Ensure reproducible builds - support for SOURCE_DATE_EPOCH with docke…

…rized builds - Pass in SOURCE_DATE_EPOCH when we run the docker container - Looks like cleaning up symbol table also helps - Also trimming the path Tips from - https://blog.filippo.io/reproducing-go-binaries-byte-by-byte/ - https://blog.filippo.io/shrink-your-go-binaries-with-this-one-weird-trick/ Change-Id: Iedba85d9c1a36790fb8814795f7c27c1371cff1b
kubernetes · Sep 26, 2018 · d9cfd77 · d9cfd77
1 parent 8c1fe2e
commit d9cfd77
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/build/common.sh b/build/common.sh
@@ -600,6 +600,7 @@ function kube::build::run_build_command_ex() {
     --env "GOFLAGS=${GOFLAGS:-}"
     --env "GOLDFLAGS=${GOLDFLAGS:-}"
     --env "GOGCFLAGS=${GOGCFLAGS:-}"
+    --env "SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-}"
   )
 
   if [[ -n "${DOCKER_CGROUP_PARENT:-}" ]]; then

diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
@@ -557,6 +557,7 @@ kube::golang::build_some_binaries() {
      fi
    else
     V=2 kube::log::info "Coverage is disabled."
+    kube::log::status "go install" "${build_args[@]}" "$@"
     go install "${build_args[@]}" "$@"
    fi
 }
@@ -586,6 +587,7 @@ kube::golang::build_binaries_for_platform() {
       -installsuffix static
       ${goflags:+"${goflags[@]}"}
       -gcflags "${gogcflags:-}"
+      -asmflags "${goasmflags:-}"
       -ldflags "${goldflags:-}"
     )
     CGO_ENABLED=0 kube::golang::build_some_binaries "${statics[@]}"
@@ -595,6 +597,7 @@ kube::golang::build_binaries_for_platform() {
     build_args=(
       ${goflags:+"${goflags[@]}"}
       -gcflags "${gogcflags:-}"
+      -asmflags "${goasmflags:-}"
       -ldflags "${goldflags:-}"
     )
     kube::golang::build_some_binaries "${nonstatics[@]}"
@@ -608,6 +611,7 @@ kube::golang::build_binaries_for_platform() {
     go test -c \
       ${goflags:+"${goflags[@]}"} \
       -gcflags "${gogcflags:-}" \
+      -asmflags "${goasmflags:-}" \
       -ldflags "${goldflags:-}" \
       -o "${outfile}" \
       "${testpkg}"
@@ -661,10 +665,11 @@ kube::golang::build_binaries() {
     host_platform=$(kube::golang::host_platform)
 
     # Use eval to preserve embedded quoted strings.
-    local goflags goldflags gogcflags
+    local goflags goldflags goasmflags gogcflags
     eval "goflags=(${GOFLAGS:-})"
-    goldflags="${GOLDFLAGS:-} $(kube::version::ldflags)"
-    gogcflags="${GOGCFLAGS:-}"
+    goldflags="${GOLDFLAGS:-} -s -w $(kube::version::ldflags)"
+    goasmflags="-trimpath=${KUBE_ROOT}"
+    gogcflags="${GOGCFLAGS:-} -trimpath=${KUBE_ROOT}"
 
     local -a targets=()
     local arg