linux: omit build id (#106648)

Don't include an ​NT_GNU_BUILD_ID (that is randomly generated
at build time).

This improves the kernel reproducibility: when also disabling
the MOUDLE_SIG and SECURITY_LOCKDOWN_LSM options the build
is bit-by-bit reproducible.
This commit is contained in:
Arnout Engelen 2020-12-23 16:31:05 +01:00 committed by GitHub
parent 49eb10e5be
commit de075d25c7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -113,6 +113,13 @@ let
sed -i "$mf" -e 's|/usr/bin/||g ; s|/bin/||g ; s|/sbin/||g'
done
sed -i Makefile -e 's|= depmod|= ${buildPackages.kmod}/bin/depmod|'
# Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic.
# This way kernels can be bit-by-bit reproducible depending on settings
# (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled).
# See also https://kernelnewbies.org/BuildId
sed -i Makefile -e 's|--build-id|--build-id=none|'
sed -i scripts/ld-version.sh -e "s|/usr/bin/awk|${buildPackages.gawk}/bin/awk|"
'';