| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZOiBQaPiWj0FqCLM@buildd.core.avm.de>
Date: Fri, 25 Aug 2023 12:24:01 +0200
From: Nicolas Schier <n.schier@....de>
To: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@...il.com>
Cc: masahiroy@...nel.org, bgray@...ux.ibm.com, ajd@...ux.ibm.com,
linux-kernel@...r.kernel.org, keescook@...omium.org
Subject: Re: [PATCH v2] [next] initramfs: Parse KBUILD_BUILD_TIMESTAMP as UTC
date
On Tue, Aug 22, 2023 at 09:13:18AM +1200, Paulo Miguel Almeida wrote:
> When KBUILD_BUILD_TIMESTAMP is specified, the date command will parse
> it to Unix Epoch time in UTC. However, the date command is
> timezone-aware so it will convert from the local timezone to UTC first
> which hits some of the sanity checks added on commit 5efb685bb3af1
> ("initramfs: Check negative timestamp to prevent broken cpio archive")
>
> This creates an edge case for the UTC+<N> part of the world. For instance
>
> - In New Zealand (UTC+12:00):
> $ date -d"1970-01-01" +%s
> -43200
>
> $ make KBUILD_BUILD_TIMESTAMP=1970-01-01
> make[1]: Entering directory '<snip>/linux/'
> GEN Makefile
> DESCEND objtool
> INSTALL libsubcmd_headers
> CALL ../scripts/checksyscalls.sh
> GEN usr/initramfs_data.cpio
> ERROR: Timestamp out of range for cpio format
> make[4]: *** [../usr/Makefile:76: usr/initramfs_data.cpio] Error 1
>
> - In Seattle, WA (UTC-07:00):
> $ date -d"1970-01-01" +%s
> 32400
>
> $ make KBUILD_BUILD_TIMESTAMP=1970-01-01
> <builds fine>
>
> Parse KBUILD_BUILD_TIMESTAMP date string as UTC so no localtime
> conversion is done, which fixes the edge case aforementioned
>
> Signed-off-by: Paulo Miguel Almeida <paulo.miguel.almeida.rodenas@...il.com>
> ---
> Changelog:
>
> - v2: Document behaviour and way to override it on
> Documentation/kbuild/kbuild.rst. (Req: Andrew Donnellan)
>
> - v1: https://lore.kernel.org/lkml/ZMSdUS37BD5b%2Fdn7@mail.google.com/
> ---
> Documentation/kbuild/kbuild.rst | 9 ++++++++-
> usr/gen_initramfs.sh | 2 +-
> 2 files changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/kbuild/kbuild.rst b/Documentation/kbuild/kbuild.rst
> index bd906407e307..8c204186c762 100644
> --- a/Documentation/kbuild/kbuild.rst
> +++ b/Documentation/kbuild/kbuild.rst
> @@ -296,7 +296,14 @@ KBUILD_BUILD_TIMESTAMP
> Setting this to a date string overrides the timestamp used in the
> UTS_VERSION definition (uname -v in the running kernel). The value has to
> be a string that can be passed to date -d. The default value
> -is the output of the date command at one point during build.
> +is the output of the date command at one point during build. E.g.::
> +
> + $ make KBUILD_BUILD_TIMESTAMP="1991-08-25"
> +
> +By default, the value is interpreted as UTC. To override this, append
> +the desired timezone. E.g.::
This is still not true for IKHEADERS; there we still need to set TZ=UTC:
diff --git a/kernel/gen_kheaders.sh b/kernel/gen_kheaders.sh
--- a/kernel/gen_kheaders.sh
+++ b/kernel/gen_kheaders.sh
@@ -85,3 +85,3 @@ find $cpio_dir -type f -print0 |
# Create archive and try to normalize metadata for reproducibility.
-tar "${KBUILD_BUILD_TIMESTAMP:+--mtime=$KBUILD_BUILD_TIMESTAMP}" \
+TZ=UTC tar "${KBUILD_BUILD_TIMESTAMP:+--mtime=$KBUILD_BUILD_TIMESTAMP}" \
--owner=0 --group=0 --sort=name --numeric-owner \
but I can send such a patch later.
Reviewed-by: Nicolas Schier <n.schier@....de>
Powered by blists - more mailing lists