Script for building locally about skulls HOT 12 CLOSED

I have an semi automated build script and a docker container. I need to clean it up a bit and want to make sure that it will create reproducible builds.

from skulls.

If we can build reproducibly, it would make sense and be great to include it. It wouldn't affect release tarballs though.

from skulls.

Here is the initial commit for a local docker builder. I want to add the ability to add take a commit hash or tag.

I opted for the official coreboot docker container. While much larger than the one I had, coreboot's is designed for reproducible builds.

from skulls.

Have you tested it? There are minor things I spot:

• build the toolchain if not yet built (or possibly anyways, to be sure to be up to date; it doesn't take long when up to date)
• the model name "x230" could be defined more centrally (directory name), and not hardcoded at multiple places
• running make nconfig seems strange. why have something interactive in there?
• integration: copy our config and vga bios in

but when I find time to test, I can as well imagine integrating this and impove it from there. thanks. feel free to create a pull request.

from skulls.

To answer a few of these,

• Yes, I have tested it and one of the perks of using the official Coreboot container is that it already has the toolchain built and installed.
• (facepalm) Of course I should be reading directories instead of maintaining a list.
• Currently, it pulls the latest from Coreboot; make nconfig was make any relevant config changes. When adding in the ability to build from a specific commit or tag, I will add an interactive mode flag.
• I have not a conclusive answer on why the vga bios is not already included in the coreboot blob repo. Have you found the license agreement that permits this? This concern is why I am using the libgfxinit config but would prefer to full integrate with the rest of skulls.

from skulls.

• any link to that official container, or documentation?
• ok
• I wouldn't worry too much about only building the tip master. That's fine actually. But isn't there make oldconfig?
• good point actually, trying to push the vga bios into the blobs repo, but that's off topic here. we have another issue about this. But I have unfortunately never found a license that applies to it. We'll keep on looking, maybe we add a disclaimer, but we use it. We don't yet get the functionality we need without it.
• Even though now it seems that our microcode update changes are going to be merged and we don't have to apply anything, we surely will do so again someday, so: have a patches directory, or parse a file with git pull commands would be necessary in the long run. Ignore that for now though.

from skulls.

Hiding in plain sight

• https://github.com/coreboot/coreboot/blob/master/util/docker/coreboot-sdk/Dockerfile
• https://hub.docker.com/r/coreboot/coreboot-sdk/

I doubt the hash will match https://tests.reproducible-builds.org/coreboot/coreboot.html because I do not know what config they are using to generate it.

from skulls.

thanks. if I understand this, that's irrelevant as long as our config produces the same hash.

from skulls.

I am not sure how this should be integrated with Skulls so for now I created a separate repo here Thrilleratplay/coreboot-builder-scripts

from skulls.

Thanks! I'd love to include them when they build reproducibly.

from skulls.

included. @Thrilleratplay can I add a "author" or copyright comment with your name to your scripts, as I didn't preserve the git history? thanks.

from skulls.

@merge Sure. Add whatever you feel is appropriate.

from skulls.