mirror of
https://github.com/iana-org/coen.git
synced 2025-05-10 02:27:21 +00:00
66 lines
2.7 KiB
Bash
Executable File
66 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
# Fixing non-reproducible files
|
|
|
|
set -x # Print each command before executing it
|
|
set -e # Exit immediately should a command fail
|
|
set -u # Treat unset variables as an error and exit immediately
|
|
|
|
# Truncating the snakeoil SSL key pair and deleting the symbolic link generated
|
|
# by ssl-cert because is not reproducible
|
|
|
|
debuerreotype-chroot $WD/chroot truncate -s 0 /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|
debuerreotype-chroot $WD/chroot truncate -s 0 /etc/ssl/private/ssl-cert-snakeoil.key
|
|
debuerreotype-chroot $WD/chroot find "/etc/ssl/certs" -lname "ssl-cert-snakeoil.pem" -exec rm -f '{}' +
|
|
|
|
# Truncating non-reproducible file
|
|
debuerreotype-chroot $WD/chroot truncate -s 0 /etc/machine-id
|
|
|
|
# Removing python compiled bytecode
|
|
debuerreotype-chroot $WD/chroot find "/usr" -name "*.pyc" -exec rm -f '{}' +
|
|
|
|
# fontconfig generates non-reproducible cache files in /var/cache/fontconfig
|
|
# Reference https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864082
|
|
# This is fixed in fontconfig >= 2.13.1-4.4
|
|
|
|
debuerreotype-chroot $WD/chroot sed -i "$ a\deb \
|
|
http://snapshot.debian.org/archive/debian/$(date --date "$DATE" '+%Y%m%dT%H%M%SZ') \
|
|
"$DIST_ADD" main" /etc/apt/sources.list
|
|
|
|
debuerreotype-apt-get $WD/chroot update
|
|
|
|
cp $FONTC_DIR/*.deb $WD/chroot/var/cache/apt/archives/
|
|
|
|
debuerreotype-chroot $WD/chroot DEBIAN_FRONTEND=noninteractive apt-get -o Acquire::Check-Valid-Until=false install \
|
|
--no-install-recommends --yes \
|
|
fontconfig-config=2.13.1-4.5 libfontconfig1=2.13.1-4.5 fontconfig=2.13.1-4.5
|
|
|
|
debuerreotype-apt-get $WD/chroot --yes --purge autoremove
|
|
debuerreotype-apt-get $WD/chroot --yes clean
|
|
|
|
# Regenerating the font cache
|
|
debuerreotype-chroot $WD/chroot fc-cache --force --really-force --system-only --verbose
|
|
|
|
# Removing /run/cups/certs/ non-reproducible directory
|
|
debuerreotype-chroot $WD/chroot find "/run" -type d -name "cups" -exec rm -rf '{}' +
|
|
|
|
# Removing /var/log/journal/ non-reproducible directory
|
|
debuerreotype-chroot $WD/chroot find "/var/log" -type d -name "journal" -exec rm -rf '{}' +
|
|
|
|
# Truncating non-reproducible files
|
|
debuerreotype-chroot $WD/chroot truncate -s 0 /var/cache/debconf/config.dat
|
|
debuerreotype-chroot $WD/chroot truncate -s 0 /var/cache/debconf/config.dat-old
|
|
|
|
# Checking and fixing initrd if necessary
|
|
echo "Calculating SHA-256 HASH of the initrd"
|
|
INITRDFINALHASH=$(sha256sum < "${WD}"/chroot/boot/initrd.img-5.10.0-20-amd64)
|
|
if [ "$INITRDFINALHASH" != "$INITRD_FINAL_SHASUM" ]
|
|
then
|
|
echo "Warning: SHA-256 hashes do not match. Reproduction of the initrd-img failed"
|
|
echo "Fixing initrd-img"
|
|
tar --overwrite --preserve-permissions -zxvf $PACKAGE_DIR/initrd.img-5.10.0-20-amd64.tgz --directory $WD/chroot/boot/
|
|
else
|
|
echo "Successfully reproduced initrd"
|
|
fi
|
|
|
|
# END
|