|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] Reproducible builds of xen.gz
The mkelf32 executable was using an uninitialized stack buffer for
padding after the ehdr and phdr are written to the xen file, which
leads to non-deterministic bytes in the binary and prevented Xen
hypervisors from being reproducibly built.
Additionally, the file was then compressed with gzip -9 without the
-n | --no-name flag, which lead to the xen.gz file having
non-deterministric bytes (the timestamp) in the compressed file.
Signed-off-by: Trammell Hudson <trammell.hudson@xxxxxxxxxxxx>
---
xen/Makefile | 2 +-
xen/arch/x86/boot/mkelf32.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/xen/Makefile b/xen/Makefile
index ee8ce8e..76b60bc 100644
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -121,7 +121,7 @@ _distclean: clean
rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out
GTAGS GPATH GRTAGS GSYMS .config
$(TARGET).gz: $(TARGET)
- gzip -f -9 < $< > $@.new
+ gzip -n -f -9 < $< > $@.new
mv $@.new $@
$(TARGET): delete-unfresh-files
diff --git a/xen/arch/x86/boot/mkelf32.c b/xen/arch/x86/boot/mkelf32.c
index 6cfa312..e66740f 100644
--- a/xen/arch/x86/boot/mkelf32.c
+++ b/xen/arch/x86/boot/mkelf32.c
@@ -260,7 +260,7 @@ int main(int argc, char **argv)
u32 loadbase, dat_siz, mem_siz, note_base, note_sz, offset;
char *inimage, *outimage;
int infd, outfd;
- char buffer[1024];
+ char buffer[1024] = {};
int bytes, todo, i = 1;
int num_phdrs = 1;
--
2.5.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |