From: Mathias Kresin Date: Sat, 5 Jan 2019 20:51:00 +0100 Subject: tools: add zip utility One image requires a zip compressed image, so add the zip util found in the packages feed, and extend it with some useful debian patches. Signed-off-by: Mathias Kresin tools: zip: add option for reproducible archives Add the option -mt/--mtime to pass a timestamp which is used as filedate for the containing files. So far, it isn't used for anything written to the extra fields, therefore requires the -X (eXclude eXtra file attributes) parameter to be effective. Signed-off-by: Mathias Kresin diff --git a/tools/Makefile b/tools/Makefile index d2b5daf18c233c8e94657fd61922c75770a3b35b..3ac3b226d35311c606e6dcc562fb8a2d31cec584 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -32,7 +32,7 @@ tools-$(CONFIG_TARGET_x86) += qemu tools-$(CONFIG_TARGET_mxs) += elftosb sdimage tools-$(CONFIG_TARGET_ar71xx) += lzma-old squashfs tools-$(CONFIG_USES_MINOR) += kernel2minor -tools-y += lzma squashfs4 +tools-y += lzma squashfs4 zip tools-$(BUILD_B43_TOOLS) += b43-tools tools-$(BUILD_ISL) += isl tools-$(CONFIG_USE_SPARSE) += sparse diff --git a/tools/zip/Makefile b/tools/zip/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..7dd81a1b8bc3bfeb5773d0770cb57c164f6db157 --- /dev/null +++ b/tools/zip/Makefile @@ -0,0 +1,36 @@ +# +# Copyright (C) 2007-2016 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=zip +PKG_REV:=30 +PKG_VERSION:=3.0 + +PKG_SOURCE:=$(PKG_NAME)$(PKG_REV).tar.gz +PKG_SOURCE_URL:=@SF/infozip +PKG_HASH:=f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369 + +PKG_LICENSE:=BSD-4-Clause +PKG_LICENSE_FILES:=LICENSE + +HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-$(PKG_VERSION)/zip$(PKG_REV) +HOST_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/host-build.mk + +define Host/Compile + +$(HOST_MAKE_VARS) $(MAKE) $(HOST_JOBS) -C $(HOST_BUILD_DIR) -I. -f unix/Makefile zip +endef + +define Host/Install + $(INSTALL_DIR) $(STAGING_DIR_HOST)/bin/ + $(INSTALL_BIN) $(HOST_BUILD_DIR)/zip $(STAGING_DIR_HOST)/bin/ +endef + +$(eval $(call HostBuild)) +#$(eval $(call BuildPackage,zip)) diff --git a/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch b/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch new file mode 100644 index 0000000000000000000000000000000000000000..ef0de6fd9b9bb1f2ee29a9609ce0dbd7799f3410 --- /dev/null +++ b/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch @@ -0,0 +1,89 @@ +From fc392c939b9a18959482f588aff0afc29dd6d30a Mon Sep 17 00:00:00 2001 +From: Romain Naour +Date: Fri, 23 Jan 2015 22:20:18 +0100 +Subject: [PATCH 6/6] unix/configure: borrow the LFS test from autotools. + +Infozip's LFS check can't work for cross-compilation +since it try to run a target's binary on the host system. + +Instead, use to LFS test used by autotools which is a +compilation test. +(see autotools/lib/autoconf/specific.m4) + +Reported-by: Richard Genoud +Signed-off-by: Romain Naour +--- + configure | 46 +++++++++++++++------------------------------- + 1 file changed, 15 insertions(+), 31 deletions(-) + +--- a/unix/configure ++++ b/unix/configure +@@ -399,9 +399,8 @@ else + fi + + +-# Now we set the 64-bit file environment and check the size of off_t +-# Added 11/4/2003 EG +-# Revised 8/12/2004 EG ++# LFS check borrowed from autotools sources ++# lib/autoconf/specific.m4 + + echo Check for Large File Support + cat > conftest.c << _EOF_ +@@ -410,23 +409,19 @@ cat > conftest.c << _EOF_ + # define _FILE_OFFSET_BITS 64 /* select default interface as 64 bit */ + # define _LARGE_FILES /* some OSes need this for 64-bit off_t */ + #include +-#include +-#include +-#include ++ ++ /* Check that off_t can represent 2**63 - 1 correctly. ++ We can't simply define LARGE_OFF_T to be 9223372036854775807, ++ since some C++ compilers masquerading as C compilers ++ incorrectly reject 9223372036854775807. */ ++#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) ++ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 ++ && LARGE_OFF_T % 2147483647 == 1) ++ ? 