From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A796830CB49 for ; Fri, 19 Sep 2025 12:25:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758284740; cv=none; b=Hppb/7rsJItHd0m1OOledVhKLikBk3kg007LZ6k+aZK41VrfZsrZ9uL6LA/6dkmiQRObtsa1PrRdnr1qi157fdH31zLY3DLAYI1ASbVR3NgA+lANW+i+aPGWkWkyeMfeM+j1W+jx731OpGZhgGSnATSiLbS2cgrPhIceT/d3Za4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758284740; c=relaxed/simple; bh=VxqVmP9QkduHmT6+earueWNXj957KFv8rov3ELysWK8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Y1TaiJvtJON67Fvo3KPjntfJzGDRAmCn17E8LCaUmM865uc+xk1KD0f48rohnW9WEPLjtoNV/+YqxkWkQnmLC6CqGxMHCFwbZvgPAP2LsKoFqYhA4ORp80d5NO0faAJYY+HntsAiiWnyA8+gT9QkchNO5cYBZ+rSYSaJIHAkXJ4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=D44LoNDG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="D44LoNDG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B0824C4CEF1; Fri, 19 Sep 2025 12:25:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1758284740; bh=VxqVmP9QkduHmT6+earueWNXj957KFv8rov3ELysWK8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=D44LoNDGyXwr4RjzMKp9sioOjS7wTeXbIhMrfx8jFUzHz3ajxMpLE9wDfNkau0d3j 6f/dywzhAC0QU+kAJbFyF2Kq+botdcZ5/gctj+iEO9CP2uDlNqXOXVzcEOMHlxKaBK oigyLBtqKhV/LVNs1P0eyMMhLZsNZERAJkejw8ha6D7gS06EouGAYUcv/6Y52ghaD9 JS86YLebE2KoSxYFJ8OzmkLKQPXGNY10Mpb7IYqys752eQ8MVXtvINj6MaOmaWwDXC hb2iBXMMEwxKy2a2VFRRXLQlRVl2FOEmlzymVRpER/436Sp2rwKboiGuDCIZj2j35F 5XIm0xcpgJ4lw== From: Daniel Gomez Date: Fri, 19 Sep 2025 14:25:07 +0200 Subject: [PATCH v2 1/4] workflows: bootlinux: add reproducible builds support Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250919-kernel-fragment-support-v2-1-8d2b7b8cb4e4@samsung.com> References: <20250919-kernel-fragment-support-v2-0-8d2b7b8cb4e4@samsung.com> In-Reply-To: <20250919-kernel-fragment-support-v2-0-8d2b7b8cb4e4@samsung.com> To: Luis Chamberlain , Chuck Lever Cc: kdevops@lists.linux.dev, Daniel Gomez X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=10911; i=da.gomez@samsung.com; h=from:subject:message-id; bh=T85rTHqW9ii+IniTB1YAY+JMqKHTPUzUum5Xso/Gumg=; b=owEBbQKS/ZANAwAIAUCeo8QfGVH7AcsmYgBozUu1diFThWrraQ4S737tJiyZYpr5r3PEwN0YN N28JXwjqBWJAjMEAAEIAB0WIQTvdRrhHw9z4bnGPFNAnqPEHxlR+wUCaM1LtQAKCRBAnqPEHxlR +2JpD/4y3T+JYkeEkientvZlUhSiKDwyCCBB9aSCZFWV5i298nZjeliBsL6g9cBPYQA/TOgWahG AryMXOzuRidyk5tFynZ+0/zQJZCCKLKYXhtJLl16sHgnjkun6hMGcR4SvWUjj6DCJCL9noPQmI0 r3dm8Ju25plN3M+93hef0VYhBjFXkQG00cuKp+gfOS0VT5jpvzctdTPhKTlaVwHa9xDGbAK5m1q wjm90erqLnscZPOrOUwoznyiptuLmaeDP24q8lhuHsDO/Md9VSGgwsGrkyHFEpvf8XLyO/6qG1K XMOSXxeycC0zf9Mxm+HGq6/BsrPUG/rr+bPHjKewD4D7yBOxgFspOZmSCMzdmfOBkXdXMpK5HDH mr0WerBkue5rGCcUsNz47RN+Y8tcbbLRhVTc7esXqGRg5t0XpbCM7hUeLBltC82dpO4eNmHRjzB mwcJcOmNg3I3oB+wTXBNaP622HJ5BtRXJ0fgFUNUjwC8c2T/hKrlzm6poopoAW+eVwrbggrq/RI EE/7ZTvfWYEIYX/U75EV3n1tryiJUmR3z6t9q4vOdxJmAR/wW/ClGZwY/BOit3dv18tKS7U2ysM G9RaYrGcg5cygB1AXibPpRMB20+YQyQM6N8dJht6vV9NJE029iEvbLaXQaHVboaPlRtnuGTHR/9 LAbhGOhLY2GP3aQ== X-Developer-Key: i=da.gomez@samsung.com; a=openpgp; fpr=B2A7A9CFDD03B540FF58B27185F56EA4E9E8138F From: Daniel Gomez Restructure bootlinux build parameters to use modular dictionary approach for make module parameters and environment variables. This prepares the codebase for extensible build features like ccache and reproducible builds. Add CONFIG_BOOTLINUX_REPRODUCIBLE_BUILDS option to enable deterministic kernel builds by setting hardcoded environment variables. When enabled, injects KBUILD_BUILD_TIMESTAMP='', KBUILD_BUILD_USER=kdevops, and KBUILD_BUILD_HOST=kdevops during compilation. Uses empty timestamp as recommended by LLVM documentation for optimal compatibility with ccache and build reproducibility across different development environments. Features: - Configurable via Kconfig with clear documentation - Integrates with modular environment/params infrastructure - Applied to both make module parameters and shell task environments - Compatible with both GCC and Clang toolchains Generated-by: Claude AI Signed-off-by: Daniel Gomez --- playbooks/roles/bootlinux/defaults/main.yml | 26 ++++++++++++++ playbooks/roles/bootlinux/tasks/build/9p.yml | 44 +++++++++++++++++++++-- playbooks/roles/bootlinux/tasks/build/targets.yml | 6 ++-- playbooks/roles/bootlinux/tasks/main.yml | 22 ++++++++++-- workflows/linux/Kconfig | 17 +++++++++ 5 files changed, 108 insertions(+), 7 deletions(-) diff --git a/playbooks/roles/bootlinux/defaults/main.yml b/playbooks/roles/bootlinux/defaults/main.yml index 84b61b8e..2d2eb798 100644 --- a/playbooks/roles/bootlinux/defaults/main.yml +++ b/playbooks/roles/bootlinux/defaults/main.yml @@ -30,7 +30,32 @@ make: "make" # The commit is 34db57a47f875d11c4068567b9ec7ace174ec4cf # introduce fact "ansible_processor_nproc": number of usable vcpus #66569 # https://github.com/ansible/ansible/pull/66569 +# Build command without environment variables (added via environment dict) target_linux_make_cmd: "{{ make }} -j{{ ansible_processor_vcpus }}" + +# Make parameters dictionary for community.general.make module +bootlinux_make_params: >- + {{ + ({} | combine( + { + 'KBUILD_BUILD_TIMESTAMP': '', + 'KBUILD_BUILD_USER': 'kdevops', + 'KBUILD_BUILD_HOST': 'kdevops' + } if bootlinux_reproducible_builds|default(false)|bool else {} + )) + }} + +# Environment variables for remaining shell tasks (non-make) +bootlinux_build_environment: >- + {{ + ({} | combine( + { + 'KBUILD_BUILD_TIMESTAMP': '', + 'KBUILD_BUILD_USER': 'kdevops', + 'KBUILD_BUILD_HOST': 'kdevops' + } if bootlinux_reproducible_builds|default(false)|bool else {} + )) + }} target_linux_make_install_cmd: "{{ target_linux_make_cmd }} modules_install install" uninstall_kernel_enable: false @@ -66,3 +91,4 @@ bootlinux_tree_custom_kernelrelease: false bootlinux_tree_custom_localversion: false bootlinux_is_dev_node: false bootlinux_debug_ref: "{{ lookup('env', 'DEBUG_REF') | default(false, true) | bool }}" + diff --git a/playbooks/roles/bootlinux/tasks/build/9p.yml b/playbooks/roles/bootlinux/tasks/build/9p.yml index acd69dc2..17b19cb3 100644 --- a/playbooks/roles/bootlinux/tasks/build/9p.yml +++ b/playbooks/roles/bootlinux/tasks/build/9p.yml @@ -135,6 +135,7 @@ register: configure_done changed_when: configure_done.rc == 0 or configure_done.rc == 141 failed_when: configure_done.rc != 0 and configure_done.rc != 141 + environment: "{{ bootlinux_build_environment }}" args: chdir: "{{ bootlinux_9p_host_path }}" executable: /bin/bash @@ -156,10 +157,44 @@ $ {{ ansible_callback_diy.result.output.cmd | join(' ') }} {{ ansible_callback_diy.result.output.stdout | default('') }} +- name: Debug kernel build command configuration for 9P build + ansible.builtin.debug: + msg: | + === KERNEL BUILD COMMAND DEBUG (9P BUILD) === + build_jobs: {{ nproc_9p.stdout }} + bootlinux_make_params: {{ bootlinux_make_params }} + bootlinux_build_environment: {{ bootlinux_build_environment }} + bootlinux_compiler_clang: {{ bootlinux_compiler_clang|default(false) }} + bootlinux_reproducible_builds: {{ bootlinux_reproducible_builds|default(false) }} + run_once: true + delegate_to: localhost + vars: + ansible_callback_diy_runner_on_ok_msg: "{{ ansible_callback_diy.result.output.msg }}" + tags: ["build-linux"] + +- name: Test CC environment variable is working before build + ansible.builtin.shell: | + echo "CC environment test:" + echo "CC=${CC:-'not set'}" + echo "PATH=${PATH}" + which gcc || echo "gcc not found" + env | grep -E '^(CC|PATH)' | sort + environment: "{{ bootlinux_build_environment }}" + register: cc_test_result + run_once: true + delegate_to: localhost + vars: + ansible_callback_diy_runner_on_ok_msg: | + CC Environment Test Results: + {{ ansible_callback_diy.result.output.stdout | default('') }} + tags: ["build-linux"] + - name: Get kernelversion community.general.make: chdir: "{{ bootlinux_9p_host_path }}" target: kernelversion + params: "{{ bootlinux_make_params }}" + environment: "{{ bootlinux_build_environment }}" register: target_linux_kernelversion tags: ["build-linux"] when: @@ -180,7 +215,8 @@ community.general.make: jobs: "{{ nproc_9p.stdout }}" chdir: "{{ bootlinux_9p_host_path }}" - params: KERNELRELEASE={{ target_user_kernelrelease }} + params: "{{ bootlinux_make_params | combine({'KERNELRELEASE': target_user_kernelrelease}) }}" + environment: "{{ bootlinux_build_environment }}" tags: ["build-linux"] when: - (active_linux_kernelrelease | default(target_linux_kernelrelease)) | length > 0 @@ -191,6 +227,8 @@ community.general.make: jobs: "{{ nproc_9p.stdout }}" chdir: "{{ bootlinux_9p_host_path }}" + params: "{{ bootlinux_make_params }}" + environment: "{{ bootlinux_build_environment }}" tags: ["build-linux"] when: - (active_linux_kernelrelease | default(target_linux_kernelrelease)) | length == 0 @@ -201,8 +239,8 @@ community.general.make: jobs: "{{ nproc_9p.stdout }}" chdir: "{{ bootlinux_9p_host_path }}" - params: - M: "tools/testing/cxl" + params: "{{ bootlinux_make_params | combine({'M': 'tools/testing/cxl'}) }}" + environment: "{{ bootlinux_build_environment }}" tags: ["build-linux", "cxl-build"] when: - bootlinux_cxl_test|bool diff --git a/playbooks/roles/bootlinux/tasks/build/targets.yml b/playbooks/roles/bootlinux/tasks/build/targets.yml index 6bd861cb..5deb330b 100644 --- a/playbooks/roles/bootlinux/tasks/build/targets.yml +++ b/playbooks/roles/bootlinux/tasks/build/targets.yml @@ -93,19 +93,21 @@ executable: /bin/bash - name: Build {{ target_linux_tree }} on the target nodes - ansible.builtin.command: "{{ target_linux_make_cmd }}" + ansible.builtin.shell: "{{ target_linux_make_cmd }}" register: build changed_when: "build.rc == 0" args: chdir: "{{ target_linux_dir_path }}" + environment: "{{ bootlinux_build_environment }}" tags: ["build-linux"] - name: Build {{ target_linux_tree }} cxl_test on the target nodes - ansible.builtin.command: "{{ target_linux_make_cmd }} M=tools/testing/cxl" + ansible.builtin.shell: "{{ target_linux_make_cmd }} M=tools/testing/cxl" register: build_cxl_test changed_when: "build_cxl_test.rc == 0" args: chdir: "{{ target_linux_dir_path }}" + environment: "{{ bootlinux_build_environment }}" tags: ["build-linux", "cxl-build"] when: - bootlinux_cxl_test|bool diff --git a/playbooks/roles/bootlinux/tasks/main.yml b/playbooks/roles/bootlinux/tasks/main.yml index e0eb2234..4110d596 100644 --- a/playbooks/roles/bootlinux/tasks/main.yml +++ b/playbooks/roles/bootlinux/tasks/main.yml @@ -193,6 +193,22 @@ when: - bootlinux_9p|bool +- name: Debug kernel build command configuration + ansible.builtin.debug: + msg: | + === KERNEL BUILD COMMAND DEBUG === + build_jobs: {{ ansible_processor_vcpus }} + bootlinux_make_params: {{ bootlinux_make_params }} + bootlinux_build_environment: {{ bootlinux_build_environment }} + bootlinux_compiler_clang: {{ bootlinux_compiler_clang|default(false) }} + bootlinux_reproducible_builds: {{ bootlinux_reproducible_builds|default(false) }} + when: + - not workflow_linux_packaged|bool + - not bootlinux_9p|bool + vars: + ansible_callback_diy_runner_on_ok_msg: "{{ ansible_callback_diy.result.output.msg }}" + tags: ["install-linux", "debug"] + - name: Build the Linux kernel on the controller host ansible.builtin.include_tasks: file: "{{ role_path }}/tasks/build/9p.yml" @@ -318,11 +334,12 @@ become: true become_flags: "su - -c" become_method: sudo - ansible.builtin.command: "{{ target_linux_make_install_cmd }}" + ansible.builtin.shell: "{{ target_linux_make_install_cmd }}" register: install_done changed_when: "install_done.rc == 0" args: chdir: "{{ target_linux_dir_path }}" + environment: "{{ bootlinux_build_environment }}" tags: ["install-linux"] when: - not workflow_linux_packaged|bool @@ -335,11 +352,12 @@ become: true become_flags: "su - -c" become_method: sudo - ansible.builtin.command: "{{ target_linux_make_install_cmd }} M=tools/testing/cxl INSTALL_MOD_DIR=updates" + ansible.builtin.shell: "{{ target_linux_make_install_cmd }} M=tools/testing/cxl INSTALL_MOD_DIR=updates" register: install_done changed_when: "install_done.rc == 0" args: chdir: "{{ target_linux_dir_path }}" + environment: "{{ bootlinux_build_environment }}" tags: ["install-linux", "cxl-install"] when: - kdevops_workflow_enable_cxl|bool diff --git a/workflows/linux/Kconfig b/workflows/linux/Kconfig index 1b057042..897cb00f 100644 --- a/workflows/linux/Kconfig +++ b/workflows/linux/Kconfig @@ -171,6 +171,23 @@ config BOOTLINUX_COMPILER_CLANG endchoice +config BOOTLINUX_REPRODUCIBLE_BUILDS + bool "Enable reproducible builds" + output yaml + default n + help + Enable reproducible builds by setting deterministic environment + variables during kernel compilation. This ensures identical + binaries are produced from the same source code. + + When enabled, sets: + - KBUILD_BUILD_TIMESTAMP='' (empty for deterministic timestamps) + - KBUILD_BUILD_USER='kdevops' + - KBUILD_BUILD_HOST='kdevops' + + Recommended for CI/CD environments and when build reproducibility + is required. Compatible with both GCC and Clang toolchains. + choice prompt "Type of development version of Linux to use" default BOOTLINUX_LINUS if !BOOTLINUX_TREE_SET_BY_CLI && !BOOTLINUX_TREE_REF_SET_BY_CLI -- 2.50.1