deepblue/coen
1
0
Fork 0
mirror of https://github.com/iana-org/coen.git synced 2025-05-10 10:37:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
coen/tools/hooks/02-fix-non-reproducible-files.sh
Andres Pavez 6b7327d6ee
Release (V1.0.0)
2023-03-14 10:59:59 -07:00

66 lines
2.7 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Fixing non-reproducible files
set -x # Print each command before executing it
set -e # Exit immediately should a command fail
set -u # Treat unset variables as an error and exit immediately
# Truncating the snakeoil SSL key pair and deleting the symbolic link generated
# by ssl-cert because is not reproducible
debuerreotype-chroot $WD/chroot truncate -s 0 /etc/ssl/certs/ssl-cert-snakeoil.pem
debuerreotype-chroot $WD/chroot truncate -s 0 /etc/ssl/private/ssl-cert-snakeoil.key
debuerreotype-chroot $WD/chroot find "/etc/ssl/certs" -lname "ssl-cert-snakeoil.pem" -exec rm -f '{}' +
# Truncating non-reproducible file
debuerreotype-chroot $WD/chroot truncate -s 0 /etc/machine-id
# Removing python compiled bytecode
debuerreotype-chroot $WD/chroot find "/usr" -name "*.pyc" -exec rm -f '{}' +
# fontconfig generates non-reproducible cache files in /var/cache/fontconfig
# Reference https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864082
# This is fixed in fontconfig >= 2.13.1-4.4
debuerreotype-chroot $WD/chroot sed -i "$ a\deb \
http://snapshot.debian.org/archive/debian/$(date --date "$DATE" '+%Y%m%dT%H%M%SZ') \
"$DIST_ADD" main" /etc/apt/sources.list
debuerreotype-apt-get $WD/chroot update
cp $FONTC_DIR/*.deb $WD/chroot/var/cache/apt/archives/
debuerreotype-chroot $WD/chroot DEBIAN_FRONTEND=noninteractive apt-get -o Acquire::Check-Valid-Until=false install \
--no-install-recommends --yes \
fontconfig-config=2.13.1-4.5 libfontconfig1=2.13.1-4.5 fontconfig=2.13.1-4.5
debuerreotype-apt-get $WD/chroot --yes --purge autoremove
debuerreotype-apt-get $WD/chroot --yes clean
# Regenerating the font cache
debuerreotype-chroot $WD/chroot fc-cache --force --really-force --system-only --verbose
# Removing /run/cups/certs/ non-reproducible directory
debuerreotype-chroot $WD/chroot find "/run" -type d -name "cups" -exec rm -rf '{}' +
# Removing /var/log/journal/ non-reproducible directory
debuerreotype-chroot $WD/chroot find "/var/log" -type d -name "journal" -exec rm -rf '{}' +
# Truncating non-reproducible files
debuerreotype-chroot $WD/chroot truncate -s 0 /var/cache/debconf/config.dat
debuerreotype-chroot $WD/chroot truncate -s 0 /var/cache/debconf/config.dat-old
# Checking and fixing initrd if necessary
echo "Calculating SHA-256 HASH of the initrd"
INITRDFINALHASH=$(sha256sum < "${WD}"/chroot/boot/initrd.img-5.10.0-20-amd64)
if [ "$INITRDFINALHASH" != "$INITRD_FINAL_SHASUM" ]
then
echo "Warning: SHA-256 hashes do not match. Reproduction of the initrd-img failed"
echo "Fixing initrd-img"
tar --overwrite --preserve-permissions -zxvf $PACKAGE_DIR/initrd.img-5.10.0-20-amd64.tgz --directory $WD/chroot/boot/
else
echo "Successfully reproduced initrd"
fi
# END
Reference in New Issue View Git Blame Copy Permalink