From a28c13cac4cf0202e3255ae47d577981f475e8a7 Mon Sep 17 00:00:00 2001 From: Calvin Behling Date: Tue, 16 Aug 2022 16:35:33 -0500 Subject: [PATCH] Change build info date to commit timestamp This change fixes binary reproducibility of builds. Injecting a timestamp of the time-of-build produces unique binaries for every build which is undesirable for security and provenance tracking. If timestamps for builds are desired, it is recommended to inject the timestamp of the commit. This gives a timestamp that is consistent for a build based on that commit and allows checking for binary consistenty across build systems. This change updates BuildDate to use the commit timestamp from git. This change also fixes some builds which include the version package but were not injecting BUILD_INFO. Signed-off-by: Calvin Behling --- Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index d7757a4c9ba..7e35edd4d1f 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,7 @@ IMPORT_LOG=.import.log GIT_SHA=$(shell git rev-parse HEAD) GIT_CLOSEST_TAG=$(shell git describe --abbrev=0 --tags) -DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') +DATE=$(shell date -u -d @$(shell git show -s --format=%ct) +'%Y-%m-%dT%H:%M:%SZ') BUILD_INFO_IMPORT_PATH=$(JAEGER_IMPORT_PATH)/pkg/version BUILD_INFO=-ldflags "-X $(BUILD_INFO_IMPORT_PATH).commitSHA=$(GIT_SHA) -X $(BUILD_INFO_IMPORT_PATH).latestVersion=$(GIT_CLOSEST_TAG) -X $(BUILD_INFO_IMPORT_PATH).date=$(DATE)" @@ -170,15 +170,15 @@ build-tracegen: .PHONY: build-anonymizer build-anonymizer: - $(GOBUILD) -o ./cmd/anonymizer/anonymizer-$(GOOS)-$(GOARCH) ./cmd/anonymizer/main.go + $(GOBUILD) -o ./cmd/anonymizer/anonymizer-$(GOOS)-$(GOARCH) $(BUILD_INFO) ./cmd/anonymizer/main.go .PHONY: build-esmapping-generator build-esmapping-generator: - $(GOBUILD) -o ./plugin/storage/es/esmapping-generator-$(GOOS)-$(GOARCH) ./cmd/esmapping-generator/main.go + $(GOBUILD) -o ./plugin/storage/es/esmapping-generator-$(GOOS)-$(GOARCH) $(BUILD_INFO) ./cmd/esmapping-generator/main.go .PHONY: build-esmapping-generator-linux build-esmapping-generator-linux: - GOOS=linux GOARCH=amd64 $(GOBUILD) -o ./plugin/storage/es/esmapping-generator ./cmd/esmapping-generator/main.go + GOOS=linux GOARCH=amd64 $(GOBUILD) -o ./plugin/storage/es/esmapping-generator $(BUILD_INFO) ./cmd/esmapping-generator/main.go .PHONY: build-es-index-cleaner build-es-index-cleaner: