search

plougher / squashfs-tools

tools to create and extract Squashfs filesystems
GNU General Public License v2.0
738 stars 191 forks source link

`-reproducible` should imply `-mkfs-time $constant` #140

Open scgtrp opened 2 years ago

scgtrp commented 2 years ago

If I create the same image twice, with -reproducible, without changing the contents of the source directory:

$ mksquashfs rootfs/ a -all-root -noappend -comp xz -reproducible 
$ mksquashfs rootfs/ b -all-root -noappend -comp xz -reproducible

I would expect to get two identical output files. However, they are not:

$ sha1sum a b
7204f4037cd840de1bf5db259abd8b0170518308  a
4e9caf6d8cb632284ea521c51d8bbcb866d7e8b8  b

The only difference between the two is the timestamp in the filesystem superblock, which is set to the current time even in -reproducible mode:

$ diff -u <(hexdump -C a) <(hexdump -C b)
--- /dev/fd/63  2021-12-25 04:46:55.789247153 -0500
+++ /dev/fd/62  2021-12-25 04:46:55.789247153 -0500
@@ -1,4 +1,4 @@
-00000000  68 73 71 73 97 01 00 00  5c e7 c6 61 00 00 02 00  |hsqs....\..a....|
+00000000  68 73 71 73 97 01 00 00  60 e7 c6 61 00 00 02 00  |hsqs....`..a....|
 00000010  04 00 00 00 04 00 11 00  c0 00 01 00 04 00 00 00  |................|
 00000020  bd 1c fa 05 00 00 00 00  38 8d 36 00 00 00 00 00  |........8.6.....|
 00000030  30 8d 36 00 00 00 00 00  ff ff ff ff ff ff ff ff  |0.6.............|

It seems that -reproducible should, in addition to all the other things it keeps constant, replace the timestamp with a constant value (0? 0xFFFFFFFF?).

(Also, happy whatever winter holiday(s) you celebrate! I feel weird submitting this today because of the "Merry Christmas! I got you a bug report!" thing but if I don't do it right now it'll slip my mind and never get done.)

roeey777 commented 2 years ago

I completely agrees with @scgtrp in addition I would suggest that -reproducible flag would imply the usage of SOURCE_DATE_EPOCH environment variable as described by reproducible-builds.org.

scgtrp commented 2 years ago

I was unaware of that, but having read it, I think I agree. You could accomplish the same thing with -mkfs-time $SOURCE_DATE_EPOCH, but if it's clear the user meant that, might as well just do it.

I'd propose something like "use the first available of -mkfs-time, $SOURCE_DATE_EPOCH (maybe only if reproducible?), current time (only if !reproducible), 0". That seems like the least surprising behavior.

deven commented 4 months ago

How about defaulting -mkfs-time to the newest timestamp of any inode in the created filesystem when using -reproducible? That would be inherently stable if the source content is unchanged.