search

linuxboot / heads

A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.
https://osresearch.net/
GNU General Public License v2.0
1.42k stars 186 forks source link

Interestingly enough, it's flashrom now that is not reproducible between local builds and CircleCI with nix docker image #1667

Closed tlaurion closed 5 months ago

tlaurion commented 6 months ago

Interestingly enough, it's flashrom now that is not reproducible between local builds and CircleCI with docker image.

user@clean-nix:~/heads$ docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=nitropad-nv41
----------------------------------------------------------------------
!!!!!! BUILD SYSTEM INFO !!!!!!
System CPUS: 12
System Available Memory: 7727 GB
System Load Average: 0.07
----------------------------------------------------------------------
Used **CPUS**: 12
Used **LOADAVG**: 18
Used **AVAILABLE_MEM_GB**: 7727 GB
----------------------------------------------------------------------
**MAKE_JOBS**: -j12 --load-average=18 

Variables available for override (use 'make VAR_NAME=value'):
**CPUS** (default: number of processors, e.g., 'make CPUS=4')
**LOADAVG** (default: 1.5 times CPUS, e.g., 'make LOADAVG=54')
**AVAILABLE_MEM_GB** (default: memory available on the system in GB, e.g., 'make AVAILABLE_MEM_GB=4')
**MEM_PER_JOB_GB** (default: 1GB per job, e.g., 'make MEM_PER_JOB_GB=2')
----------------------------------------------------------------------
!!!!!! Build starts !!!!!!
if [ ! -e "/home/user/heads/build/x86/coreboot-nitrokey/.canary" ]; then git clone https://github.com/dasharo/coreboot "/home/user/heads/build/x86/coreboot-nitrokey"; git -C "/home/user/heads/build/x86/coreboot-nitrokey" reset --hard 1bcb338682b612cfcca8bba02846f78139b2e0c8 && git submodule update --init --checkout; echo -n 'https://github.com/dasharo/coreboot|1bcb338682b612cfcca8bba02846f78139b2e0c8' > "/home/user/heads/build/x86/coreboot-nitrokey/.canary"; elif [ "$(cat "/home/user/heads/build/x86/coreboot-nitrokey/.canary")" != 'https://github.com/dasharo/coreboot|1bcb338682b612cfcca8bba02846f78139b2e0c8' ]; then echo "Switching coreboot-nitrokey to https://github.com/dasharo/coreboot at 1bcb338682b612cfcca8bba02846f78139b2e0c8" && git -C "/home/user/heads/build/x86/coreboot-nitrokey" reset --hard HEAD^ && echo "git fetch https://github.com/dasharo/coreboot 1bcb338682b612cfcca8bba02846f78139b2e0c8 --recurse-submodules=no" && git -C "/home/user/heads/build/x86/coreboot-nitrokey" fetch https://github.com/dasharo/coreboot 1bcb338682b612cfcca8bba02846f78139b2e0c8 --recurse-submodules=no && echo "git reset --hard 1bcb338682b612cfcca8bba02846f78139b2e0c8" && git -C "/home/user/heads/build/x86/coreboot-nitrokey" reset --hard 1bcb338682b612cfcca8bba02846f78139b2e0c8 && echo "git clean" && git -C "/home/user/heads/build/x86/coreboot-nitrokey" clean -df && git -C "/home/user/heads/build/x86/coreboot-nitrokey" clean -dffx payloads util/cbmem && echo "git submodule sync" && git -C "/home/user/heads/build/x86/coreboot-nitrokey" submodule sync && echo "git submodule update" && git -C "/home/user/heads/build/x86/coreboot-nitrokey" submodule update --init --checkout && echo -n 'https://github.com/dasharo/coreboot|1bcb338682b612cfcca8bba02846f78139b2e0c8' > "/home/user/heads/build/x86/coreboot-nitrokey/.canary"; fi
if [ ! -e "/home/user/heads/build/x86/coreboot-nitrokey/.patched" ]; then if [ -r patches/coreboot-nitrokey-clevo_release.patch ]; then ( git apply --verbose --reject --binary --directory build/x86/coreboot-nitrokey ) < patches/coreboot-nitrokey-clevo_release.patch || exit 1 ; fi && if [ -d patches/coreboot-nitrokey-clevo_release ] && [ -r patches/coreboot-nitrokey-clevo_release ] ; then for patch in patches/coreboot-nitrokey-clevo_release/*.patch ; do echo "Applying patch file : $patch " ; ( git apply --verbose --reject --binary --directory build/x86/coreboot-nitrokey ) < $patch || exit 1 ; done ; fi && touch "/home/user/heads/build/x86/coreboot-nitrokey/.patched"; fi
2024-05-09 12:12:44+00:00 INSTALL   build/x86/linux-6.1.8/linux-nitropad-x//arch/x86/boot/bzImage => build/x86/nitropad-nv41/bzImage
488bb698cd3851eb8cfddf4f824fbd2d54fc3b86760aeb1028d6394a481c2d32  build/x86/nitropad-nv41/bzImage
 2732208:build/x86/nitropad-nv41/bzImage
488bb698cd3851eb8cfddf4f824fbd2d54fc3b86760aeb1028d6394a481c2d32  /home/user/heads/build/x86/nitropad-nv41/bzImage
 2732208:/home/user/heads/build/x86/nitropad-nv41/bzImage
2024-05-09 12:12:44+00:00 INSTALL-MODULE drivers/net/ethernet/intel/e1000/e1000.ko
2024-05-09 12:12:44+00:00 INSTALL-MODULE drivers/usb/host/ehci-hcd.ko
2024-05-09 12:12:44+00:00 INSTALL-MODULE drivers/usb/host/ehci-pci.ko
2024-05-09 12:12:44+00:00 INSTALL-MODULE drivers/usb/host/xhci-hcd.ko
2024-05-09 12:12:44+00:00 INSTALL-MODULE drivers/usb/host/xhci-pci.ko
2024-05-09 12:12:44+00:00 INSTALL-MODULE drivers/usb/storage/usb-storage.ko
2024-05-09 12:12:44+00:00 CPIO      build/x86/nitropad-nv41/modules.cpio
a8495384dde499d5b3af508b488308a2e4756e41c635de07744afd93e772d569  /home/user/heads/build/x86/nitropad-nv41/modules.cpio
  574464:/home/user/heads/build/x86/nitropad-nv41/modules.cpio
2024-05-09 12:12:44+00:00 HASHES    build/x86/nitropad-nv41/modules.cpio
2024-05-09 12:12:44+00:00 SIZES     build/x86/nitropad-nv41/modules.cpio
2024-05-09 12:12:44+00:00 SYMLINK bin/busybox
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/kexec-tools-2.0.26/build/sbin/kexec
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/tpmtotp-4d63d21c8b7db2e92ddb393057f168aead147f47/totp
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/tpmtotp-4d63d21c8b7db2e92ddb393057f168aead147f47/hotp
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/tpmtotp-4d63d21c8b7db2e92ddb393057f168aead147f47/qrenc
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/tpmtotp-4d63d21c8b7db2e92ddb393057f168aead147f47/util/tpm
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/pciutils-3.5.4/lspci
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/flashrom-1776bb46ba6ea3d1ab2ec3f0cd88158aabed7400/flashrom
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/cryptsetup-2.3.3/.libs/cryptsetup
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/cryptsetup-2.3.3/.libs/cryptsetup-reencrypt
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/cryptsetup-2.3.3/.libs/veritysetup
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/gnupg-2.4.2/g10/gpg
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/gnupg-2.4.2/agent/gpg-agent
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/gnupg-2.4.2/scd/scdaemon
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/pinentry-1.1.0/tty/pinentry-tty
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/lvm2.2.02.168/tools/dmsetup
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/lvm2.2.02.168/tools/lvm
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/dropbear-2016.74/ssh
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/dropbear-2016.74/scp
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/dropbear-2016.74/dropbear
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/flashtools-d1e6f12568cb23387144a4b7a6535fe1bc1e79b1/flashtool
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/flashtools-d1e6f12568cb23387144a4b7a6535fe1bc1e79b1/peek
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/flashtools-d1e6f12568cb23387144a4b7a6535fe1bc1e79b1/poke
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/flashtools-d1e6f12568cb23387144a4b7a6535fe1bc1e79b1/cbfs
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/flashtools-d1e6f12568cb23387144a4b7a6535fe1bc1e79b1/uefi
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/fbwhiptail-1.3/fbwhiptail
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/fbwhiptail-1.3/whiptail
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/hotp-verification-70c04f51387eee8f777e943ba83b6405764a3cd2/hotp_verification
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/hotp-verification-70c04f51387eee8f777e943ba83b6405764a3cd2/hotp_initialize
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/msrtools-572ef8a2b873eda15a322daa48861140a078b92c/wrmsr
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/msrtools-572ef8a2b873eda15a322daa48861140a078b92c/rdmsr
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/msrtools-572ef8a2b873eda15a322daa48861140a078b92c/cpuid
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/tpm2-tools-5.6/tools/tpm2
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/bash-5.1.16/bash
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/zstd-1.5.5/programs/zstd-decompress
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/e2fsprogs-1.47.0/misc/mke2fs
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/exfatprogs-1.2.1/fsck/fsck.exfat
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/exfatprogs-1.2.1/mkfs/mkfs.exfat
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/iotools-18949fdc4dedb1da3f51ee83a582b112fb9f2c71/iotools
2024-05-09 12:12:48+00:00 MAKE cbmem
make[1]: Entering directory '/home/user/heads/build/x86/coreboot-nitrokey/util/cbmem'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/user/heads/build/x86/coreboot-nitrokey/util/cbmem'
2024-05-09 12:12:48+00:00 INSTALL-BIN build/x86/coreboot-nitrokey/util/cbmem/cbmem
2024-05-09 12:12:48+00:00 INSTALL-LIB crossgcc/x86/x86_64-linux-musl/lib/libc.so
2024-05-09 12:12:48+00:00 INSTALL-LIB build/x86/cairo-1.14.12/src/.libs/libcairo.so.2
2024-05-09 12:12:48+00:00 INSTALL-LIB build/x86/cryptsetup-2.3.3/.libs/libcryptsetup.so.12
2024-05-09 12:12:48+00:00 INSTALL-LIB build/x86/json-c-0.14/build/libjson-c.so.5
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/libassuan-2.5.6/src/.libs/libassuan.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/libgcrypt-1.10.2/src/.libs/libgcrypt.so.20
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/libgpg-error-1.47/src/.libs/libgpg-error.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/libksba-1.6.4/src/.libs/libksba.so.8
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/libpng-1.6.34/.libs/libpng16.so.16
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/libusb-1.0.21/libusb/.libs/libusb-1.0.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/lvm2.2.02.168/libdm/libdevmapper.so.1.02
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/mbedtls-2.4.2/library/libmbedcrypto.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/npth-1.6/src/.libs/libnpth.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/openssl-3.0.8/libcrypto.so.3
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/pciutils-3.5.4/lib/libpci.so.3.5.4
2024-05-09 12:12:49+00:00 INSTALL-LIB install/x86/lib/libpci.so.3
