From e6b522834bc723e7280b5bee5de77c4df3b4fd5b Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 12 Jul 2015 16:03:15 -0400 Subject: [PATCH] embed SOURCE_DATE_EPOCH for psl_compiled_time() to make build reproducible. --- debian/changelog | 2 + ...le_time-derived-from-SOURCE_DATE_EPO.patch | 50 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 53 insertions(+) create mode 100644 debian/patches/0002-Embed-_psl_compile_time-derived-from-SOURCE_DATE_EPO.patch diff --git a/debian/changelog b/debian/changelog index 5b56147..02c52ab 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ libpsl (0.7.1-1) unstable; urgency=medium * New upstream release. * switch from autotools-dev to dh_autoreconf + * embed SOURCE_DATE_EPOCH for psl_compiled_time() to make build + reproducible. -- Daniel Kahn Gillmor Thu, 09 Jul 2015 10:06:59 -0400 diff --git a/debian/patches/0002-Embed-_psl_compile_time-derived-from-SOURCE_DATE_EPO.patch b/debian/patches/0002-Embed-_psl_compile_time-derived-from-SOURCE_DATE_EPO.patch new file mode 100644 index 0000000..fd1200a --- /dev/null +++ b/debian/patches/0002-Embed-_psl_compile_time-derived-from-SOURCE_DATE_EPO.patch @@ -0,0 +1,50 @@ +From: Daniel Kahn Gillmor +Date: Sun, 12 Jul 2015 15:50:47 -0400 +Subject: Embed _psl_compile_time derived from $SOURCE_DATE_EPOCH if set + +Making packages build byte-for-byte reproducibly from a given +toolchain+source makes it much easier to corroborate builds by testing +against other build infrastructure. + +By default, libpsl currently embeds the current unix timestamp in +_psl_compile_time, which makes it bytewise incompatible if it is +rebuild even on the same machine one second later. + +Dropping _psl_compile_time and psl_builtin_compile_time() would fix +this, but would cause an API/ABI change for the library. The next +time libpsl goes through an API/ABI change anyway, this might be worth +consideration, but maybe such a simple change doesn't warrant an +SONAME bump, so this changeset proposes to embed the environment +variable $SOURCE_DATE_EPOCH if it is set during build, falling back to +the current behavior if $SOURCE_DATE_EPOCH is unset. + +See https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal for +more information about $SOURCE_DATE_EPOCH. +--- + src/psl2c.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/psl2c.c b/src/psl2c.c +index e634a97..1fc5877 100644 +--- a/src/psl2c.c ++++ b/src/psl2c.c +@@ -157,6 +157,7 @@ int main(int argc, const char **argv) + struct stat st; + size_t cmdsize = 16 + strlen(argv[1]); + char *cmd = alloca(cmdsize), checksum[64] = ""; ++ char *source_date_epoch = NULL; + + #if 0 + /* include library code did not generate punycode, so let's do it for the builtin data */ +@@ -177,7 +178,10 @@ int main(int argc, const char **argv) + if (stat(argv[1], &st) != 0) + st.st_mtime = 0; + fprintf(fpout, "static time_t _psl_file_time = %lu;\n", st.st_mtime); +- fprintf(fpout, "static time_t _psl_compile_time = %lu;\n", time(NULL)); ++ if (source_date_epoch = getenv("SOURCE_DATE_EPOCH")) ++ fprintf(fpout, "static time_t _psl_compile_time = %lu;\n", atol(source_date_epoch)); ++ else ++ fprintf(fpout, "static time_t _psl_compile_time = %lu;\n", time(NULL)); + fprintf(fpout, "static const char _psl_sha1_checksum[] = \"%s\";\n", checksum); + fprintf(fpout, "static const char _psl_filename[] = \"%s\";\n", argv[1]); + diff --git a/debian/patches/series b/debian/patches/series index 1e2f9db..6043186 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ 0001-enable-build-of-docs.patch +0002-Embed-_psl_compile_time-derived-from-SOURCE_DATE_EPO.patch