kernel: Fix reproducibility for kernel builds
There have been multiple subtle issues with building kernel reproducibly:
1) The build time contributes into the resulting kernel image. Although
nix provides a fixed build time through SOURCE_DATE_EPOCH, we
explicitly need to pick that up for kernel builds through
KBUILD_BUILD_TIMESTAMP.
2) Having module signing enabled will create a new signing key for each
module build, changing the signatures for each build.
3) Different nix environment may have different names for the builders,
as their number might be different. This can lead to differnt values
in the binaries depending on if the build was done inside the docker
container or natively. Set KBUILD_BUILD_USER and KBUILD_BUILD_HOST
to fixed values to work around this.
Testing done:
Built the kernels multiple times on each architecture natively and through docker and compare the sha512 of the generated binaries.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Closes: #31
Description of changes:
Testing done:
Built the kernels multiple times on each architecture natively and through docker and compare the sha512 of the generated binaries.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.