embed SOURCE_DATE_EPOCH for psl_compiled_time() to make build reproducible.
This commit is contained in:
parent
116407f80e
commit
e6b522834b
|
@ -2,6 +2,8 @@ libpsl (0.7.1-1) unstable; urgency=medium
|
|||
|
||||
* New upstream release.
|
||||
* switch from autotools-dev to dh_autoreconf
|
||||
* embed SOURCE_DATE_EPOCH for psl_compiled_time() to make build
|
||||
reproducible.
|
||||
|
||||
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 09 Jul 2015 10:06:59 -0400
|
||||
|
||||
|
|
50
debian/patches/0002-Embed-_psl_compile_time-derived-from-SOURCE_DATE_EPO.patch
vendored
Normal file
50
debian/patches/0002-Embed-_psl_compile_time-derived-from-SOURCE_DATE_EPO.patch
vendored
Normal file
|
@ -0,0 +1,50 @@
|
|||
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
||||
Date: Sun, 12 Jul 2015 15:50:47 -0400
|
||||
Subject: Embed _psl_compile_time derived from $SOURCE_DATE_EPOCH if set
|
||||
|
||||
Making packages build byte-for-byte reproducibly from a given
|
||||
toolchain+source makes it much easier to corroborate builds by testing
|
||||
against other build infrastructure.
|
||||
|
||||
By default, libpsl currently embeds the current unix timestamp in
|
||||
_psl_compile_time, which makes it bytewise incompatible if it is
|
||||
rebuild even on the same machine one second later.
|
||||
|
||||
Dropping _psl_compile_time and psl_builtin_compile_time() would fix
|
||||
this, but would cause an API/ABI change for the library. The next
|
||||
time libpsl goes through an API/ABI change anyway, this might be worth
|
||||
consideration, but maybe such a simple change doesn't warrant an
|
||||
SONAME bump, so this changeset proposes to embed the environment
|
||||
variable $SOURCE_DATE_EPOCH if it is set during build, falling back to
|
||||
the current behavior if $SOURCE_DATE_EPOCH is unset.
|
||||
|
||||
See https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal for
|
||||
more information about $SOURCE_DATE_EPOCH.
|
||||
---
|
||||
src/psl2c.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/psl2c.c b/src/psl2c.c
|
||||
index e634a97..1fc5877 100644
|
||||
--- a/src/psl2c.c
|
||||
+++ b/src/psl2c.c
|
||||
@@ -157,6 +157,7 @@ int main(int argc, const char **argv)
|
||||
struct stat st;
|
||||
size_t cmdsize = 16 + strlen(argv[1]);
|
||||
char *cmd = alloca(cmdsize), checksum[64] = "";
|
||||
+ char *source_date_epoch = NULL;
|
||||
|
||||
#if 0
|
||||
/* include library code did not generate punycode, so let's do it for the builtin data */
|
||||
@@ -177,7 +178,10 @@ int main(int argc, const char **argv)
|
||||
if (stat(argv[1], &st) != 0)
|
||||
st.st_mtime = 0;
|
||||
fprintf(fpout, "static time_t _psl_file_time = %lu;\n", st.st_mtime);
|
||||
- fprintf(fpout, "static time_t _psl_compile_time = %lu;\n", time(NULL));
|
||||
+ if (source_date_epoch = getenv("SOURCE_DATE_EPOCH"))
|
||||
+ fprintf(fpout, "static time_t _psl_compile_time = %lu;\n", atol(source_date_epoch));
|
||||
+ else
|
||||
+ fprintf(fpout, "static time_t _psl_compile_time = %lu;\n", time(NULL));
|
||||
fprintf(fpout, "static const char _psl_sha1_checksum[] = \"%s\";\n", checksum);
|
||||
fprintf(fpout, "static const char _psl_filename[] = \"%s\";\n", argv[1]);
|
||||
|
|
@ -1 +1,2 @@
|
|||
0001-enable-build-of-docs.patch
|
||||
0002-Embed-_psl_compile_time-derived-from-SOURCE_DATE_EPO.patch
|
||||
|
|
Loading…
Reference in New Issue