reproducible_debstrap.sh

#!/bin/bash
# vim: set noexpandtab:

# Copyright 2021-2022 Holger Levsen <holger@layer-acht.org>
# released under the GPLv2

DEBUG=false
. /srv/jenkins/bin/common-functions.sh
common_init "$@"

# common code for tests.reproducible-builds.org
. /srv/jenkins/bin/reproducible_common.sh
set -e
set -o pipefail # see eg http://petereisentraut.blogspot.com/2010/11/pipefail.html

cleanup() {
	local RESULT=$1
	output_echo "Cleanup ${RESULT}"
	# Cleanup the workspace and results directory
	for CLEANUP in ${BUILDDIR} ${RESULTSDIR} ; do
		if [ ! -z "$CLEANUP" ]; then
			output_echo "Removing ${CLEANUP}"
			sudo rm -rf --one-file-system ${CLEANUP}
		fi
	done
}


# Init some variables
export TOOL="$1"
export SUITE="$2"
output_echo "About to bootstrap $SUITE using $TOOL version $(dpkg-query  --showformat='${Version}' --show $TOOL)."
export SOURCE_DATE_EPOCH="$(date +%s)"
output_echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH"
export BUILDDIR=$(mktemp --tmpdir=/srv/workspace/ -d -t ${TOOL}-${SUITE}.XXXXXXXX)
export RESULTSDIR=$(mktemp --tmpdir=/srv/reproducible-results -d -t ${TOOL}-${SUITE}.XXXXXXXX) # accessible in schroots, used to compare results

# Cleanup if something goes wrong
trap cleanup INT TERM EXIT

# Randomize start time
delay_start

# Actual run ${TOOL} twice
for LOOP in "first" "second" ; do
	case $LOOP in
		first)	SUBDIR=b1
			ACTION="Verbosely running"
			REALTOOL=$TOOL
			;;
		second)	SUBDIR=b2
			ACTION="Running"
			case $TOOL in
				mmdebstrap)	REALTOOL="mmdebstrap -v" ;;
				debootstrap)	REALTOOL="debootstrap --verbose" ;;
			esac
			;;
	esac
	output_echo "$ACTION ${TOOL} $SUITE for the $LOOP run."
	mkdir -p $BUILDDIR/$SUBDIR/${TOOL}
	case ${TOOL} in
		mmdebstrap)	sudo $REALTOOL $SUITE > $BUILDDIR/$SUBDIR/${TOOL}/${SUITE}.tar
				;;
		debootstrap)	sudo $REALTOOL $SUITE $BUILDDIR/$SUBDIR/${TOOL}/${SUITE}
				for LOGFILE in /var/log/bootstrap.log /var/log/dpkg.log /var/log/alternatives.log ; do
					output_echo "Warning: modifying $TOOL result, deleting unreproducible logfile $LOGFILE"
					sudo rm -rf --one-file-system $BUILDDIR/$SUBDIR/${TOOL}/${SUITE}/$LOGFILE
				done
				for FILE in /etc/machine-id /var/cache/ldconfig/aux-cache ; do
					output_echo "Warning: modifying $TOOL result, deleting unreproducible file $FILE because it will be created as needed"
					sudo rm -rf --one-file-system $BUILDDIR/$SUBDIR/${TOOL}/${SUITE}/$FILE
				done
				sudo tar --mtime="@$SOURCE_DATE_EPOCH" --clamp-mtime -C $BUILDDIR/$SUBDIR/${TOOL}/ -cf $BUILDDIR/$SUBDIR/${TOOL}/${SUITE}.tar ${SUITE}
				sudo rm -rf --one-file-system $BUILDDIR/$SUBDIR/${TOOL}/${SUITE}
				;;
		*)		output_echo "Failure: ${TOOL} is unsupported."
				exit 1
				;;
	esac
	mv $BUILDDIR/$SUBDIR $RESULTSDIR/ 1>/dev/null
done

output_echo "Done running ${TOOL} twice."

# show sha256sum results
sha256sum $RESULTSDIR/b1/${TOOL}/${SUITE}.tar $RESULTSDIR/b2/${TOOL}/${SUITE}.tar

# show human readable results
if diff $RESULTSDIR/b1/${TOOL}/${SUITE}.tar $RESULTSDIR/b2/${TOOL}/${SUITE}.tar ; then
	output_echo "Success: ${TOOL} of $SUITE is reproducible today."
else
	output_echo "Warning: ${TOOL} of $SUITE is not reproducible."
	# Run diffoscope on the images
	output_echo "Calling diffoscope on the results."
	TIMEOUT="240m"
	DIFFOSCOPE="$(schroot --directory /tmp -c chroot:jenkins-reproducible-${DBDSUITE}-diffoscope diffoscope -- --version 2>&1)"
	TMPDIR=${RESULTSDIR}
	#call_diffoscope ${TOOL} ${SUITE}.tar
	# the previous, temporarily disabled line is only useful if we also make the .html file visible...
	schroot --directory /tmp -c chroot:jenkins-reproducible-${DBDSUITE}-diffoscope diffoscope -- --restructured-text $RESULTSDIR/${TOOL}_${SUITE}.txt $RESULTSDIR/b1/${TOOL}/${SUITE}.tar $RESULTSDIR/b2/${TOOL}/${SUITE}.tar || true # diffoscope will exi with error...
	cat $RESULTSDIR/${TOOL}_${SUITE}.txt
fi

cleanup success
# Turn off the trap
trap - INT TERM EXIT

# We reached the end, return with PASS
exit 0