svn commit: r344784 - in head/lib/libsecureboot: . tests

Simon J. Gerraty sjg at FreeBSD.org
Mon Mar 4 22:04:22 UTC 2019 

Author: sjg
Date: Mon Mar  4 22:04:21 2019
New Revision: 344784
URL: https://svnweb.freebsd.org/changeset/base/344784

Log:
  Allow for reproducible build
  
  Use SOURCE_DATE_EPOCH for BUILD_UTC if MK_REPRODUCIBLE_BUILD is yes.
  Default SOURCE_DATE_EPOCH to 2019-01-01
  
  Reviewed by:	emaste
  Sponsored by:	Juniper Networks
  Differential Revision:	https://reviews.freebsd.org/D19464

Modified:
  head/lib/libsecureboot/Makefile.inc
  head/lib/libsecureboot/tests/Makefile

Modified: head/lib/libsecureboot/Makefile.inc
==============================================================================
--- head/lib/libsecureboot/Makefile.inc	Mon Mar  4 22:03:09 2019	(r344783)
+++ head/lib/libsecureboot/Makefile.inc	Mon Mar  4 22:04:21 2019	(r344784)
@@ -92,6 +92,19 @@ VE_HASH_KAT_STR?= vc_PEM
 XCFLAGS.vets+= -DVE_HASH_KAT_STR=${VE_HASH_KAT_STR}
 .endif
 
+# this should be updated occassionally this is 2019-01-01Z
+SOURCE_DATE_EPOCH?= 1546329600
+.if ${MK_REPRODUCIBLE_BUILD} == "yes"
+BUILD_UTC?= ${SOURCE_DATE_EPOCH}
+.endif
+# BUILD_UTC provides a basis for the loader's notion of time
+# By default we use the mtime of BUILD_UTC_FILE
+.if empty(BUILD_UTC_FILE)
+BUILD_UTC_FILE:= ${.PARSEDIR:tA}/${.PARSEFILE}
+.endif
+# you can of course set BUILD_UTC to any value you like
+BUILD_UTC?= ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh}
+
 # Generate ta.h containing one or more PEM encoded trust anchors in ta_PEM.
 #
 # If we are doing self-tests, we define another arrary vc_PEM
@@ -110,9 +123,7 @@ ta.h: ${.ALLTARGETS:M[tv]*pem:O:u}
 	( cat ${.ALLSRC:N*crl*:Mv*.pem} /dev/null | \
 	file2c -sx 'static const char vc_PEM[] = {' '};'; echo ) >> ${.TARGET}
 .endif
-.if !empty(BUILD_UTC_FILE)
-	echo '#define BUILD_UTC ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP}
-.endif
+	echo '#define BUILD_UTC ${BUILD_UTC}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP}
 
 # This header records our preference for signature extensions.
 vesigned.o vesigned.po vesigned.pico: vse.h

Modified: head/lib/libsecureboot/tests/Makefile
==============================================================================
--- head/lib/libsecureboot/tests/Makefile	Mon Mar  4 22:03:09 2019	(r344783)
+++ head/lib/libsecureboot/tests/Makefile	Mon Mar  4 22:04:21 2019	(r344784)
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+.include <src.opts.mk>
+
 PROG= tvo
 
 SRCS+= tvo.c

More information about the svn-src-head mailing list