From: Trammell Hudson Date: Thu, 11 Aug 2016 11:34:59 +0000 (+0200) Subject: allow reproducible builds of xen.gz X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~572 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=1d6569a74bd6bfc87fa51ebaa85aee5723070c10;p=xen.git allow reproducible builds of xen.gz The mkelf32 executable was using an uninitialized stack buffer for padding after the ehdr and phdr are written to the xen file, which leads to non-deterministic bytes in the binary and prevented Xen hypervisors from being reproducibly built. Additionally, the file was then compressed with gzip -9 without the -n | --no-name flag, which lead to the xen.gz file having non-deterministric bytes (the timestamp) in the compressed file. Signed-off-by: Trammell Hudson Reviewed-by: Jan Beulich --- diff --git a/xen/Makefile b/xen/Makefile index ee8ce8e2a0..76b60bc6d4 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -121,7 +121,7 @@ _distclean: clean rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS .config $(TARGET).gz: $(TARGET) - gzip -f -9 < $< > $@.new + gzip -n -f -9 < $< > $@.new mv $@.new $@ $(TARGET): delete-unfresh-files diff --git a/xen/arch/x86/boot/mkelf32.c b/xen/arch/x86/boot/mkelf32.c index 6cfa312b1e..e66740fc16 100644 --- a/xen/arch/x86/boot/mkelf32.c +++ b/xen/arch/x86/boot/mkelf32.c @@ -260,7 +260,7 @@ int main(int argc, char **argv) u32 loadbase, dat_siz, mem_siz, note_base, note_sz, offset; char *inimage, *outimage; int infd, outfd; - char buffer[1024]; + char buffer[1024] = {}; int bytes, todo, i = 1; int num_phdrs = 1;