From: Trammell Hudson <Trammell.Hudson@twosigma.com>
To: xen-devel@lists.xen.org
Subject: [PATCH] Reproducible builds of xen.gz
Date: Tue, 9 Aug 2016 14:56:05 +0000 [thread overview]
Message-ID: <20160809145604.GX10849@twosigma.com> (raw)
The mkelf32 executable was using an uninitialized stack buffer for
padding after the ehdr and phdr are written to the xen file, which
leads to non-deterministic bytes in the binary and prevented Xen
hypervisors from being reproducibly built.
Additionally, the file was then compressed with gzip -9 without the
-n | --no-name flag, which lead to the xen.gz file having
non-deterministric bytes (the timestamp) in the compressed file.
Signed-off-by: Trammell Hudson <trammell.hudson@twosigma.com>
---
xen/Makefile | 2 +-
xen/arch/x86/boot/mkelf32.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/xen/Makefile b/xen/Makefile
index ee8ce8e..76b60bc 100644
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -121,7 +121,7 @@ _distclean: clean
rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS .config
$(TARGET).gz: $(TARGET)
- gzip -f -9 < $< > $@.new
+ gzip -n -f -9 < $< > $@.new
mv $@.new $@
$(TARGET): delete-unfresh-files
diff --git a/xen/arch/x86/boot/mkelf32.c b/xen/arch/x86/boot/mkelf32.c
index 6cfa312..e66740f 100644
--- a/xen/arch/x86/boot/mkelf32.c
+++ b/xen/arch/x86/boot/mkelf32.c
@@ -260,7 +260,7 @@ int main(int argc, char **argv)
u32 loadbase, dat_siz, mem_siz, note_base, note_sz, offset;
char *inimage, *outimage;
int infd, outfd;
- char buffer[1024];
+ char buffer[1024] = {};
int bytes, todo, i = 1;
int num_phdrs = 1;
--
2.5.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next reply other threads:[~2016-08-09 14:56 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-09 14:56 Trammell Hudson [this message]
2016-08-09 15:06 ` [PATCH] Reproducible builds of xen.gz Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160809145604.GX10849@twosigma.com \
--to=trammell.hudson@twosigma.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.