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/pixman-0.34.0/pixman/.libs/libpixman-1.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/popt-1.19/src/.libs/libpopt.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/qrencode-3.4.4/.libs/libqrencode.so.3
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/tpm2-tss-3.2.2/src/tss2-rc/.libs/libtss2-rc.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/tpm2-tss-3.2.2/src/tss2-mu/.libs/libtss2-mu.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/tpm2-tss-3.2.2/src/tss2-sys/.libs/libtss2-sys.so.1
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/tpm2-tss-3.2.2/src/tss2-esys/.libs/libtss2-esys.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/tpm2-tss-3.2.2/src/tss2-tcti/.libs/libtss2-tctildr.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/tpm2-tss-3.2.2/src/tss2-tcti/.libs/libtss2-tcti-device.so.0
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/tpmtotp-4d63d21c8b7db2e92ddb393057f168aead147f47/libtpm/libtpm.so
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/util-linux-2.29.2/.libs/libuuid.so.1
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/util-linux-2.29.2/.libs/libblkid.so.1
2024-05-09 12:12:49+00:00 INSTALL-LIB build/x86/zlib-1.2.11/libz.so.1
2024-05-09 12:12:49+00:00 INSTALL boards/nitropad-nv41/nitropad-nv41.config
2024-05-09 12:12:49+00:00 HASH e4976e7882992c6b5182d2593f5d34bd4028e229 clean nitropad-nv41
2024-05-09 12:12:49+00:00 CPIO      build/x86/nitropad-nv41/tools.cpio
3064feef5d56b2c6fa52ff20702ae4c36f3110953a5bb17291a97aa163aafcc6  /home/user/heads/build/x86/nitropad-nv41/tools.cpio
17853952:/home/user/heads/build/x86/nitropad-nv41/tools.cpio
2024-05-09 12:12:49+00:00 HASHES    build/x86/nitropad-nv41/tools.cpio
2024-05-09 12:12:49+00:00 SIZES     build/x86/nitropad-nv41/tools.cpio
cpio -H newc -o </dev/null >"/home/user/heads/build/x86/nitropad-nv41/board.cpio"
1 block
2024-05-09 12:12:49+00:00 CPIO      build/x86/nitropad-nv41/heads.cpio
1e2c76b6787af027995f8ab802a2226dc606f18c8e5b641e55866ebea797d77b  /home/user/heads/build/x86/nitropad-nv41/heads.cpio
  396800:/home/user/heads/build/x86/nitropad-nv41/heads.cpio
2024-05-09 12:12:49+00:00 HASHES    build/x86/nitropad-nv41/heads.cpio
2024-05-09 12:12:49+00:00 SIZES     build/x86/nitropad-nv41/heads.cpio
2024-05-09 12:12:49+00:00 CPIO-XZ   build/x86/nitropad-nv41/initrd.cpio.xz
d4eef6eb8f49608ab1da3e85437d981b7dd5f88e9db0149840c8b6d0ab4bdc91  build/x86/nitropad-nv41/initrd.cpio.xz
 6208512:build/x86/nitropad-nv41/initrd.cpio.xz
2024-05-09 12:12:58+00:00 MAKE coreboot-nitrokey
2024-05-09 12:13:02+00:00 DONE coreboot-nitrokey
# Use coreboot.rom, because custom output files might not be processed by cbfstool
"/home/user/heads/build/x86/coreboot-nitrokey/nitropad-nv41/cbfstool" "/home/user/heads/build/x86/coreboot-nitrokey/nitropad-nv41/coreboot.rom" print
FMAP REGION: COREBOOT
Name                           Offset     Type           Size   Comp
cbfs_master_header             0x0        cbfs header        28 none
fallback/romstage              0x80       stage           80408 none
cpu_microcode_blob.bin         0x13b40    microcode      546816 none
intel_fit                      0x99380    intel_fit          80 none
fallback/ramstage              0x99400    stage          146212 LZMA (348920 decompressed)
config                         0xbcf80    raw              4574 LZMA (16755 decompressed)
revision                       0xbe1c0    raw               885 none
build_info                     0xbe580    raw                96 none
