[ipxe-devel] [PATCH] reproducible timestamp

Geert Stappers stappers at stappers.nl
Thu May 14 19:11:55 UTC 2020 

On Mon, May 11, 2020 at 02:02:56PM +0000, Neil Roza wrote:
> Hello ipxe-devel,
> 
> While I work on a reproducible build-id, there's no reason this patch for a
> reproducible timestamp needs to wait for it. Hence, the attached (and below
> inlined) patch diff allows a reproducible `BUILD_TIMESTAMP` when the
> following criteria are satisfied:
> 
> * `git` command is available
> * the ipxe source tree is a git checkout
> * the git checkout is "clean" (no diff between working tree and index)
> 
> If the aforementioned are satisfied, then the `BUILD_TIMESTAMP` is assigned
> the Unix timestamp of the HEAD commit. Otherwise, the `BUILD_TIMESTAMP` is
> assigned the Unix timestamp of "now"; i.e., heretofore legacy behavior.
> 
> Inline diff follows...
 
Please also include a commit message.
Advice: Use `git format-patch  ....`


> diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping
> index 1dd14794..126a082a 100644
> --- a/src/Makefile.housekeeping
> +++ b/src/Makefile.housekeeping
> @@ -1168,9 +1168,14 @@ blib : $(BLIB)
>  #
>  BUILD_ID_CMD := perl -e 'printf "0x%08x", int ( rand ( 0xffffffff ) );'
> 
> +# assumes first element in MAKEFILE_LIST is src/Makefile:
> +IPXE_DIR := $(abspath $(dir $(abspath $(firstword $(MAKEFILE_LIST))))/..)
> +
>  # Build timestamp
>  #
> -BUILD_TIMESTAMP := $(shell date +%s)
> +BUILD_TIMESTAMP := $(shell git -C $(IPXE_DIR) diff-files --quiet \
> +  && git -C $(IPXE_DIR) show -s --format=%ct HEAD \
> +  || date +%s)
> 
>  # Build version
>  #

Recently wrote mcb30
|This seems like a reasonable approach, but would need to fail gracefully 
|when built from something that isn't a git checkout.  See the way that 
|VERSIONS is handled for an example.

I found

  src/Makefile:VERSIONS := $(shell git describe --tags --always --long --abbrev=1 --match "v*")


I did

  cd /tmp
  git describe --tags --always --long --abbrev=1 --match "v*"


I got

  fatal: not a git repository (or any parent up to mount point /)
  Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).


I think I haven't found what would fail gracefully
when built from a non-git-checkout.

Which way to go to get reproducable buildtimestamps in iPXE?


Regards
Geert Stappers
-- 
Silence is hard to parse

More information about the ipxe-devel mailing list