linuxPackages: consistently emit GNU build ID

Other than stated in the comment on the removed code, SHA1 build IDs
do not affect reproducibility. The previous code additionally didn't
actually work for a lot of older kernels, because the regexp accidentally
didn't apply: older kernels use `--build-id` instead of
`--build-id=sha1`.
This commit is contained in:
Joel Höner 2024-06-10 20:29:58 +02:00
parent a8170e593a
commit 818bb3a829

View File

@ -170,12 +170,6 @@ let
# Ensure that depmod gets resolved through PATH
sed -i Makefile -e 's|= /sbin/depmod|= depmod|'
# Don't include a (random) NT_GNU_BUILD_ID, to make the build more deterministic.
# This way kernels can be bit-by-bit reproducible depending on settings
# (e.g. MODULE_SIG and SECURITY_LOCKDOWN_LSM need to be disabled).
# See also https://kernelnewbies.org/BuildId
sed -i Makefile -e 's|--build-id=[^ ]*|--build-id=none|'
# Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist.
[[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh