Fix the lib not overwritten issue in docker build #33

Fix the lib not overwritten issue in docker build, to fix the wrong libcrypto.so.1.1 in docker images. The timestamp in the changelog will be used if SOURCE_DATE_EPOCH not specified, we have some patches, but not change the timestamp, so need to increase it. See https://reproducible-builds.org/specs/source-date-epoch/ When the timestamp and the file size are the same, the old files will not be overwritten, even use "dpkg -i --force-all" in docker build. But if we install it manually, not by docker build, then it works fine. The PR only changes the timestamp of the libs. Before change: # ls /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 -rw-r--r-- 1 root root 3076992 Jun 24 20:22 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 After change: # ls -l /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 -rw-r--r-- 1 root root 3076992 Jun 25 20:22 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
sonic-net · Sep 10, 2022 · 1125046 · 1125046
2 parents ac25437 + 3a0539a
commit 1125046
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -50,7 +50,7 @@ $(addprefix $(TARGET_PATH)/, $(MAIN_TARGETS)) : $(TARGET_PATH)/% : $$(addprefix
 	# Merge the debian patches if not applied
 	if [ -f $($*_SRC_PATH).patch/debian.patch/series ]; then
 	  LAST_PATCH=$$(tail -n1  $($*_SRC_PATH).patch/debian.patch/series)
-	  if ! grep -q $$LAST_PATCH $($*_SRC_PATH)/debian/patches/series 2>/null; then
+	  if ! grep -q $$LAST_PATCH $($*_SRC_PATH)/debian/patches/series 2>/dev/null; then
 	    echo "Applying patches for $($*_SRC_PATH)/debian/patches/"
 	    cat $($*_SRC_PATH).patch/debian.patch/series >> $($*_SRC_PATH)/debian/patches/series
 	    cp $($*_SRC_PATH).patch/debian.patch/*.patch $($*_SRC_PATH)/debian/patches/
@@ -66,6 +66,8 @@ $(addprefix $(TARGET_PATH)/, $(MAIN_TARGETS)) : $(TARGET_PATH)/% : $$(addprefix
 	  fi
 	  # Fix Misc/NEWS not found issue for python
 	  if [[ "$*" == python3* ]]; then touch Misc/NEWS; fi
+	  # Fix package overwrite issue, increase the timestamp
+	  export SOURCE_DATE_EPOCH="$$(($$(dpkg-parsechangelog -STimestamp) + 86400))"
 	  $($*_BUILD_OPTIONS) dpkg-buildpackage -b -d -rfakeroot -us -uc | tee $(DEST)/$*.log
 	  popd
 	  mkdir -p $(DEST)

diff --git a/rules/symcrypt-openssl.mk b/rules/symcrypt-openssl.mk
@@ -1,6 +1,6 @@
 # SYMCRYPT_OPENSSL
 
-SYMCRYPT_OPENSSL_VERSION = 0.2
+SYMCRYPT_OPENSSL_VERSION = 0.3
 SYMCRYPT_OPENSSL = symcrypt-openssl_$(SYMCRYPT_OPENSSL_VERSION)_$(ARCH).deb
 $(SYMCRYPT_OPENSSL)_SRC_PATH = $(SRC_PATH)/SymCrypt-OpenSSL-Debian
 $(SYMCRYPT_OPENSSL)_MAKEFILE = Makefile