allow reproducible builds of xen.gz

The mkelf32 executable was using an uninitialized stack buffer for
padding after the ehdr and phdr are written to the xen file, which
leads to non-deterministic bytes in the binary and prevented Xen
hypervisors from being reproducibly built.

Additionally, the file was then compressed with gzip -9 without the
-n | --no-name flag, which lead to the xen.gz file having
non-deterministric bytes (the timestamp) in the compressed file.

Signed-off-by: Trammell Hudson <trammell.hudson@twosigma.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/Makefile b/xen/Makefile
index ee8ce8e2a03204b985ee85178fe58ff94f192a8b..76b60bc6d4115e886bea84da9bbd63f168871da3 100644 (file)
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -121,7 +121,7 @@ _distclean: clean
        rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS .config
 
 $(TARGET).gz: $(TARGET)
-       gzip -f -9 < $< > $@.new
+       gzip -n -f -9 < $< > $@.new
        mv $@.new $@
 
 $(TARGET): delete-unfresh-files

diff --git a/xen/arch/x86/boot/mkelf32.c b/xen/arch/x86/boot/mkelf32.c
index 6cfa312b1e38c96889f9c495923479f5e772e060..e66740fc161d02bcedf4fea60262f11755b86796 100644 (file)
--- a/xen/arch/x86/boot/mkelf32.c
+++ b/xen/arch/x86/boot/mkelf32.c
@@ -260,7 +260,7 @@ int main(int argc, char **argv)
     u32        loadbase, dat_siz, mem_siz, note_base, note_sz, offset;
     char      *inimage, *outimage;
     int        infd, outfd;
-    char       buffer[1024];
+    char       buffer[1024] = {};
     int        bytes, todo, i = 1;
     int        num_phdrs = 1;