From 1d6569a74bd6bfc87fa51ebaa85aee5723070c10 Mon Sep 17 00:00:00 2001 From: Trammell Hudson Date: Thu, 11 Aug 2016 13:34:59 +0200 Subject: [PATCH] allow reproducible builds of xen.gz The mkelf32 executable was using an uninitialized stack buffer for padding after the ehdr and phdr are written to the xen file, which leads to non-deterministic bytes in the binary and prevented Xen hypervisors from being reproducibly built. Additionally, the file was then compressed with gzip -9 without the -n | --no-name flag, which lead to the xen.gz file having non-deterministric bytes (the timestamp) in the compressed file. Signed-off-by: Trammell Hudson Reviewed-by: Jan Beulich --- xen/Makefile | 2 +- xen/arch/x86/boot/mkelf32.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/Makefile b/xen/Makefile index ee8ce8e2a0..76b60bc6d4 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -121,7 +121,7 @@ _distclean: clean rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS .config $(TARGET).gz: $(TARGET) - gzip -f -9 < $< > $@.new + gzip -n -f -9 < $< > $@.new mv $@.new $@ $(TARGET): delete-unfresh-files diff --git a/xen/arch/x86/boot/mkelf32.c b/xen/arch/x86/boot/mkelf32.c index 6cfa312b1e..e66740fc16 100644 --- a/xen/arch/x86/boot/mkelf32.c +++ b/xen/arch/x86/boot/mkelf32.c @@ -260,7 +260,7 @@ int main(int argc, char **argv) u32 loadbase, dat_siz, mem_siz, note_base, note_sz, offset; char *inimage, *outimage; int infd, outfd; - char buffer[1024]; + char buffer[1024] = {}; int bytes, todo, i = 1; int num_phdrs = 1; -- 2.30.2