diff options
| author | Arnout Engelen <arnout@bzzt.net> | 2024-06-09 12:03:23 +0200 |
|---|---|---|
| committer | Arnout Engelen <arnout@bzzt.net> | 2024-06-09 12:03:23 +0200 |
| commit | b0fa99c099f7fed3b75ae02c15ce154ff237fe4b (patch) | |
| tree | 8cbd8bc4196948208c850a449fb3acdfff05e013 | |
| parent | 051f920625ab5aabe37c920346e3e69d7d34400e (diff) | |
refind: make the build reproducible
Avoid leaking build timestamps into the output.
| -rw-r--r-- | pkgs/tools/bootloaders/refind/default.nix | 3 | ||||
| -rw-r--r-- | pkgs/tools/bootloaders/refind/reproducible.patch | 67 |
2 files changed, 70 insertions, 0 deletions
diff --git a/pkgs/tools/bootloaders/refind/default.nix b/pkgs/tools/bootloaders/refind/default.nix index a481bfdc37ab..47287dc2e03b 100644 --- a/pkgs/tools/bootloaders/refind/default.nix +++ b/pkgs/tools/bootloaders/refind/default.nix @@ -34,6 +34,9 @@ stdenv.mkDerivation rec { patches = [ # Removes hardcoded toolchain for aarch64, allowing successful aarch64 builds. ./0001-toolchain.patch + # Avoid leaking the build timestamp + # https://sourceforge.net/p/refind/code/merge-requests/53/ + ./reproducible.patch ]; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/bootloaders/refind/reproducible.patch b/pkgs/tools/bootloaders/refind/reproducible.patch new file mode 100644 index 000000000000..93a21f63e010 --- /dev/null +++ b/pkgs/tools/bootloaders/refind/reproducible.patch @@ -0,0 +1,67 @@ +diff --git a/Makefile b/Makefile +index 4d07160..4ae2a7d 100644 +--- a/Makefile ++++ b/Makefile +@@ -150,9 +150,11 @@ edk2: build_edk2 + cp $(EDK2_BUILDLOC)/refind.efi ./refind/refind_$(FILENAME_CODE).efi + cp $(EDK2_BUILDLOC)/gptsync.efi ./gptsync/gptsync_$(FILENAME_CODE).efi + ifneq ($(OMIT_SBAT), 1) +- $(OBJCOPY) --set-section-alignment '.sbat=512' --add-section .sbat=$(REFIND_SBAT_CSV) \ ++ $(OBJCOPY) --preserve-dates --set-section-alignment '.sbat=512' \ ++ --add-section .sbat=$(REFIND_SBAT_CSV) \ + --adjust-section-vma .sbat+10000000 ./refind/refind_$(FILENAME_CODE).efi +- $(OBJCOPY) --set-section-alignment '.sbat=512' --add-section .sbat=$(REFIND_SBAT_CSV) \ ++ $(OBJCOPY) --preserve-dates --set-section-alignment '.sbat=512' \ ++ --add-section .sbat=$(REFIND_SBAT_CSV) \ + --adjust-section-vma .sbat+10000000 ./gptsync/gptsync_$(FILENAME_CODE).efi + endif + +@@ -173,7 +175,8 @@ else + for BASENAME in $(EDK2_DRIVER_BASENAMES) ; do \ + echo "Copying $$BASENAME""_$(FILENAME_CODE).efi" ; \ + cp "$(EDK2_BUILDLOC)/$$BASENAME.efi" ./drivers_$(FILENAME_CODE)/$$BASENAME\_$(FILENAME_CODE).efi ; \ +- $(OBJCOPY) --set-section-alignment '.sbat=512' --add-section .sbat=$(REFIND_SBAT_CSV) \ ++ $(OBJCOPY) --preserve-dates --set-section-alignment '.sbat=512' \ ++ --add-section .sbat=$(REFIND_SBAT_CSV) \ + --adjust-section-vma .sbat+10000000 ./drivers_$(FILENAME_CODE)/$$BASENAME\_$(FILENAME_CODE).efi ; \ + done + endif +diff --git a/filesystems/Make.gnuefi b/filesystems/Make.gnuefi +index 70e4ad6..2329659 100644 +--- a/filesystems/Make.gnuefi ++++ b/filesystems/Make.gnuefi +@@ -38,7 +38,7 @@ $(TARGET): $(SHLIB_TARGET) + -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \ + -j .reloc --strip-unneeded $(FORMAT_DRIVER) $< $@ + ifneq ($(OMIT_SBAT), 1) +- $(OBJCOPY) --add-section .sbat=$(SRCDIR)/../$(REFIND_SBAT_CSV) \ ++ $(OBJCOPY) --preserve-dates --add-section .sbat=$(SRCDIR)/../$(REFIND_SBAT_CSV) \ + --adjust-section-vma .sbat+10000000 $@ + endif + chmod a-x $(TARGET) +diff --git a/gptsync/Make.gnuefi b/gptsync/Make.gnuefi +index b6c0763..49aff13 100644 +--- a/gptsync/Make.gnuefi ++++ b/gptsync/Make.gnuefi +@@ -35,7 +35,7 @@ $(TARGET): $(SHLIB_TARGET) + -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \ + -j .reloc --strip-unneeded $(FORMAT) $< $@ + ifneq ($(OMIT_SBAT), 1) +- $(OBJCOPY) --add-section .sbat=../$(REFIND_SBAT_CSV) \ ++ $(OBJCOPY) --preserve-dates --add-section .sbat=../$(REFIND_SBAT_CSV) \ + --adjust-section-vma .sbat+10000000 $@ + endif + chmod a-x $(TARGET) +diff --git a/refind/Makefile b/refind/Makefile +index 73be8e5..880bd22 100644 +--- a/refind/Makefile ++++ b/refind/Makefile +@@ -54,7 +54,7 @@ $(TARGET): $(SHLIB_TARGET) + -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \ + -j .reloc --strip-unneeded $(FORMAT) $< $@ + ifneq ($(OMIT_SBAT), 1) +- $(OBJCOPY) --add-section .sbat=$(SRCDIR)/../$(REFIND_SBAT_CSV) \ ++ $(OBJCOPY) --preserve-dates --add-section .sbat=$(SRCDIR)/../$(REFIND_SBAT_CSV) \ + --adjust-section-vma .sbat+10000000 $@ + endif + chmod a-x $(TARGET) |