GNU bug report logs - #35283
ISO images are not reproducible

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Mon, 15 Apr 2019 07:47:01 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: bug-grub <at> gnu.org
Cc: 35283 <at> debbugs.gnu.org
Subject: bug#35283: [PATCH] grub-mkrescue: Allow users to specify a FAT serial number
Date: Sun, 21 Apr 2019 18:32:21 +0200

[Message part 1 (text/plain, inline)]
Hello,

While investigating reproducible ISO images for Guix¹, I found that
‘grub-mkrescue’ would invoke ’mformat’ without the ‘-N’ option.
Consequently, ‘mformat’ would pick a random serial number, thereby
making the ‘efi.img’ build process non-deterministic.

I came up with the gross hack attached: the ‘grub-mkrescue’ caller can
set the ‘GRUB_FAT_SERIAL_NUMBER’ environment variable, which
‘grub-mkrescue’ translates into a ‘-N’ flag for ‘mformat’.

We could perhaps achieve the same result differently, for instance by
adding an option to ‘grub-mkrescue’.

WDYT?

Thanks,
Ludo’.

¹ https://issues.guix.info/issue/35283


[grub-efi-fat-serial-number.patch (text/x-patch, inline)]
Change 'grub-mkrescue' to honor the 'GRUB_FAT_SERIAL_NUMBER'
environment variable.  That way, the caller can specify a fixed
serial number (instead of the randomly chosen one) to create EFI
images (the 'efi.img' file) that are reproducible bit-for-bit.

Patch by Ludovic Courtès <ludo <at> gnu.org>.

--- grub-2.02/util/grub-mkrescue.c	2019-04-20 19:15:26.180242812 +0200
+++ grub-2.02/util/grub-mkrescue.c	2019-04-20 21:56:34.672370849 +0200
@@ -788,8 +788,15 @@ main (int argc, char *argv[])
 
       efiimgfat = grub_util_path_concat (2, iso9660_dir, "efi.img");
       int rv;
-      rv = grub_util_exec ((const char * []) { "mformat", "-C", "-f", "2880", "-L", "16", "-i",
-	    efiimgfat, "::", NULL });
+
+      const char *fat_serial_number = getenv ("GRUB_FAT_SERIAL_NUMBER");
+      const char *mformat_args[] =
+	{ "mformat", "-C", "-f", "2880", "-L", "16",
+	  fat_serial_number != NULL ? "-N" : "-C",
+	  fat_serial_number != NULL ? fat_serial_number : "-C",
+	  "-i", efiimgfat, "::", NULL };
+
+      rv = grub_util_exec (mformat_args);
       if (rv != 0)
 	grub_util_error ("`%s` invocation failed\n", "mformat");
       rv = grub_util_exec ((const char * []) { "mcopy", "-s", "-i", efiimgfat, efidir_efi, "::/", NULL });
This bug report was last modified 6 years and 95 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.