live well, vagrant
在 2021-11-21星期日的 11:20 -0800,Vagrant Cascadian写道: > of the directories below, I built using the same toolchain from > the same git commit... > > $ cd /home/vagrant/src/opensbi/opensbi1 > $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n > PLATFORM=generic > ... > $ strings build/platform/generic/firmware/fw_dynamic.bin | grep > /home/vagrant > /home/vagrant/src/opensbi/opensbi1/lib/sbi/riscv_asm.c > > $ cd /home/vagrant/src/opensbi/opensbi2 > $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n > PLATFORM=generic > ... > $ strings build/platform/generic/firmware/fw_dynamic.bin | grep > /home/vagrant > /home/vagrant/src/opensbi/opensbi2/lib/sbi/riscv_asm.c > > > With the patch applied: > > $ cd /home/vagrant/src/opensbi/opensbi3 This is because the source file uses the absolute path when compiling, you can use the relative path by modifying the Makefile diff --git a/Makefile b/Makefile index 8623c1c..d017534 100644 --- a/Makefile +++ b/Makefile @@ -361,7 +361,7 @@ compile_cc_dep = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ -MM $(2) >> $(1) || rm -f $(1) compile_cc = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ echo " CC $(subst $(build_dir)/,,$(1))"; \ - $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c $(2) - o $(1) + $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c $(subst $(src_dir)/,,$(2)) -o $(1) compile_as_dep = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ echo " AS-DEP $(subst $(build_dir)/,,$(1))"; \ printf %s `dirname $(1)`/ > $(1) && \ Regards, Xiang W
On 2021-11-22, Xiang W. wrote: > 在 2021-11-21星期日的 11:20 -0800,Vagrant Cascadian写道: >> of the directories below, I built using the same toolchain from >> the same git commit... >> >> $ cd /home/vagrant/src/opensbi/opensbi1 >> $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n >> PLATFORM=generic >> ... >> $ strings build/platform/generic/firmware/fw_dynamic.bin | grep >> /home/vagrant >> /home/vagrant/src/opensbi/opensbi1/lib/sbi/riscv_asm.c ... > This is because the source file uses the absolute path when compiling, > you can use the relative path by modifying the Makefile > > diff --git a/Makefile b/Makefile > index 8623c1c..d017534 100644 > --- a/Makefile > +++ b/Makefile > @@ -361,7 +361,7 @@ compile_cc_dep = $(CMD_PREFIX)mkdir -p `dirname > $(1)`; \ > -MM $(2) >> $(1) || rm -f $(1) > compile_cc = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ > echo " CC $(subst $(build_dir)/,,$(1))"; \ > - $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c $(2) - > o $(1) > + $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c > $(subst $(src_dir)/,,$(2)) -o $(1) > compile_as_dep = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ > echo " AS-DEP $(subst $(build_dir)/,,$(1))"; \ > printf %s `dirname $(1)`/ > $(1) && \ That solves the issue and is probably better than passing more compiler arguments, thanks! live well, vagrant
On Mon, Nov 22, 2021 at 10:02 AM Vagrant Cascadian <vagrant@reproducible-builds.org> wrote: > > On 2021-11-22, Xiang W. wrote: > > 在 2021-11-21星期日的 11:20 -0800,Vagrant Cascadian写道: > >> of the directories below, I built using the same toolchain from > >> the same git commit... > >> > >> $ cd /home/vagrant/src/opensbi/opensbi1 > >> $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n > >> PLATFORM=generic > >> ... > >> $ strings build/platform/generic/firmware/fw_dynamic.bin | grep > >> /home/vagrant > >> /home/vagrant/src/opensbi/opensbi1/lib/sbi/riscv_asm.c > ... > > This is because the source file uses the absolute path when compiling, > > you can use the relative path by modifying the Makefile > > > > diff --git a/Makefile b/Makefile > > index 8623c1c..d017534 100644 > > --- a/Makefile > > +++ b/Makefile > > @@ -361,7 +361,7 @@ compile_cc_dep = $(CMD_PREFIX)mkdir -p `dirname > > $(1)`; \ > > -MM $(2) >> $(1) || rm -f $(1) > > compile_cc = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ > > echo " CC $(subst $(build_dir)/,,$(1))"; \ > > - $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c $(2) - > > o $(1) > > + $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c > > $(subst $(src_dir)/,,$(2)) -o $(1) > > compile_as_dep = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ > > echo " AS-DEP $(subst $(build_dir)/,,$(1))"; \ > > printf %s `dirname $(1)`/ > $(1) && \ > > That solves the issue and is probably better than passing more compiler > arguments, thanks! This will only work if we are compiling from the OpenSBI source directory itself. What if users compile OpenSBI with a different current directory using "make -C <opensbi_source_path>". I guess passing compiler argument will allow "make -C <opensbi_source_path>". Regards, Anup > > > live well, > vagrant > -- > opensbi mailing list > opensbi@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/opensbi
在 2021-11-22星期一的 10:13 +0530,Anup Patel写道: > On Mon, Nov 22, 2021 at 10:02 AM Vagrant Cascadian > <vagrant@reproducible-builds.org> wrote: > > > > On 2021-11-22, Xiang W. wrote: > > > 在 2021-11-21星期日的 11:20 -0800,Vagrant Cascadian写道: > > > > of the directories below, I built using the same toolchain from > > > > the same git commit... > > > > > > > > $ cd /home/vagrant/src/opensbi/opensbi1 > > > > $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n > > > > PLATFORM=generic > > > > ... > > > > $ strings build/platform/generic/firmware/fw_dynamic.bin | grep > > > > /home/vagrant > > > > /home/vagrant/src/opensbi/opensbi1/lib/sbi/riscv_asm.c > > ... > > > This is because the source file uses the absolute path when > > > compiling, > > > you can use the relative path by modifying the Makefile > > > > > > diff --git a/Makefile b/Makefile > > > index 8623c1c..d017534 100644 > > > --- a/Makefile > > > +++ b/Makefile > > > @@ -361,7 +361,7 @@ compile_cc_dep = $(CMD_PREFIX)mkdir -p > > > `dirname > > > $(1)`; \ > > > -MM $(2) >> $(1) || rm -f $(1) > > > compile_cc = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ > > > echo " CC $(subst $(build_dir)/,,$(1))"; \ > > > - $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c > > > $(2) - > > > o $(1) > > > + $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c > > > $(subst $(src_dir)/,,$(2)) -o $(1) > > > compile_as_dep = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ > > > echo " AS-DEP $(subst $(build_dir)/,,$(1))"; \ > > > printf %s `dirname $(1)`/ > $(1) && \ > > > > That solves the issue and is probably better than passing more > > compiler > > arguments, thanks! > > This will only work if we are compiling from the OpenSBI source > directory > itself. What if users compile OpenSBI with a different current > directory > using "make -C <opensbi_source_path>". I guess passing compiler > argument will allow "make -C <opensbi_source_path>". make -C <directory> will switch the path to <directory> first, so the result is the same. Regards, Xiang W > > Regards, > Anup > > > > > > > live well, > > vagrant > > -- > > opensbi mailing list > > opensbi@lists.infradead.org > > http://lists.infradead.org/mailman/listinfo/opensbi
On 2021-11-22, Xiang W. wrote: > 在 2021-11-22星期一的 10:13 +0530,Anup Patel写道: >> On Mon, Nov 22, 2021 at 10:02 AM Vagrant Cascadian >> <vagrant@reproducible-builds.org> wrote: >> > >> > On 2021-11-22, Xiang W. wrote: >> > > 在 2021-11-21星期日的 11:20 -0800,Vagrant Cascadian写道: >> > > > of the directories below, I built using the same toolchain from >> > > > the same git commit... >> > > > >> > > > $ cd /home/vagrant/src/opensbi/opensbi1 >> > > > $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n >> > > > PLATFORM=generic >> > > > ... >> > > > $ strings build/platform/generic/firmware/fw_dynamic.bin | grep >> > > > /home/vagrant >> > > > /home/vagrant/src/opensbi/opensbi1/lib/sbi/riscv_asm.c >> > ... >> > > This is because the source file uses the absolute path when >> > > compiling, >> > > you can use the relative path by modifying the Makefile >> > > >> > > diff --git a/Makefile b/Makefile >> > > index 8623c1c..d017534 100644 >> > > --- a/Makefile >> > > +++ b/Makefile >> > > @@ -361,7 +361,7 @@ compile_cc_dep = $(CMD_PREFIX)mkdir -p >> > > `dirname >> > > $(1)`; \ >> > > -MM $(2) >> $(1) || rm -f $(1) >> > > compile_cc = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ >> > > echo " CC $(subst $(build_dir)/,,$(1))"; \ >> > > - $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c >> > > $(2) - >> > > o $(1) >> > > + $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c >> > > $(subst $(src_dir)/,,$(2)) -o $(1) >> > > compile_as_dep = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ >> > > echo " AS-DEP $(subst $(build_dir)/,,$(1))"; \ >> > > printf %s `dirname $(1)`/ > $(1) && \ >> > >> > That solves the issue and is probably better than passing more >> > compiler >> > arguments, thanks! >> >> This will only work if we are compiling from the OpenSBI source >> directory >> itself. What if users compile OpenSBI with a different current >> directory >> using "make -C <opensbi_source_path>". I guess passing compiler >> argument will allow "make -C <opensbi_source_path>". > > make -C <directory> will switch the path to <directory> first, so the > result is the same. Any outstanding concerns with proposing the patch by Xiang W to pass relative directories instead of the original patch I submitted? Should it be submitted by Xiang W or should I merge the commit message from the original patch and submit it myself? Thanks! live well, vagrant
On 27/11/21, 8:24 AM, "opensbi on behalf of Vagrant Cascadian" <opensbi-bounces@lists.infradead.org on behalf of vagrant@reproducible-builds.org> wrote:
On 2021-11-22, Xiang W. wrote:
> 在 2021-11-22星期一的 10:13 +0530,Anup Patel写道:
>> On Mon, Nov 22, 2021 at 10:02 AM Vagrant Cascadian
>> <vagrant@reproducible-builds.org> wrote:
>> >
>> > On 2021-11-22, Xiang W. wrote:
>> > > 在 2021-11-21星期日的 11:20 -0800,Vagrant Cascadian写道:
>> > > > of the directories below, I built using the same toolchain from
>> > > > the same git commit...
>> > > >
>> > > > $ cd /home/vagrant/src/opensbi/opensbi1
>> > > > $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n
>> > > > PLATFORM=generic
>> > > > ...
>> > > > $ strings build/platform/generic/firmware/fw_dynamic.bin | grep
>> > > > /home/vagrant
>> > > > /home/vagrant/src/opensbi/opensbi1/lib/sbi/riscv_asm.c
>> > ...
>> > > This is because the source file uses the absolute path when
>> > > compiling,
>> > > you can use the relative path by modifying the Makefile
>> > >
>> > > diff --git a/Makefile b/Makefile
>> > > index 8623c1c..d017534 100644
>> > > --- a/Makefile
>> > > +++ b/Makefile
>> > > @@ -361,7 +361,7 @@ compile_cc_dep = $(CMD_PREFIX)mkdir -p
>> > > `dirname
>> > > $(1)`; \
>> > > -MM $(2) >> $(1) || rm -f $(1)
>> > > compile_cc = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \
>> > > echo " CC $(subst $(build_dir)/,,$(1))"; \
>> > > - $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c
>> > > $(2) -
>> > > o $(1)
>> > > + $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c
>> > > $(subst $(src_dir)/,,$(2)) -o $(1)
>> > > compile_as_dep = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \
>> > > echo " AS-DEP $(subst $(build_dir)/,,$(1))"; \
>> > > printf %s `dirname $(1)`/ > $(1) && \
>> >
>> > That solves the issue and is probably better than passing more
>> > compiler
>> > arguments, thanks!
>>
>> This will only work if we are compiling from the OpenSBI source
>> directory
>> itself. What if users compile OpenSBI with a different current
>> directory
>> using "make -C <opensbi_source_path>". I guess passing compiler
>> argument will allow "make -C <opensbi_source_path>".
>
> make -C <directory> will switch the path to <directory> first, so the
> result is the same.
Any outstanding concerns with proposing the patch by Xiang W to pass
relative directories instead of the original patch I submitted?
Should it be submitted by Xiang W or should I merge the commit message
from the original patch and submit it myself?
[Anup] Change the patch subject to "Makefile: strip embedded file paths"
and send v2 patch.
[Anup] Please use "git send-email" to send patch to opensbi mailing list.
You will have to join the mailing list before posting because it allows
posting by mailing list members only.
Regards,
Anup
Thanks!
live well,
vagrant
在 2021-11-26星期五的 17:48 -0800,Vagrant Cascadian写道: > On 2021-11-22, Xiang W. wrote: > > 在 2021-11-22星期一的 10:13 +0530,Anup Patel写道: > > > On Mon, Nov 22, 2021 at 10:02 AM Vagrant Cascadian > > > <vagrant@reproducible-builds.org> wrote: > > > > > > > > On 2021-11-22, Xiang W. wrote: > > > > > 在 2021-11-21星期日的 11:20 -0800,Vagrant Cascadian写道: > > > > > > of the directories below, I built using the same toolchain > > > > > > from > > > > > > the same git commit... > > > > > > > > > > > > $ cd /home/vagrant/src/opensbi/opensbi1 > > > > > > $ CROSS_COMPILE=riscv64-linux-gnu- make V=1 FW_PAYLOAD=n > > > > > > PLATFORM=generic > > > > > > ... > > > > > > $ strings build/platform/generic/firmware/fw_dynamic.bin | > > > > > > grep > > > > > > /home/vagrant > > > > > > /home/vagrant/src/opensbi/opensbi1/lib/sbi/riscv_asm.c > > > > ... > > > > > This is because the source file uses the absolute path when > > > > > compiling, > > > > > you can use the relative path by modifying the Makefile > > > > > > > > > > diff --git a/Makefile b/Makefile > > > > > index 8623c1c..d017534 100644 > > > > > --- a/Makefile > > > > > +++ b/Makefile > > > > > @@ -361,7 +361,7 @@ compile_cc_dep = $(CMD_PREFIX)mkdir -p > > > > > `dirname > > > > > $(1)`; \ > > > > > -MM $(2) >> $(1) || rm -f $(1) > > > > > compile_cc = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ > > > > > echo " CC $(subst $(build_dir)/,,$(1))"; \ > > > > > - $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c > > > > > $(2) - > > > > > o $(1) > > > > > + $(CC) $(CFLAGS) $(call dynamic_flags,$(1),$(2)) -c > > > > > $(subst $(src_dir)/,,$(2)) -o $(1) > > > > > compile_as_dep = $(CMD_PREFIX)mkdir -p `dirname $(1)`; \ > > > > > echo " AS-DEP $(subst $(build_dir)/,,$(1))"; \ > > > > > printf %s `dirname $(1)`/ > $(1) && \ > > > > > > > > That solves the issue and is probably better than passing more > > > > compiler > > > > arguments, thanks! > > > > > > This will only work if we are compiling from the OpenSBI source > > > directory > > > itself. What if users compile OpenSBI with a different current > > > directory > > > using "make -C <opensbi_source_path>". I guess passing compiler > > > argument will allow "make -C <opensbi_source_path>". > > > > make -C <directory> will switch the path to <directory> first, so > > the > > result is the same. > > Any outstanding concerns with proposing the patch by Xiang W to pass > relative directories instead of the original patch I submitted? > > Should it be submitted by Xiang W or should I merge the commit > message > from the original patch and submit it myself? I just made a suggestion, you can submit it. Regards, Xiang W > > Thanks! > > > live well, > vagrant
From cf8aaf3ecc0b3b78a62a15839fa1d90263a2f5bb Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagrant@reproducible-builds.org> Date: Thu, 18 Nov 2021 16:33:06 -0800 Subject: [PATCH] Pass -ffile-prefix-map to ensure reproducible builds regardless of build path. Upstream commit 12753d22563f7d2d01f2c6644c7b66b06eb5c90f introduced uses of __FILE__ which may result in the build path getting embedded into the resulting binary. https://reproducible-builds.org/docs/build-path/ Signed-off-by: Vagrant Cascadian <vagrant@reproducible-builds.org> --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 8623c1c..c597088 100644 --- a/Makefile +++ b/Makefile @@ -284,6 +284,7 @@ CFLAGS += $(GENFLAGS) CFLAGS += $(platform-cflags-y) CFLAGS += -fno-pie -no-pie CFLAGS += $(firmware-cflags-y) +CFLAGS += -ffile-prefix-map=$(CURDIR)=. CPPFLAGS += $(GENFLAGS) CPPFLAGS += $(platform-cppflags-y) -- 2.30.2