Skip to content

Commit e32031f

Browse files
heschigopherbot
authored andcommitted
internal/relui: improve reproducibility of signed tarballs
When we get the signed binaries back, the signing process has modified the tarball somewhat. We want the files to match as much as possible, so undo those changes. (And avoid making one change ourselves.) - Don't add a directory entry for the go/ root dir. It's unnecessary and not included in distpacks. This will affect non-distpack builds, but nobody is scrutinizing those. - Remove all other the directory entries too, which were inserted by the signing process. - Set the timestamps back to the distribution's timestamps. - Clear the user information on the modified files. For golang/go#61513 Change-Id: I0b3508bc2547364e2a2b49e1c6ea7be8fe92b308 Reviewed-on: https://go-review.googlesource.com/c/build/+/511759 Reviewed-by: Dmitri Shuralyov <[email protected]> Auto-Submit: Heschi Kreinick <[email protected]> Run-TryBot: Heschi Kreinick <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> TryBot-Result: Gopher Robot <[email protected]>
1 parent eaf3168 commit e32031f

File tree

2 files changed

+40
-13
lines changed

2 files changed

+40
-13
lines changed

internal/relui/workflows.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -524,7 +524,7 @@ func (tasks *BuildReleaseTasks) addBuildTasks(wd *wf.Definition, major int, vers
524524
case "darwin":
525525
pkg := wf.Task2(wd, "Build PKG installer", tasks.buildDarwinPKG, version, tar)
526526
signedPKG := wf.Task2(wd, "Sign PKG installer", tasks.signArtifact, pkg, wf.Const(sign.BuildMacOS))
527-
signedTGZ := wf.Task1(wd, "Convert to .tgz", tasks.convertPKGToTGZ, signedPKG)
527+
signedTGZ := wf.Task2(wd, "Convert to .tgz", tasks.convertPKGToTGZ, timestamp, signedPKG)
528528
mod = wf.Task4(wd, "Merge signed files into module zip", tasks.mergeSignedToModule, version, timestamp, mod, signedTGZ)
529529
artifacts = append(artifacts, signedPKG, signedTGZ)
530530
case "windows":
@@ -889,10 +889,10 @@ func (b *BuildReleaseTasks) buildDarwinPKG(ctx *wf.TaskContext, version string,
889889
return bs.BuildDarwinPKG(ctx, r, version, w)
890890
})
891891
}
892-
func (b *BuildReleaseTasks) convertPKGToTGZ(ctx *wf.TaskContext, pkg artifact) (tgz artifact, _ error) {
892+
func (b *BuildReleaseTasks) convertPKGToTGZ(ctx *wf.TaskContext, timestamp time.Time, pkg artifact) (tgz artifact, _ error) {
893893
bc := dashboard.Builders[pkg.Target.Builder]
894894
return b.runBuildStep(ctx, pkg.Target, bc, pkg, "tar.gz", func(bs *task.BuildletStep, r io.Reader, w io.Writer) error {
895-
return bs.ConvertPKGToTGZ(ctx, r, w)
895+
return bs.ConvertPKGToTGZ(ctx, r, timestamp, w)
896896
})
897897
}
898898

internal/task/buildrelease.go

Lines changed: 37 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -87,14 +87,7 @@ func adjustTar(reader *tar.Reader, writer *tar.Writer, prefixDir string, adjusts
8787
if !strings.HasSuffix(prefixDir, "/") {
8888
return fmt.Errorf("prefix dir %q must have a trailing /", prefixDir)
8989
}
90-
writer.WriteHeader(&tar.Header{
91-
Name: prefixDir,
92-
Typeflag: tar.TypeDir,
93-
Mode: 0755,
94-
ModTime: time.Now(),
95-
AccessTime: time.Now(),
96-
ChangeTime: time.Now(),
97-
})
90+
9891
file:
9992
for {
10093
header, err := reader.Next()
@@ -210,6 +203,36 @@ func fixupCrossCompile(target *releasetargets.Target) adjustFunc {
210203
}
211204
}
212205

206+
// dropDirs drops all directory entries.
207+
func dropDirs() adjustFunc {
208+
return func(h *tar.Header) *tar.Header {
209+
if h.Typeflag == tar.TypeDir {
210+
return nil
211+
}
212+
return h
213+
}
214+
}
215+
216+
// clearUserFields empties out all user and group fields.
217+
func clearUserFields() adjustFunc {
218+
return func(h *tar.Header) *tar.Header {
219+
h.Uid, h.Gid, h.Uname, h.Gname = 0, 0, "", ""
220+
return h
221+
}
222+
}
223+
224+
// setTimes sets all timestamps to t.
225+
func setTimes(t time.Time) adjustFunc {
226+
return func(h *tar.Header) *tar.Header {
227+
h.ModTime = t
228+
// Access/ChangeTime are only supported on PAX and GNU tar.
229+
if h.Format != tar.FormatUSTAR {
230+
h.AccessTime, h.ChangeTime = t, t
231+
}
232+
return h
233+
}
234+
}
235+
213236
const (
214237
goDir = "go"
215238
go14 = "go1.4"
@@ -460,7 +483,7 @@ type darwinDistData struct {
460483
}
461484

462485
// ConvertPKGToTGZ converts a macOS installer (.pkg) to a .tar.gz tarball.
463-
func (b *BuildletStep) ConvertPKGToTGZ(ctx *workflow.TaskContext, in io.Reader, out io.Writer) error {
486+
func (b *BuildletStep) ConvertPKGToTGZ(ctx *workflow.TaskContext, in io.Reader, timestamp time.Time, out io.Writer) error {
464487
if err := b.Buildlet.Put(ctx, in, "go.pkg", 0400); err != nil {
465488
return err
466489
}
@@ -485,7 +508,11 @@ func (b *BuildletStep) ConvertPKGToTGZ(ctx *workflow.TaskContext, in io.Reader,
485508
reader := tar.NewReader(gzReader)
486509
gzWriter := gzip.NewWriter(out)
487510
writer := tar.NewWriter(gzWriter)
488-
if err := adjustTar(reader, writer, "go/", nil); err != nil {
511+
if err := adjustTar(reader, writer, "go/", []adjustFunc{
512+
dropDirs(),
513+
clearUserFields(),
514+
setTimes(timestamp),
515+
}); err != nil {
489516
return err
490517
}
491518
if err := writer.Close(); err != nil {

0 commit comments

Comments
 (0)