mkbuildinf.pl: improve reproducible builds

[jurobystricky]

If the environment contains SOURCE_DATE_EPOCH, generate output such as:

#define DATE "built on: reproducible build, date unspecified"

instead of the usual, such as:

#define DATE "built on: Tue Oct 24 17:20:35 2017"

The message is consistent with other messages if SOURCE_DATE_EPOCH
is defined.

Signed-off-by: Juro Bystricky juro.bystricky@intel.com

Checklist

• documentation is added or updated
• tests are added or updated

[richsalz]

There's already an ifdef, OPENSSL_USE_BUILD_DATE, that is used in crypto/cversion.c, that does the same thing.

Thanks for the idea, tho.

[jurobystricky]

Yes, but quite the same. This script 'mkbuildinf.pl" generates the file crypto/buildinf.h. The date there ends up breaking reproducible build for openssl-dbg packages (or any package containing this file)

[jurobystricky]

sorry not quite the same

[richsalz]

Then it would be good if buildinf.h used the same ifdef style as crypto/cversion.c

[richsalz]

But is this really needed? Reproducible builds tend to compare output, not sources, no?

If this is needed, you'll have to sign our CLA and get Intel to put you on their list. Or put the text "CLA: trivial" in your commit text (not the title).

[jurobystricky]

open-embedded splits openssl into several packages, some of them are affected by the generated buildinf.h file,
(I believe those are openssl-dbg and openssl-staticdev packages, when I build them on different days, they differ. )
I will rework the patch along the lines you suggested.
Thanks

[kaduk]

@richsalz SOURCE_DATE_EPOCH is the de facto standard variable used by reproducible builds all over the place. Need we really be a special snowflake in this regard?

[richsalz]

I did not know that. It would be good to have this PR change openssl to use that.

My other question still stands: is it necessary that buildinf.h NEVER CHANGE if the variable is set?

[kaduk]

The requirement is actually fairly weak: we need to be reproducible only when invoked with the same compiler and configuration flags on the same platform and the same source tree (i.e., git commit), on different hosts and at different times. https://wiki.debian.org/ReproducibleBuilds/Howto does not even require that we are reproducible when built at a different path in the filesystem, though I don't know how universal that relaxation is.

[kaduk]

[deleted]

[levitte]

Doesn't this mean we can remove the ifdef soup around the date in cversion.c too?

[richsalz]

See #4644

[lamby]

(FYI there's no real reason to replace it with a string describing that it is reprocubible, ie:)

use POSIX qw(strftime);
my $date = strftime("%Y-%m-%d", gmtime($ENV{SOURCE_DATE_EPOCH} || time));

:)

[richsalz]

That's nice, but I think the time is useful :)

[lamby]

That's nice, but I think the time is useful :)

Oh sure, adjust the format to suit. I was only demonstrating that we don't need to replace the date with a string such as "reproducible build".

[richsalz]

Ah, I see. I'm clearly a noob on this stuff, so I'll just be the typing-monkey and do whatever @kaduk @levitte @kroeckx tell me to type.
:)

[richsalz]

Fix merged to master, thanks!

[lamby]

Thanks all :)