diff --git a/tests/bounties/busybox-bounty/Makefile b/tests/bounties/busybox-bounty/Makefile index 8fc373d..8d8942b 100644 --- a/tests/bounties/busybox-bounty/Makefile +++ b/tests/bounties/busybox-bounty/Makefile @@ -8,6 +8,8 @@ BOUNTY_RISCV64_TAR=busybox-$(VERSION)-bounty_riscv64.tar.xz HARDEN_CFLAGS=-O1 -ftrivial-auto-var-init=pattern -D_FORTIFY_SOURCE=2 -fPIE -fstack-clash-protection -fstack-protector-strong -ffunction-sections -fdata-sections -Wno-unused-result HARDEN_LDFLAGS=-pie -Wl,-z,now,-z,relro,--gc-sections -s +TAR_FLAGS=--sort=name --mtime=@0 --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime + # Use GitHub Actions cache when available ifdef ACTIONS_RUNTIME_TOKEN ifdef ACTIONS_RUNTIME_URL @@ -25,7 +27,7 @@ riscv64: $(BOUNTY_RISCV64_TAR) download: | $(SOURCE_DIR) $(BOUNTY_TAR): busybox start.sh - tar cfJ $@ $^ + tar $(TAR_FLAGS) -cJf $@ $^ busybox: $(SOURCE_DIR)/busybox cp $< $@ diff --git a/tests/bounties/lua-bounty/Makefile b/tests/bounties/lua-bounty/Makefile index 9898efb..2567367 100644 --- a/tests/bounties/lua-bounty/Makefile +++ b/tests/bounties/lua-bounty/Makefile @@ -8,6 +8,8 @@ BOUNTY_RISCV64_TAR=lua-$(VERSION)-bounty_riscv64.tar.xz HARDEN_CFLAGS=-O1 -ftrivial-auto-var-init=pattern -D_FORTIFY_SOURCE=2 -fexceptions -fPIE -fstack-clash-protection -fstack-protector-strong -ffunction-sections -fdata-sections HARDEN_LDFLAGS=-pie -Wl,-z,now,-z,relro,--gc-sections -s +TAR_FLAGS=--sort=name --mtime=@0 --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime + # Use GitHub Actions cache when available ifdef ACTIONS_RUNTIME_TOKEN ifdef ACTIONS_RUNTIME_URL @@ -25,7 +27,7 @@ riscv64: $(BOUNTY_RISCV64_TAR) download: | $(SOURCE_DIR) $(BOUNTY_TAR): lua start.sh bounty.lua - tar cfJ $@ $^ + tar $(TAR_FLAGS) -cJf $@ $^ $(SOURCE_DIR)/src/lua: | $(SOURCE_DIR) $(MAKE) -C $(SOURCE_DIR)/src MYCFLAGS="$(HARDEN_CFLAGS)" MYLDFLAGS="$(HARDEN_LDFLAGS)" linux diff --git a/tests/bounties/solidity-bounty/Dockerfile b/tests/bounties/solidity-bounty/Dockerfile index e6a5407..598edc0 100644 --- a/tests/bounties/solidity-bounty/Dockerfile +++ b/tests/bounties/solidity-bounty/Dockerfile @@ -59,4 +59,11 @@ RUN make -C solidity_${VERSION}/build solc RUN mv solidity_${VERSION}/build/solc/solc . COPY --chmod=755 start.sh . -RUN tar cfJ /root/solidity-${VERSION}-bounty_riscv64.tar.xz solc start.sh +RUN tar \ + --sort=name \ + --mtime=@0 \ + --owner=0 \ + --group=0 \ + --numeric-owner \ + --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \ + -cJf /root/solidity-${VERSION}-bounty_riscv64.tar.xz solc start.sh diff --git a/tests/bounties/sqlite-bounty/Makefile b/tests/bounties/sqlite-bounty/Makefile index cd86918..12075cf 100644 --- a/tests/bounties/sqlite-bounty/Makefile +++ b/tests/bounties/sqlite-bounty/Makefile @@ -11,6 +11,8 @@ HARDEN_LDFLAGS=-pie -Wl,-z,now,-z,relro,--gc-sections SQLITE_CFLAGS=-DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION SQLITE_LDFLAGS=-lm -s +TAR_FLAGS=--sort=name --mtime=@0 --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime + # Use GitHub Actions cache when available ifdef ACTIONS_RUNTIME_TOKEN ifdef ACTIONS_RUNTIME_URL @@ -28,7 +30,7 @@ riscv64: $(BOUNTY_RISCV64_TAR) download: | $(SOURCE_DIR) $(BOUNTY_TAR): sqlite3 start.sh - tar cfJ $@ $^ + tar $(TAR_FLAGS) -cJf $@ $^ sqlite3: $(SOURCE_DIR)/sqlite3.c $(CC) -o sqlite3 $(HARDEN_CFLAGS) $(SQLITE_CFLAGS) $(SOURCE_DIR)/shell.c $(SOURCE_DIR)/sqlite3.c $(HARDEN_LDFLAGS) $(SQLITE_LDFLAGS)