diff options
| author | Helmut Grohne <helmut@subdivi.de> | 2025-06-12 22:11:41 +0200 |
|---|---|---|
| committer | Helmut Grohne <helmut@subdivi.de> | 2025-06-12 22:11:41 +0200 |
| commit | f45b16d7b994208f488829818575d397cf1e6492 (patch) | |
| tree | d9351be925ea027a75e122eece5a28354bffc237 /bin | |
| parent | e9f574a55c0cfd8cd1201a38080025e54f26fbac (diff) | |
| download | debvm-f45b16d7b994208f488829818575d397cf1e6492.tar.gz | |
debefivm-create: clean up unreproducible files
These files are normally deleted by mmdebstrap. However, debefivm-create
invokes mkfs.ext4 itself and thereby implicitly skips all cleanup
actions normally done by mmdebstrap. This happens to include the
truncation of /etc/machine-id and that results in non-reproducibility as
well as reused images sharing a machine-id even though they should never
do that.
Reported-by: Stefano Rivera <stefanor@debian.org>
Closes: #1107719
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/debefivm-create | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/bin/debefivm-create b/bin/debefivm-create index 1c03be5..f6368df 100755 --- a/bin/debefivm-create +++ b/bin/debefivm-create @@ -415,6 +415,8 @@ set -- "$@" \ "--customize-hook=download vmlinuz '$WORKDIR/kernel'" \ "--customize-hook=download initrd.img '$WORKDIR/initrd'" \ "--customize-hook=download '/usr/lib/systemd/boot/efi/linux$EFIARCH.efi.stub' '$WORKDIR/stub'" \ + '--customize-hook=rm -f "$1/etc/apt/apt.conf.d/00mmdebstrap" "$1/etc/apt/apt.conf.d/99debconf" "$1/var/cache/ldconfig/aux-cache" "$1/var/lib/dbus/machine-id" "$1/var/log/alternatives.log" "$1/var/log/apt/eipp.log.xz" "$1/var/log/apt/history.log" "$1/var/log/apt/term.log" "$1/var/log/dpkg.log"' \ + '--customize-hook=truncate -s 0 "$1/etc/machine-id"' \ '--customize-hook=mount --bind "$1" "$1/mnt"' \ '--customize-hook=mount -t tmpfs tmpfs "$1/mnt/dev" -o mode=0755' \ '--customize-hook=rm -f "$1/usr/sbin/policy-rc.d"' \ |