Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to override build date with SOURCE_DATE_EPOCH #2643

Merged
merged 1 commit into from Jul 22, 2019
Merged

Allow to override build date with SOURCE_DATE_EPOCH #2643

merged 1 commit into from Jul 22, 2019

Conversation

bmwiedemann
Copy link
Contributor

- What I did
Make cri-o build reproducibly by default.

- How I did it
Default BUILD_INFO to SOURCE_DATE_EPOCH, if available.

- How to verify it

  1. export SOURCE_DATE_EPOCH=123456
  2. Do 2 clean builds within taskset 1 (needed because of some go parallelism bug) and compare /usr/bin/crio - should have identical content between builds.

- Description for the changelog
Allow to override build date with SOURCE_DATE_EPOCH

in order to make builds reproducible.
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

While it is already possible to do reproducible builds without
this patch, this patch makes it the default,
so that distributions do not have to discover the BUILD_INFO variable.

Without this patch, /usr/bin/crio differs in ELF section .note.go.buildid

Signed-off-by: Bernhard M. Wiedemann bwiedemann@suse.de

@openshift-ci-robot openshift-ci-robot added dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Jul 21, 2019
@openshift-ci-robot openshift-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 21, 2019
@openshift-ci-robot
Copy link

Hi @bmwiedemann. Thanks for your PR.

I'm waiting for a cri-o or openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

1 similar comment
@openshift-ci-robot
Copy link

Hi @bmwiedemann. Thanks for your PR.

I'm waiting for a cri-o or openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 21, 2019
@bmwiedemann
Copy link
Contributor Author

/assign @rhatdan

@codecov
Copy link

codecov bot commented Jul 21, 2019

Codecov Report

Merging #2643 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #2643   +/-   ##
=======================================
  Coverage   53.11%   53.11%           
=======================================
  Files          82       82           
  Lines        6979     6979           
=======================================
  Hits         3707     3707           
  Misses       2911     2911           
  Partials      361      361

@haircommander
Copy link
Member

/ok-to-test
Change LGTM, though i'd almost prefer to replace the BUILD_INFO variable with SOURCE_DATE_EPOCH and set it with
SOURCE_DATE_EPOCH ?= $(shell date +%s)

@openshift-ci-robot openshift-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jul 22, 2019
@saschagrunert
Copy link
Member

Hey @bmwiedemann 👋, thanks for the improvement. I agree with @haircommander and I think we can replace the $(BUILD_INFO) variable entirely.

@bmwiedemann
Allow to override build date with SOURCE_DATE_EPOCH
7996e83 
in order to make builds reproducible.
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

This renames BUILD_INFO to the standard name
so that distributions do not have to discover the BUILD_INFO variable.

Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
@saschagrunert
Copy link
Member

/test integration_rhel

saschagrunert
saschagrunert approved these changes Jul 22, 2019
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bmwiedemann, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bmwiedemann, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 22, 2019
@rhatdan
Copy link
Contributor

rhatdan commented Jul 22, 2019

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 22, 2019
@saschagrunert
Copy link
Member

/test integration_rhel

@saschagrunert
Copy link
Member

/test integration_rhel

@bmwiedemann
Copy link
Contributor Author

bmwiedemann commented Jul 22, 2019
edited

hmm, does the integration test rely on BUILD_INFO somehow?

@saschagrunert
Copy link
Member

hmm, does the integration test rely on BUILD_INFO somehow?

No, we have some flakes in the integration tests which we will tackle in the future 😇

@openshift-merge-robot openshift-merge-robot merged commit 7f8fa7f into cri-o:master Jul 22, 2019
@bmwiedemann bmwiedemann deleted the date branch July 22, 2019 11:51
bmwiedemann added a commit to bmwiedemann/buildah that referenced this pull request Aug 20, 2019
@bmwiedemann
Allow to override build date with SOURCE_DATE_EPOCH
f8ec5cd 
in order to make builds reproducible.
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

This renames BUILD_INFO to the standard name
so that distributions do not have to discover the BUILD_INFO variable,
similar to cri-o/cri-o#2643

Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
@bmwiedemann bmwiedemann mentioned this pull request Aug 20, 2019
Closed
rh-atomic-bot pushed a commit to containers/buildah that referenced this pull request Aug 20, 2019
@bmwiedemann @rh-atomic-bot
Allow to override build date with SOURCE_DATE_EPOCH
fa68ed6 
in order to make builds reproducible.
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

This renames BUILD_INFO to the standard name
so that distributions do not have to discover the BUILD_INFO variable,
similar to cri-o/cri-o#2643

Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>

Closes: #1805
Approved by: rhatdan
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@mrunalp mrunalp

@runcom runcom

@rhatdan rhatdan

@vrothberg vrothberg

@giuseppe giuseppe

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@bmwiedemann @openshift-ci-robot @haircommander @saschagrunert @rhatdan @openshift-merge-robot