[RFC] Documentation: kbuild: Add description of git for reproducible builds

Message ID 20221020103823.31001-1-ashimida@linux.alibaba.com
State New
Headers
Series [RFC] Documentation: kbuild: Add description of git for reproducible builds |

Commit Message

Dan Li Oct. 20, 2022, 10:38 a.m. UTC
  The status of git will affect the final compilation result, add it to
the documentation of reproducible builds.

Signed-off-by: Dan Li <ashimida@linux.alibaba.com>
---
 Documentation/kbuild/reproducible-builds.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)
  

Comments

Bagas Sanjaya Oct. 20, 2022, 2:05 p.m. UTC | #1
On Thu, Oct 20, 2022 at 03:38:23AM -0700, Dan Li wrote:
> diff --git a/Documentation/kbuild/reproducible-builds.rst b/Documentation/kbuild/reproducible-builds.rst
> index 071f0151a7a4..13397f38c358 100644
> --- a/Documentation/kbuild/reproducible-builds.rst
> +++ b/Documentation/kbuild/reproducible-builds.rst
> @@ -119,6 +119,16 @@ To avoid this, you can make the vDSO different for different
>  kernel versions by including an arbitrary string of "salt" in it.
>  This is specified by the Kconfig symbol ``CONFIG_BUILD_SALT``.
>  
> +Git
> +-----------------------
> +
> +Uncommitted changes or different commit ids in git can also lead
> +to different compilation results. For example, after executing
> +``git reset HEAD^``, even if the code is the same, the
> +``include/config/kernel.release`` generated during compilation
> +will be different, which will eventually lead to binary differences.
> +See ``scripts/setlocalversion`` for details.
> +

Briefly read the script, I don't see what the correlation between git
reset with LOCALVERSION thing is. Also, does the exact state of git
repository required for reproducible builds?

Thanks.
  
Dan Li Oct. 21, 2022, 1:48 a.m. UTC | #2
On 10/20/22 07:05, Bagas Sanjaya wrote:
> On Thu, Oct 20, 2022 at 03:38:23AM -0700, Dan Li wrote:
>> diff --git a/Documentation/kbuild/reproducible-builds.rst b/Documentation/kbuild/reproducible-builds.rst
>> index 071f0151a7a4..13397f38c358 100644
>> --- a/Documentation/kbuild/reproducible-builds.rst
>> +++ b/Documentation/kbuild/reproducible-builds.rst
>> @@ -119,6 +119,16 @@ To avoid this, you can make the vDSO different for different
>>   kernel versions by including an arbitrary string of "salt" in it.
>>   This is specified by the Kconfig symbol ``CONFIG_BUILD_SALT``.
>>   
>> +Git
>> +-----------------------
>> +
>> +Uncommitted changes or different commit ids in git can also lead
>> +to different compilation results. For example, after executing
>> +``git reset HEAD^``, even if the code is the same, the
>> +``include/config/kernel.release`` generated during compilation
>> +will be different, which will eventually lead to binary differences.
>> +See ``scripts/setlocalversion`` for details.
>> +
> 
> Briefly read the script, I don't see what the correlation between git
> reset with LOCALVERSION thing is. Also, does the exact state of git
> repository required for reproducible builds?
> 

Hi Bagas,

The Makefile has the following code:
filechk_kernel.release = \
         echo "$(KERNELVERSION)$$($(CONFIG_SHELL) $(srctree)/scripts/setlocalversion $(srctree))"

The output of setlocalversion affects kernel.release, while the output
of setlocalversion is related to the state of git when the git repository
exists (see function scm_version).

So changes in git state will result in changes to kernel.release, and
this information will be included in the final output vmlinux/modules
and in turn affect reproducible builds.

