Skip to content

Commit

Permalink
Change build info date to commit timestamp (#3876)
Browse files Browse the repository at this point in the history 
This change fixes binary reproducibility of builds. Injecting a
timestamp of the time-of-build produces unique binaries for every build
which is undesirable for security and provenance tracking. If timestamps
for builds are desired, it is recommended to inject the timestamp of the
commit. This gives a timestamp that is consistent for a build based on
that commit and allows checking for binary consistenty across build systems.

This change updates BuildDate to use the commit timestamp from git.
This change also fixes some builds which include the version package but
were not injecting BUILD_INFO.

Signed-off-by: Calvin Behling <[email protected]>

Signed-off-by: Calvin Behling <[email protected]>
  • Loading branch information
@TripleDogDare
TripleDogDare authored Aug 17, 2022
1 parent 711a2b8 commit 20ff31e
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ IMPORT_LOG=.import.log

GIT_SHA=$(shell git rev-parse HEAD)
GIT_CLOSEST_TAG=$(shell git describe --abbrev=0 --tags)
DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
DATE=$(shell date -u -d @$(shell git show -s --format=%ct) +'%Y-%m-%dT%H:%M:%SZ')
BUILD_INFO_IMPORT_PATH=$(JAEGER_IMPORT_PATH)/pkg/version
BUILD_INFO=-ldflags "-X $(BUILD_INFO_IMPORT_PATH).commitSHA=$(GIT_SHA) -X $(BUILD_INFO_IMPORT_PATH).latestVersion=$(GIT_CLOSEST_TAG) -X $(BUILD_INFO_IMPORT_PATH).date=$(DATE)"

Expand Down Expand Up @@ -170,15 +170,15 @@ build-tracegen:

.PHONY: build-anonymizer
build-anonymizer:
$(GOBUILD) -o ./cmd/anonymizer/anonymizer-$(GOOS)-$(GOARCH) ./cmd/anonymizer/main.go
$(GOBUILD) -o ./cmd/anonymizer/anonymizer-$(GOOS)-$(GOARCH) $(BUILD_INFO) ./cmd/anonymizer/main.go

.PHONY: build-esmapping-generator
build-esmapping-generator:
$(GOBUILD) -o ./plugin/storage/es/esmapping-generator-$(GOOS)-$(GOARCH) ./cmd/esmapping-generator/main.go
$(GOBUILD) -o ./plugin/storage/es/esmapping-generator-$(GOOS)-$(GOARCH) $(BUILD_INFO) ./cmd/esmapping-generator/main.go

.PHONY: build-esmapping-generator-linux
build-esmapping-generator-linux:
GOOS=linux GOARCH=amd64 $(GOBUILD) -o ./plugin/storage/es/esmapping-generator ./cmd/esmapping-generator/main.go
GOOS=linux GOARCH=amd64 $(GOBUILD) -o ./plugin/storage/es/esmapping-generator $(BUILD_INFO) ./cmd/esmapping-generator/main.go

.PHONY: build-es-index-cleaner
build-es-index-cleaner:
Expand Down

0 comments on commit 20ff31e

Please sign in to comment.