| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Aug 2023 08:38:46 +0200
From: Nicolas Schier <n.schier@....de>
To: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@...il.com>
Cc: masahiroy@...nel.org, bgray@...ux.ibm.com, ajd@...ux.ibm.com,
linux-kernel@...r.kernel.org, keescook@...omium.org
Subject: Re: [PATCH] [next] initramfs: Parse KBUILD_BUILD_TIMESTAMP as UTC
date
On Sat, Jul 29, 2023 at 05:02:09PM +1200, Paulo Miguel Almeida wrote:
> When KBUILD_BUILD_TIMESTAMP is specified, the date command will parse
> it to Unix Epoch time in UTC. However, the date command is
> timezone-aware so it will convert from the local timezone to UTC first
> which hits some of the sanity checks added on commit 5efb685bb3af1
> ("initramfs: Check negative timestamp to prevent broken cpio archive")
>
> This creates an edge case for the UTC+<N> part of the world. For instance
>
> - In New Zealand (UTC+12:00):
> $ date -d"1970-01-01" +%s
> -43200
>
> $ make KBUILD_BUILD_TIMESTAMP=1970-01-01
> make[1]: Entering directory '<snip>/linux/'
> GEN Makefile
> DESCEND objtool
> INSTALL libsubcmd_headers
> CALL ../scripts/checksyscalls.sh
> GEN usr/initramfs_data.cpio
> ERROR: Timestamp out of range for cpio format
> make[4]: *** [../usr/Makefile:76: usr/initramfs_data.cpio] Error 1
>
> - In Seattle, WA (UTC-07:00):
> $ date -d"1970-01-01" +%s
> 32400
>
> $ make KBUILD_BUILD_TIMESTAMP=1970-01-01
> <builds fine>
>
> Parse KBUILD_BUILD_TIMESTAMP date string as UTC so no localtime
> conversion is done which fixes the edge case aforementioned.
>
> Signed-off-by: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@...il.com>
> ---
Thanks for the patch!
Looking at 1970-01-01 concretely, you could circumvent your reported
issue by using KBUILD_BUILD_TIMESTAMP="1970-01-01 UTC". But I think you
found an interesting point w/ regard to reproducibility, as time zone is
neither mentioned in Documentation/kbuild/reproducibility.rst
nor in Documentation/kbuild/kbuild.rst but influences the output of
'date -d' (w/o '-u') (or comparable) calls in usr/gen_initramfs.sh as
well as in kernel/gen_kheaders.sh ('TZ=UTC tar'?) and possibly in
scripts/kernel-doc.
I think some might be suprised that giving a YYYY-MM-DD date to
KBUILD_BUILD_TIMESTAMP leads to an effectively different timestamp in
initramfs_data.cpio, but I think your change is still reasonable.
Reviewed-by: Nicolas Schier <n.schier@....de>
> usr/gen_initramfs.sh | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/usr/gen_initramfs.sh b/usr/gen_initramfs.sh
> index 14b5782f961a..a90316d9a080 100755
> --- a/usr/gen_initramfs.sh
> +++ b/usr/gen_initramfs.sh
> @@ -221,7 +221,7 @@ while [ $# -gt 0 ]; do
> shift
> ;;
> "-d") # date for file mtimes
> - timestamp="$(date -d"$1" +%s || :)"
> + timestamp="$(date -d"$1" -u +%s || :)"
> if test -n "$timestamp"; then
> timestamp="-t $timestamp"
> fi
> --
> 2.40.1
>
--
Nicolas Schier
Powered by blists - more mailing lists