Re: [PATCH] systemd: ensure reproducible builds by clearly exposing the time epoch support

From: <Mikko.Rapeli@bmw.de>
To: <ross.burton@intel.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH] systemd: ensure reproducible builds by clearly exposing the time epoch support
Date: Fri, 6 Sep 2019 08:02:44 +0000	[thread overview]
Message-ID: <20190906080244.GQ3040@hiutale> (raw)
In-Reply-To: <20190905230706.31765-1-ross.burton@intel.com>

On Fri, Sep 06, 2019 at 12:07:06AM +0100, Ross Burton wrote:
> systemd has the ability to check the time on boot and if it's earlier than an
> epoch determined at build time, set the time to that epoch.  This is useful for
> systems where the system time is January 1st 1970 (because the unix timestamp
> was 0 at boot) as then at least the time is reset to something approximating the
> right year at least.
> 
> By default systemd uses the mtime of the NEWS file, which is static for tarballs
> and corresponds to the time the release was made, but for git checkouts this is
> simply the time do_unpack() was executed.  Thus, rebuilding systemd will cause
> this embedded timestamp to change.
> 
> Remove the PACKAGECONFIG time-epoch which has the logic reversed: enabling
> time-epoch will set the epoch to the unix timestamp 0).  Replace with
> set-time-epoch with the following semantics:
> 
> - When disabled, the time epoch is set to 0 (1st January 1970), so there is no
>   time manipulation on boot.
> 
> - When enabled, if reproducible builds are configured by setting
>   SOURCE_DATE_EPOCH then that timestamp is used for the time epoch.  If
>   reproducible builds are not configured then the timestamp of NEWS (thus the
>   build time) is used.
> 
> The set-time-epoch flag is enabled by default.
> 
> [ YOCTO #13473 ]
> 
> Signed-off-by: Ross Burton <ross.burton@intel.com>
> ---
>  meta/recipes-core/systemd/systemd_242.bb | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-core/systemd/systemd_242.bb b/meta/recipes-core/systemd/systemd_242.bb
> index 6bbe388b1f9..2c101cbbb4a 100644
> --- a/meta/recipes-core/systemd/systemd_242.bb
> +++ b/meta/recipes-core/systemd/systemd_242.bb
> @@ -83,6 +83,7 @@ PACKAGECONFIG ??= " \
>      quotacheck \
>      randomseed \
>      resolved \
> +    set-time-epoch \

Could this be enabled automatically when local.conf has INHERIT += "reproducible_build" ?

-Mikko

>      smack \
>      sysusers \
>      timedated \
> @@ -166,7 +167,12 @@ PACKAGECONFIG[seccomp] = "-Dseccomp=true,-Dseccomp=false,libseccomp"
>  PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux,initscripts-sushell"
>  PACKAGECONFIG[smack] = "-Dsmack=true,-Dsmack=false"
>  PACKAGECONFIG[sysusers] = "-Dsysusers=true,-Dsysusers=false"
> -PACKAGECONFIG[time-epoch] = "-Dtime-epoch=0,,"
> +# When enabled use reproducble build timestamp if set as time epoch,
> +# or build time if not. When disabled, time epoch is unset.
> +def build_epoch(d):
> +    epoch = d.getVar('SOURCE_DATE_EPOCH') or "-1"
> +    return '-Dtime-epoch=%d' % int(epoch)
> +PACKAGECONFIG[set-time-epoch] = "${@build_epoch(d)},-Dtime-epoch=0"
>  PACKAGECONFIG[timedated] = "-Dtimedated=true,-Dtimedated=false"
>  PACKAGECONFIG[timesyncd] = "-Dtimesyncd=true,-Dtimesyncd=false"
>  PACKAGECONFIG[usrmerge] = "-Dsplit-usr=false,-Dsplit-usr=true"
> -- 
> 2.20.1
> 
> -- 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core