From owner-svn-src-all@freebsd.org Mon Mar 4 22:04:22 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6E1BF1524AC9; Mon, 4 Mar 2019 22:04:22 +0000 (UTC) (envelope-from sjg@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0DE718ADCC; Mon, 4 Mar 2019 22:04:22 +0000 (UTC) (envelope-from sjg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F3443A432; Mon, 4 Mar 2019 22:04:21 +0000 (UTC) (envelope-from sjg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x24M4L1W000174; Mon, 4 Mar 2019 22:04:21 GMT (envelope-from sjg@FreeBSD.org) Received: (from sjg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x24M4LbZ000172; Mon, 4 Mar 2019 22:04:21 GMT (envelope-from sjg@FreeBSD.org) Message-Id: <201903042204.x24M4LbZ000172@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: sjg set sender to sjg@FreeBSD.org using -f From: "Simon J. Gerraty" Date: Mon, 4 Mar 2019 22:04:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r344784 - in head/lib/libsecureboot: . tests X-SVN-Group: head X-SVN-Commit-Author: sjg X-SVN-Commit-Paths: in head/lib/libsecureboot: . tests X-SVN-Commit-Revision: 344784 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 0DE718ADCC X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.972,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Mar 2019 22:04:22 -0000 Author: sjg Date: Mon Mar 4 22:04:21 2019 New Revision: 344784 URL: https://svnweb.freebsd.org/changeset/base/344784 Log: Allow for reproducible build Use SOURCE_DATE_EPOCH for BUILD_UTC if MK_REPRODUCIBLE_BUILD is yes. Default SOURCE_DATE_EPOCH to 2019-01-01 Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D19464 Modified: head/lib/libsecureboot/Makefile.inc head/lib/libsecureboot/tests/Makefile Modified: head/lib/libsecureboot/Makefile.inc ============================================================================== --- head/lib/libsecureboot/Makefile.inc Mon Mar 4 22:03:09 2019 (r344783) +++ head/lib/libsecureboot/Makefile.inc Mon Mar 4 22:04:21 2019 (r344784) @@ -92,6 +92,19 @@ VE_HASH_KAT_STR?= vc_PEM XCFLAGS.vets+= -DVE_HASH_KAT_STR=${VE_HASH_KAT_STR} .endif +# this should be updated occassionally this is 2019-01-01Z +SOURCE_DATE_EPOCH?= 1546329600 +.if ${MK_REPRODUCIBLE_BUILD} == "yes" +BUILD_UTC?= ${SOURCE_DATE_EPOCH} +.endif +# BUILD_UTC provides a basis for the loader's notion of time +# By default we use the mtime of BUILD_UTC_FILE +.if empty(BUILD_UTC_FILE) +BUILD_UTC_FILE:= ${.PARSEDIR:tA}/${.PARSEFILE} +.endif +# you can of course set BUILD_UTC to any value you like +BUILD_UTC?= ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh} + # Generate ta.h containing one or more PEM encoded trust anchors in ta_PEM. # # If we are doing self-tests, we define another arrary vc_PEM @@ -110,9 +123,7 @@ ta.h: ${.ALLTARGETS:M[tv]*pem:O:u} ( cat ${.ALLSRC:N*crl*:Mv*.pem} /dev/null | \ file2c -sx 'static const char vc_PEM[] = {' '};'; echo ) >> ${.TARGET} .endif -.if !empty(BUILD_UTC_FILE) - echo '#define BUILD_UTC ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} -.endif + echo '#define BUILD_UTC ${BUILD_UTC}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} # This header records our preference for signature extensions. vesigned.o vesigned.po vesigned.pico: vse.h Modified: head/lib/libsecureboot/tests/Makefile ============================================================================== --- head/lib/libsecureboot/tests/Makefile Mon Mar 4 22:03:09 2019 (r344783) +++ head/lib/libsecureboot/tests/Makefile Mon Mar 4 22:04:21 2019 (r344784) @@ -1,5 +1,7 @@ # $FreeBSD$ +.include + PROG= tvo SRCS+= tvo.c