For example:
$ git log
commit 4cd155a93eec......
$ make ...
$ cat include/config/kernel.release
6.0.0-rc4-00025-g4cd155a93eec

$ git reset HEAD^
$ git log
commit 7b4d266b0c41......
$ make ...
$ cat include/config/kernel.release
6.0.0-rc4-00024-g7b4d266b0c41-dirty


AFAICT, in the presence of a git repository, we can compile a reproducible
build kernel in any git state, but we need to ensure that the git state is
always the same between compilations (or the same from the perspective of
the scm_version function).

Thanks, Dan.

> Thanks.
>
  
Nicolas Schier Oct. 21, 2022, 8 a.m. UTC | #3
On Thu, Oct 20, 2022 at 06:48:20PM -0700, Dan Li wrote:
> 
> 
> On 10/20/22 07:05, Bagas Sanjaya wrote:
> > On Thu, Oct 20, 2022 at 03:38:23AM -0700, Dan Li wrote:
> > > diff --git a/Documentation/kbuild/reproducible-builds.rst b/Documentation/kbuild/reproducible-builds.rst
> > > index 071f0151a7a4..13397f38c358 100644
> > > --- a/Documentation/kbuild/reproducible-builds.rst
> > > +++ b/Documentation/kbuild/reproducible-builds.rst
> > > @@ -119,6 +119,16 @@ To avoid this, you can make the vDSO different for different
> > >   kernel versions by including an arbitrary string of "salt" in it.
> > >   This is specified by the Kconfig symbol ``CONFIG_BUILD_SALT``.
> > > +Git
> > > +-----------------------
> > > +
> > > +Uncommitted changes or different commit ids in git can also lead
> > > +to different compilation results. For example, after executing
> > > +``git reset HEAD^``, even if the code is the same, the
> > > +``include/config/kernel.release`` generated during compilation
> > > +will be different, which will eventually lead to binary differences.
> > > +See ``scripts/setlocalversion`` for details.
> > > +
> > 
> > Briefly read the script, I don't see what the correlation between git
> > reset with LOCALVERSION thing is. Also, does the exact state of git
> > repository required for reproducible builds?
> > 
> 
> Hi Bagas,
> 
> The Makefile has the following code:
> filechk_kernel.release = \
>         echo "$(KERNELVERSION)$$($(CONFIG_SHELL) $(srctree)/scripts/setlocalversion $(srctree))"
> 
> The output of setlocalversion affects kernel.release, while the output
> of setlocalversion is related to the state of git when the git repository
> exists (see function scm_version).
> 
> So changes in git state will result in changes to kernel.release, and
> this information will be included in the final output vmlinux/modules
> and in turn affect reproducible builds.
> 
> For example:
> $ git log
> commit 4cd155a93eec......
> $ make ...
> $ cat include/config/kernel.release
> 6.0.0-rc4-00025-g4cd155a93eec
> 
> $ git reset HEAD^
> $ git log
> commit 7b4d266b0c41......
> $ make ...
> $ cat include/config/kernel.release
> 6.0.0-rc4-00024-g7b4d266b0c41-dirty
> 
> 
> AFAICT, in the presence of a git repository, we can compile a reproducible
> build kernel in any git state, but we need to ensure that the git state is
> always the same between compilations (or the same from the perspective of
> the scm_version function).

yes, that definitely true.  Absence or presence of git tags can change
the output of setlocalversion even more drastically.

I think it is sensible to add a stanza about git in
Documentation/kbuild/reproducible-builds.rst.


Kind regards,
Nicolas
  
Masahiro Yamada Oct. 23, 2022, 8:02 p.m. UTC | #4
On Fri, Oct 21, 2022 at 5:00 PM Nicolas Schier <n.schier@avm.de> wrote:
>
> On Thu, Oct 20, 2022 at 06:48:20PM -0700, Dan Li wrote:
> >
> >
> > On 10/20/22 07:05, Bagas Sanjaya wrote:
> > > On Thu, Oct 20, 2022 at 03:38:23AM -0700, Dan Li wrote:
> > > > diff --git a/Documentation/kbuild/reproducible-builds.rst b/Documentation/kbuild/reproducible-builds.rst
> > > > index 071f0151a7a4..13397f38c358 100644
> > > > --- a/Documentation/kbuild/reproducible-builds.rst
> > > > +++ b/Documentation/kbuild/reproducible-builds.rst
> > > > @@ -119,6 +119,16 @@ To avoid this, you can make the vDSO different for different
> > > >   kernel versions by including an arbitrary string of "salt" in it.
> > > >   This is specified by the Kconfig symbol ``CONFIG_BUILD_SALT``.
> > > > +Git
> > > > +-----------------------
> > > > +
> > > > +Uncommitted changes or different commit ids in git can also lead
> > > > +to different compilation results. For example, after executing
> > > > +``git reset HEAD^``, even if the code is the same, the
> > > > +``include/config/kernel.release`` generated during compilation
> > > > +will be different, which will eventually lead to binary differences.
> > > > +See ``scripts/setlocalversion`` for details.
> > > > +
> > >
> > > Briefly read the script, I don't see what the correlation between git
> > > reset with LOCALVERSION thing is. Also, does the exact state of git
> > > repository required for reproducible builds?
> > >
> >
> > Hi Bagas,
> >
> > The Makefile has the following code:
> > filechk_kernel.release = \
> >         echo "$(KERNELVERSION)$$($(CONFIG_SHELL) $(srctree)/scripts/setlocalversion $(srctree))"
> >
> > The output of setlocalversion affects kernel.release, while the output
> > of setlocalversion is related to the state of git when the git repository
> > exists (see function scm_version).
> >
> > So changes in git state will result in changes to kernel.release, and
> > this information will be included in the final output vmlinux/modules
> > and in turn affect reproducible builds.
> >
> > For example:
> > $ git log
> > commit 4cd155a93eec......
> > $ make ...
> > $ cat include/config/kernel.release
> > 6.0.0-rc4-00025-g4cd155a93eec
> >
> > $ git reset HEAD^
> > $ git log
> > commit 7b4d266b0c41......
> > $ make ...
> > $ cat include/config/kernel.release
> > 6.0.0-rc4-00024-g7b4d266b0c41-dirty
> >
> >
> > AFAICT, in the presence of a git repository, we can compile a reproducible
> > build kernel in any git state, but we need to ensure that the git state is
> > always the same between compilations (or the same from the perspective of
> > the scm_version function).
>
> yes, that definitely true.  Absence or presence of git tags can change
> the output of setlocalversion even more drastically.
>
> I think it is sensible to add a stanza about git in
> Documentation/kbuild/reproducible-builds.rst.




Make sense.
Applied to linux-kbuild.
Thanks.
  

Patch

diff --git a/Documentation/kbuild/reproducible-builds.rst b/Documentation/kbuild/reproducible-builds.rst
index 071f0151a7a4..13397f38c358 100644
--- a/Documentation/kbuild/reproducible-builds.rst
+++ b/Documentation/kbuild/reproducible-builds.rst
@@ -119,6 +119,16 @@  To avoid this, you can make the vDSO different for different
 kernel versions by including an arbitrary string of "salt" in it.
 This is specified by the Kconfig symbol ``CONFIG_BUILD_SALT``.
 
+Git
+-----------------------
+
+Uncommitted changes or different commit ids in git can also lead
+to different compilation results. For example, after executing
+``git reset HEAD^``, even if the code is the same, the
+``include/config/kernel.release`` generated during compilation
+will be different, which will eventually lead to binary differences.
+See ``scripts/setlocalversion`` for details.
+
 .. _KBUILD_BUILD_TIMESTAMP: kbuild.html#kbuild-build-timestamp
 .. _KBUILD_BUILD_USER and KBUILD_BUILD_HOST: kbuild.html#kbuild-build-user-kbuild-build-host
 .. _KCFLAGS: kbuild.html#kcflags