1 : -1]; ++ + int main() + { +- off_t offset; +- struct stat s; +- /* see if have 64-bit off_t */ +- if (sizeof(offset) < 8) +- return 1; +- printf(" off_t is %d bytes\n", sizeof(off_t)); +- /* see if have 64-bit stat */ +- if (sizeof(s.st_size) < 8) { +- printf(" s.st_size is %d bytes\n", sizeof(s.st_size)); +- return 2; +- } +- return 3; ++ return 0; + } + _EOF_ + # compile it +@@ -434,19 +429,8 @@ $CC -o conftest conftest.c >/dev/null 2> + if [ $? -ne 0 ]; then + echo -- no Large File Support + else +-# run it +- ./conftest +- r=$? +- if [ $r -eq 1 ]; then +- echo -- no Large File Support - no 64-bit off_t +- elif [ $r -eq 2 ]; then +- echo -- no Large File Support - no 64-bit stat +- elif [ $r -eq 3 ]; then +- echo -- yes we have Large File Support! +- CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT" +- else +- echo -- no Large File Support - conftest returned $r +- fi ++ echo -- yes we have Large File Support! ++ CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT" + fi + + diff --git a/tools/zip/patches/004-do-not-set-unwanted-cflags.patch b/tools/zip/patches/004-do-not-set-unwanted-cflags.patch new file mode 100644 index 0000000000000000000000000000000000000000..bfd226077a9742f87a1988747a81e9226e89dfaf --- /dev/null +++ b/tools/zip/patches/004-do-not-set-unwanted-cflags.patch @@ -0,0 +1,15 @@ +From: Santiago Vila +Subject: Do not set unwanted CFLAGS, as it breaks DEB_BUILD_OPTIONS +X-Debian-version: 2.32-1 + +--- a/unix/configure ++++ b/unix/configure +@@ -98,7 +98,7 @@ int main() + _EOF_ + $CC $CFLAGS -c conftest.c > /dev/null 2>/dev/null + if test $? -eq 0; then +- CFLAGS_OPT='-O3' ++ # CFLAGS_OPT='-O3' + echo " GNU C ($CFLAGS_OPT)" + # Special Mac OS X shared library "ld" option? + if test ` uname -s 2> /dev/null ` = 'Darwin'; then diff --git a/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch b/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch new file mode 100644 index 0000000000000000000000000000000000000000..8b479faedaeedbe83d378306d386a0a88493b282 --- /dev/null +++ b/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch @@ -0,0 +1,21 @@ +From: Kees Cook +Subject: put stack markings in i386 assembly to avoid executable stack +Bug-Debian: http://bugs.debian.org/528280 +X-Debian-version: 3.0-2 + +--- a/crc_i386.S ++++ b/crc_i386.S +@@ -302,3 +302,5 @@ _crc32: /* ulg c + #endif /* i386 || _i386 || _I386 || __i386 */ + + #endif /* !USE_ZLIB && !CRC_TABLE_ONLY */ ++.section .note.GNU-stack, "", @progbits ++.previous +--- a/match.S ++++ b/match.S +@@ -405,3 +405,5 @@ L__return: + #endif /* i386 || _I386 || _i386 || __i386 */ + + #endif /* !USE_ZLIB */ ++.section .note.GNU-stack, "", @progbits ++.previous diff --git a/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch b/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch new file mode 100644 index 0000000000000000000000000000000000000000..402f90a2d5ef3d08a7d71268fe4f5e2484a10664 --- /dev/null +++ b/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch @@ -0,0 +1,16 @@ +From: Christian Spieler +Subject: zipnote.c: Close in_file instead of undefined file x +Bug-Debian: http://bugs.debian.org/628594 +X-Debian-version: 3.0-4 + +--- a/zipnote.c ++++ b/zipnote.c +@@ -661,7 +661,7 @@ char **argv; /* command line + if ((r = zipcopy(z)) != ZE_OK) + ziperr(r, "was copying an entry"); + } +- fclose(x); ++ fclose(in_file); + + /* Write central directory and end of central directory with new comments */ + if ((c = zftello(y)) == (zoff_t)-1) /* get start of central */ diff --git a/tools/zip/patches/008-hardening-build-fix-1.patch b/tools/zip/patches/008-hardening-build-fix-1.patch new file mode 100644 index 0000000000000000000000000000000000000000..a0c3a91eeec064b2305c3873a8a95669c750ea9b --- /dev/null +++ b/tools/zip/patches/008-hardening-build-fix-1.patch @@ -0,0 +1,25 @@ +From: Santiago Vila +Subject: Use format specifier %s to print strings, not the string itself +Bug-Debian: http://bugs.debian.org/673476 +X-Debian-version: 3.0-5 + +--- a/zip.c ++++ b/zip.c +@@ -1028,7 +1028,7 @@ local void help_extended() + + for (i = 0; i < sizeof(text)/sizeof(char *); i++) + { +- printf(text[i]); ++ printf("%s", text[i]); + putchar('\n'); + } + #ifdef DOS +@@ -1225,7 +1225,7 @@ local void version_info() + CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE); + for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++) + { +- printf(cryptnote[i]); ++ printf("%s", cryptnote[i]); + putchar('\n'); + } + ++i; /* crypt support means there IS at least one compilation option */ diff --git a/tools/zip/patches/009-hardening-build-fix-2.patch b/tools/zip/patches/009-hardening-build-fix-2.patch new file mode 100644 index 0000000000000000000000000000000000000000..e295ffbc641879768cc9257641fae85af327a338 --- /dev/null +++ b/tools/zip/patches/009-hardening-build-fix-2.patch @@ -0,0 +1,16 @@ +From: Santiago Vila +Subject: unix/configure: Take linking flags from the environment +Bug-Debian: http://bugs.debian.org/673476 +X-Debian-version: 3.0-5 + +--- a/unix/configure ++++ b/unix/configure +@@ -18,7 +18,7 @@ trap "rm -f conftest* core a.out; exit 1 + + CC=${1-cc} + CFLAGS=${2-"-I. -DUNIX"} +-LFLAGS1='' ++LFLAGS1=${LDFLAGS} + LFLAGS2='' + LN="ln -s" + diff --git a/tools/zip/patches/010-remove-build-date.patch b/tools/zip/patches/010-remove-build-date.patch new file mode 100644 index 0000000000000000000000000000000000000000..5fc385228a8f6bff01416748bb6c392f2e986322 --- /dev/null +++ b/tools/zip/patches/010-remove-build-date.patch @@ -0,0 +1,15 @@ +From: Santiago Vila +Subject: Remove (optional) build date to make the build reproducible +Bug-Debian: http://bugs.debian.org/779042 + +--- a/unix/unix.c ++++ b/unix/unix.c +@@ -1020,7 +1020,7 @@ void version_local() + + + /* Define the compile date string */ +-#ifdef __DATE__ ++#if 0 + # define COMPILE_DATE " on " __DATE__ + #else + # define COMPILE_DATE "" diff --git a/tools/zip/patches/011-add-option-for-reproducible-archives.patch b/tools/zip/patches/011-add-option-for-reproducible-archives.patch new file mode 100644 index 0000000000000000000000000000000000000000..45b9d67e159327798535db55cd264ab9eeec6c38 --- /dev/null +++ b/tools/zip/patches/011-add-option-for-reproducible-archives.patch @@ -0,0 +1,145 @@ +From 6d659fc87451c02c8777dc33f750b16834e4c715 Mon Sep 17 00:00:00 2001 +From: Mathias Kresin +Date: Sat, 12 Jan 2019 19:33:33 +0100 +Subject: [PATCH] add option for reproducible archives + +Add the option -mt/--mtime to pass a timestamp which is used as filedate +for the containing files. + +So far, it isn't used for anything written to the extra fields, +therefore requires the -X (eXclude eXtra file attributes) parameter to +be effective. + +Signed-off-by: Mathias Kresin +--- + globals.c | 1 + + util.c | 22 ++++++++++++++++++++++ + zip.c | 6 ++++++ + zip.h | 1 + + zipup.c | 4 +++- + 5 files changed, 33 insertions(+), 1 deletion(-) + +--- a/globals.c ++++ b/globals.c +@@ -205,6 +205,7 @@ uzoff_t bytes_this_split = 0; /* byt + int read_split_archive = 0; /* 1=scanzipf_reg detected spanning signature */ + int split_method = 0; /* 0=no splits, 1=seekable, 2=data desc, -1=no */ + uzoff_t split_size = 0; /* how big each split should be */ ++time_t timestamp = -1; /* fixed timestamp for archive content filedate */ + int split_bell = 0; /* when pause for next split ring bell */ + uzoff_t bytes_prev_splits = 0; /* total bytes written to all splits before this */ + uzoff_t bytes_this_entry = 0; /* bytes written for this entry across all splits */ +--- a/util.c ++++ b/util.c +@@ -1217,6 +1217,7 @@ int DisplayNumString(file, i) + return 0; + } + ++ + /* Read numbers with trailing size multiplier (like 10M) and return number. + 10/30/04 EG */ + +@@ -1279,6 +1280,29 @@ uzoff_t ReadNumString( numstring ) + } + + ++uzoff_t ReadNumStringUL( numstring ) ++ char *numstring; ++{ ++ zoff_t num = 0; ++ ++ /* check if valid number (currently no negatives) */ ++ if (numstring == NULL) { ++ zipwarn("Unable to read empty number in ReadNumString", ""); ++ return (uzoff_t)-1; ++ } ++ if (numstring[0] < '0' || numstring[0] > '9') { ++ zipwarn("Unable to read number (must start with digit): ", numstring); ++ return (uzoff_t)-1; ++ } ++ if (strlen(numstring) > 10) { ++ zipwarn("Number too long to read (10 characters max): ", numstring); ++ return (uzoff_t)-1; ++ } ++ ++ return (uzoff_t)atoll(numstring); ++} ++ ++ + /* Write the number as a string with a multiplier (like 10M) to outstring. + Always writes no more than 3 digits followed maybe by a multiplier and + returns the characters written or -1 if error. +--- a/zip.c ++++ b/zip.c +@@ -1942,6 +1942,7 @@ int set_filetype(out_path) + #ifdef UNICODE_TEST + #define o_sC 0x146 + #endif ++#define o_mt 0x255 + + + /* the below is mainly from the old main command line +@@ -2036,6 +2037,7 @@ struct option_struct far options[] = { + {"m", "move", o_NO_VALUE, o_NOT_NEGATABLE, 'm', "add files to archive then delete files"}, + {"mm", "", o_NO_VALUE, o_NOT_NEGATABLE, o_mm, "not used"}, + {"MM", "must-match", o_NO_VALUE, o_NOT_NEGATABLE, o_MM, "error if in file not matched/not readable"}, ++ {"mt", "mtime", o_REQUIRED_VALUE, o_NOT_NEGATABLE, o_mt, "use fixed timestamp for archive content filedate"}, + {"n", "suffixes", o_REQUIRED_VALUE, o_NOT_NEGATABLE, 'n', "suffixes to not compress: .gz:.zip"}, + {"nw", "no-wild", o_NO_VALUE, o_NOT_NEGATABLE, o_nw, "no wildcards during add or update"}, + #if defined(AMIGA) || defined(MACOS) +@@ -2440,6 +2442,7 @@ char **argv; /* command line + split_method = 0; /* 0=no splits, 1=update LHs, 2=data descriptors */ + split_size = 0; /* how big each split should be */ + split_bell = 0; /* when pause for next split ring bell */ ++ timestamp = -1; /* fixed timestamp for archive content filedate */ + bytes_prev_splits = 0; /* total bytes written to all splits before this */ + bytes_this_entry = 0; /* bytes written for this entry across all splits */ + noisy_splits = 0; /* be verbose about creating splits */ +@@ -2897,6 +2900,9 @@ char **argv; /* command line + dispose = 1; break; + case o_MM: /* Exit with error if input file can't be read */ + bad_open_is_error = 1; break; ++ case o_mt: /* fixed timestamp for archive content filedate */ ++ timestamp = ReadNumStringUL(value); ++ break; + case 'n': /* Don't compress files with a special suffix */ + special = value; + /* special = NULL; */ /* will be set at next argument */ +--- a/zip.h ++++ b/zip.h +@@ -502,6 +502,7 @@ extern uzoff_t bytes_this_split; /* byte + extern int read_split_archive; /* 1=scanzipf_reg detected spanning signature */ + extern int split_method; /* 0=no splits, 1=seekable, 2=data descs, -1=no */ + extern uzoff_t split_size; /* how big each split should be */ ++extern time_t timestamp; /* fixed timestamp for archive content filedate */ + extern int split_bell; /* when pause for next split ring bell */ + extern uzoff_t bytes_prev_splits; /* total bytes written to all splits before this */ + extern uzoff_t bytes_this_entry; /* bytes written for this entry across all splits */ +@@ -789,6 +790,7 @@ char *zip_fzofft OF((zoff_t, char + int DisplayNumString OF ((FILE *file, uzoff_t i)); + int WriteNumString OF((uzoff_t num, char *outstring)); + uzoff_t ReadNumString OF((char *numstring)); ++uzoff_t ReadNumStringUL OF((char *numstring)); + + /* returns true if abbrev is abbreviation for string */ + int abbrevmatch OF((char *, char *, int, int)); +--- a/zipup.c ++++ b/zipup.c +@@ -415,7 +415,6 @@ struct zlist far *z; /* zip entry to + char *tempextra = NULL; + char *tempcextra = NULL; + +- + #ifdef WINDLL + # ifdef ZIP64_SUPPORT + extern _int64 filesize64; +@@ -441,6 +440,9 @@ struct zlist far *z; /* zip entry to + if (tim == 0 || q == (zoff_t) -3) + return ZE_OPEN; + ++ if (timestamp > 0) ++ tim = unix2dostime(×tamp); ++ + /* q is set to -1 if the input file is a device, -2 for a volume label */ + if (q == (zoff_t) -2) { + isdir = 1;