From 20ff31ea3c59e9f7663863e936b11b6a6553997a Mon Sep 17 00:00:00 2001 From: CJB <1406278+TripleDogDare@users.noreply.github.com> Date: Tue, 16 Aug 2022 19:13:32 -0500 Subject: [PATCH] Change build info date to commit timestamp (#3876) This change fixes binary reproducibility of builds. Injecting a timestamp of the time-of-build produces unique binaries for every build which is undesirable for security and provenance tracking. If timestamps for builds are desired, it is recommended to inject the timestamp of the commit. This gives a timestamp that is consistent for a build based on that commit and allows checking for binary consistenty across build systems. This change updates BuildDate to use the commit timestamp from git. This change also fixes some builds which include the version package but were not injecting BUILD_INFO. Signed-off-by: Calvin Behling Signed-off-by: Calvin Behling --- Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index d7757a4c9ba..7e35edd4d1f 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,7 @@ IMPORT_LOG=.import.log GIT_SHA=$(shell git rev-parse HEAD) GIT_CLOSEST_TAG=$(shell git describe --abbrev=0 --tags) -DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') +DATE=$(shell date -u -d @$(shell git show -s --format=%ct) +'%Y-%m-%dT%H:%M:%SZ') BUILD_INFO_IMPORT_PATH=$(JAEGER_IMPORT_PATH)/pkg/version BUILD_INFO=-ldflags "-X $(BUILD_INFO_IMPORT_PATH).commitSHA=$(GIT_SHA) -X $(BUILD_INFO_IMPORT_PATH).latestVersion=$(GIT_CLOSEST_TAG) -X $(BUILD_INFO_IMPORT_PATH).date=$(DATE)" @@ -170,15 +170,15 @@ build-tracegen: .PHONY: build-anonymizer build-anonymizer: - $(GOBUILD) -o ./cmd/anonymizer/anonymizer-$(GOOS)-$(GOARCH) ./cmd/anonymizer/main.go + $(GOBUILD) -o ./cmd/anonymizer/anonymizer-$(GOOS)-$(GOARCH) $(BUILD_INFO) ./cmd/anonymizer/main.go .PHONY: build-esmapping-generator build-esmapping-generator: - $(GOBUILD) -o ./plugin/storage/es/esmapping-generator-$(GOOS)-$(GOARCH) ./cmd/esmapping-generator/main.go + $(GOBUILD) -o ./plugin/storage/es/esmapping-generator-$(GOOS)-$(GOARCH) $(BUILD_INFO) ./cmd/esmapping-generator/main.go .PHONY: build-esmapping-generator-linux build-esmapping-generator-linux: - GOOS=linux GOARCH=amd64 $(GOBUILD) -o ./plugin/storage/es/esmapping-generator ./cmd/esmapping-generator/main.go + GOOS=linux GOARCH=amd64 $(GOBUILD) -o ./plugin/storage/es/esmapping-generator $(BUILD_INFO) ./cmd/esmapping-generator/main.go .PHONY: build-es-index-cleaner build-es-index-cleaner: