On 28/06/2024 20:44, Dominique Martinet wrote: > Alan Maguire wrote on Fri, Jun 28, 2024 at 09:31:17AM +0100: >> FWIW I verified that with the above change, and >> >> export KBUILD_BUILD_TIMESTAMP=$(date -I) >> >> ...the feature flag is added to pahole and as a result we get >> reproducible BTF in vmlinux; .btf.vmlinux.bin.o is identical across >> multiple kernel builds. > > Sorry for the lack of reply, I didn't have time to test until now, and I > have no idea how to override the kernel config in nixos so the checking > build through nix build took all night. > I've now also confirmed this works including for modules BTF & linux > "package" build on nixos on master. > > However from there I built a random kernel module and have also > confirmed they don't set KBUILD_BUILD_TIMESTAMP for external modules -- > from a quick look it's not part of the default flags defined as > buildFlags here[1] because each modules' SOURCE_DATE_EPOCH isn't > available at this level (and I have no idea how to call a command at > this level), the configurePhase where it's set only applies to the > kernel itself and not the gazillion of modules. > [1] https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/kernel/manual-config.nix > > Add to that that nixos is supporting a dozen of kernels -- all mainlines > stable versions but also a dozen of variants (rt, whatever xanmod and > zen are, and if you look for things like mobile-nixos you'll also get > much older and not update sunxi and other embedded trees) I definitely > won't put the effort to backport equivalent patches to all these kernels > > > I wanted the patch for alpine as well but I honestly don't have the time > to do the same confirmation work there; if they have any external > modules I don't see the flag being set either, at least they don't have > so many kernels. > (but unlike nixos the kernel build "framework" code isn't shared and I > know of at least one out of tree embedded kernel that doesn't set > KBUILD_BUILD_TIMESTAMP and only has SOURCE_DATE_EPOCH...) > > > So: > - in theory, sure; this patch works. I say we can do this independantly > of any other effort. The propere way of setting reproducible build in > the kernel is not SOURCE_DATE_EPOCH but KBUILD_BUILD_TIMESTAMP and > handling it at kernel makefile level is sound. Okay, so I propose we try and get the KBUILD_BUILD_TIMESTAMP-based change upstream. I'll send that later today. That doesn't mean we can't add the envvar-based method too, it just means we have something upstream that handles reproducible builds more explicitly. > - in practice, (nixos hat) some modules won't set it but will only have > SOURCE_DATE_EPOCH available, and there are trees that won't be updated > for years (and that's being optimistic), so our local patch in pahole is > here to stay for a while and the benefits far outweight the rebasing > work. > - (alpine hat) alpine doesn't seem to care as much about > reproducibility (the nixos patch wasn't in and nobody complained so far), > undecided at this point. Makefile.btf patch is probably good enough, but > since I'm maintaining the patch anyway it's no extra work to add it > there, undecided at this point. > > One thing I think would be worth doing in your patch would be adding debug logging (if in verbose mode) that we are enabling reproducible builds due to the presence of the SOURCE_DATE_EPOCH envvar. I don't think we can do this in the non-debug case because build logs would just be flooded with a few thousand of these messages for each module we add BTF to using pahole. With that small addition I'd be happy with the change. Can you send a v2 with that added? Thanks! Alan > Thanks,