bootsplash.jpg                 0xbe640    bootsplash      85396 none
fallback/dsdt.aml              0xd3400    raw             22566 none
cmos.default                   0xd8c80    cmos_default      256 none
fspm.bin                       0xd8dc0    fsp            786432 none
fsps.bin                       0x198e00   fsp            296077 LZ4  (389120 decompressed)
vbt.bin                        0x1e1300   raw              1290 LZMA (8704 decompressed)
cmos_layout.bin                0x1e1840   cmos_layout       800 none
fallback/postcar               0x1e1bc0   stage           31648 none
fallback/payload               0x1e97c0   simple elf    8929985 none
(empty)                        0xa6dac0   null          5478116 none
bootblock                      0xfa71c0   bootblock       35840 none
2024-05-09 12:13:02+00:00 INSTALL   build/x86/coreboot-nitrokey/nitropad-nv41/coreboot.rom => build/x86/nitropad-nv41/heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom
4c11ec537cb05cf3063842fbb046254d5b3b179d7c20839e45f1f5e2f2ab1ce4  build/x86/nitropad-nv41/heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom
33554432:build/x86/nitropad-nv41/heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom
rm -rf "/home/user/heads/build/x86/nitropad-nv41/update_pkg"
mkdir -p "/home/user/heads/build/x86/nitropad-nv41/update_pkg"
cp "/home/user/heads/build/x86/nitropad-nv41/heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom" "/home/user/heads/build/x86/nitropad-nv41/update_pkg/"
cd "/home/user/heads/build/x86/nitropad-nv41/update_pkg" && sha256sum "heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom" >sha256sum.txt
cd "/home/user/heads/build/x86/nitropad-nv41/update_pkg" && zip -9 "/home/user/heads/build/x86/nitropad-nv41/heads-nitropad-nv41-v0.2.0-2134-ge4976e7.zip" "heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom" sha256sum.txt
  adding: heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom (deflated 62%)
  adding: sha256sum.txt (deflated 15%)
4c11ec537cb05cf3063842fbb046254d5b3b179d7c20839e45f1f5e2f2ab1ce4  /home/user/heads/build/x86/nitropad-nv41/heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom
33554432:/home/user/heads/build/x86/nitropad-nv41/heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom
user@clean-nix:~/heads$ egrep '^[0-9a-f]{64}' build/x86/nitropad-nv41/hashes.txt | while read line; do HASH_REF=$(echo $line|awk -F " " {'print $1'}); FILE_REF=$(echo $line|awk -F "/" {'print $NF'}); if ! grep -q "$HASH_REF" ~/QubesIncoming/heads-tests-deb12/hashes.txt; then echo "$FILE_REF doesn't match";fi; done
tools.cpio doesn't match
flashrom doesn't match
initrd.cpio.xz doesn't match
heads-nitropad-nv41-v0.2.0-2134-ge4976e7.rom doesn't match

This is LDPATH from diffoscope diffoscope_flashrom.tar.gz

Offset 29, 15 lines modified  Offset 29, 15 lines modified
29    strtoull    29  strtoull
30    strtok_r    30  strtok_r
31    gettimeofday    31  gettimeofday
32    __libc_start_main   32  __libc_start_main
33    LIBPCI_3.3  33  LIBPCI_3.3
34    LIBPCI_3.0  34  LIBPCI_3.0
35    LIBPCI_3.5  35  LIBPCI_3.5
36    /heads/install/x86/lib  36  /home/user/heads/install/x86/lib
37    ]A\A]A^A_   37  ]A\A]A^A_
38    []A\A]A^A_  38  []A\A]A^A_
39    X[]A\A]A^A_ 39  X[]A\A]A^A_
40    []A\A]A^A_  40  []A\A]A^A_
41    8[]A\A]A^A_ 41  8[]A\A]A^A_
42    ([]A\A]A^A_ 42  ([]A\A]A^A_
43    []A\A]A^A_  43  []A\A]A^A_

Originally posted by @tlaurion in https://github.com/linuxboot/heads/issues/1661#issuecomment-2102550651

tlaurion commented 6 months ago

Repro notes used here: