Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure build timestamp is consistent and set in SBOM #3313

Merged
merged 12 commits into from
Apr 6, 2023
Merged

Ensure build timestamp is consistent and set in SBOM #3313

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
59d0ebf
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
8e92918
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
1266528
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
0fd4236
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
0b3972f
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
eb25e58
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
5b25f40
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
049655d
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
e6715b1
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
dfab033
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 5, 2023
156769b
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 6, 2023
004d35a
Ensure build timestamp is consistent and set in SBOM
andrew-m-leonard Apr 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 53 additions & 26 deletions sbin/build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,28 +104,23 @@ configureReproducibleBuildParameter() {
addConfigureArg "--with-source-date=version" " --disable-ccache"
CONFIGURE_ARGS="${CONFIGURE_ARGS//--enable-ccache/}"
else
if [[ -n "${BUILD_CONFIG[BUILD_REPRODUCIBLE_DATE]}" ]]; then
# Use supplied date
addConfigureArg "--with-source-date=" "${BUILD_CONFIG[BUILD_REPRODUCIBLE_DATE]}"

# Specify --with-hotspot-build-time to ensure dual pass builds like MacOS use same time
# Use supplied date
addConfigureArg "--with-hotspot-build-time=" "${BUILD_CONFIG[BUILD_REPRODUCIBLE_DATE]}"
# Use BUILD_TIMESTAMP date
andrew-m-leonard marked this conversation as resolved.
Show resolved Hide resolved

# Convert BUILD_TIMESTAMP to seconds since Epoch
local buildTimestampSeconds
andrew-m-leonard marked this conversation as resolved.
Show resolved Hide resolved
local isGnuCompatDate=$(date --version 2>&1 | grep "GNU\|BusyBox" || true)
if [ "x${isGnuCompatDate}" != "x" ]
then
buildTimestampSeconds=$(date --utc --date="${BUILD_CONFIG[BUILD_TIMESTAMP]}" +"%s")
else
# Use build date
addConfigureArg "--with-source-date=" "updated"

# Specify --with-hotspot-build-time to ensure dual pass builds like MacOS use same time
# Get current ISO-8601 datetime
isGnuCompatDate=$(date --version 2>&1 | grep "GNU\|BusyBox" || true)
if [ "x${isGnuCompatDate}" != "x" ]
then
hotspotBuildTime=$(date --utc +"%Y-%m-%dT%H:%M:%SZ")
else
hotspotBuildTime=$(date -u -j +"%Y-%m-%dT%H:%M:%SZ")
fi
addConfigureArg "--with-hotspot-build-time=" "${hotspotBuildTime}"
buildTimestampSeconds=$(date -u -j -f "%Y-%m-%d %H:%M:%S" "${BUILD_CONFIG[BUILD_TIMESTAMP]}" +"%s")
fi

addConfigureArg "--with-source-date=" "${buildTimestampSeconds}"

# Specify --with-hotspot-build-time to ensure dual pass builds like MacOS use same time
# Use supplied date
addConfigureArg "--with-hotspot-build-time=" "'${BUILD_CONFIG[BUILD_TIMESTAMP]}'"
fi
# Ensure reproducible binary with a unique build user identifier
addConfigureArg "--with-build-user=" "${BUILD_CONFIG[BUILD_VARIANT]}"
Expand Down Expand Up @@ -273,18 +268,35 @@ configureVersionStringParameter() {
addConfigureArg "--with-milestone=" "beta"
fi

local dateSuffix=$(date -u +%Y%m%d%H%M)
# Determine build date timestamp to use
local buildTimestamp
local isGnuCompatDate=$(date --version 2>&1 | grep "GNU\|BusyBox" || true)

if [[ -n "${BUILD_CONFIG[BUILD_REPRODUCIBLE_DATE]}" ]]; then
# Use input reproducible build date supplied in ISO8601 format
# Convert input ISO8601 date to dateSuffix %Y%m%d%H%M format
isGnuCompatDate=$(date --version 2>&1 | grep "GNU\|BusyBox" || true)
# Use input reproducible build date supplied in ISO8601 format UTC time
buildTimestamp="${BUILD_CONFIG[BUILD_REPRODUCIBLE_DATE]}"
# BusyBox doesn't use T Z iso8601 format
buildTimestamp="${buildTimestamp//T/ }"
buildTimestamp="${buildTimestamp//Z/}"
else
# Get current ISO-8601 datetime
if [ "x${isGnuCompatDate}" != "x" ]
then
dateSuffix=$(date --utc --date="${BUILD_CONFIG[BUILD_REPRODUCIBLE_DATE]}" +"%Y%m%d%H%M")
buildTimestamp=$(date --utc +"%Y-%m-%d %H:%M:%S")
else
dateSuffix=$(date -u -j -f "%Y-%m-%dT%H:%M:%SZ" "${BUILD_CONFIG[BUILD_REPRODUCIBLE_DATE]}" +"%Y%m%d%H%M")
buildTimestamp=$(date -u -j +"%Y-%m-%d %H:%M:%S")
fi
fi
BUILD_CONFIG[BUILD_TIMESTAMP]="${buildTimestamp}"

# Convert ISO-8601 buildTimestamp string to dateSuffix format: %Y%m%d%H%M
local dateSuffix
andrew-m-leonard marked this conversation as resolved.
Show resolved Hide resolved
if [ "x${isGnuCompatDate}" != "x" ]
then
dateSuffix=$(date --utc --date="${buildTimestamp}" +"%Y%m%d%H%M")
else
dateSuffix=$(date -u -j -f "%Y-%m-%d %H:%M:%S" "${buildTimestamp}" +"%Y%m%d%H%M")
fi

# Configures "vendor" jdk properties.
# Temurin default values are set after this code block
Expand Down Expand Up @@ -646,6 +658,17 @@ executeTemplatedFile() {
exit 2
fi

if [[ "${BUILD_CONFIG[OPENJDK_FEATURE_NUMBER]}" -ge 19 || "${BUILD_CONFIG[OPENJDK_FEATURE_NUMBER]}" -eq 17 ]]; then
if [ "${BUILD_CONFIG[RELEASE]}" == "true" ]; then
# For "release" reproducible builds get openjdk timestamp used
local buildTimestamp=$(grep SOURCE_DATE_ISO_8601 build/*/spec.gmk | tr -s ' ' | cut -d' ' -f4)
# BusyBox doesn't use T Z iso8601 format
buildTimestamp="${buildTimestamp//T/ }"
buildTimestamp="${buildTimestamp//Z/}"
BUILD_CONFIG[BUILD_TIMESTAMP]="${buildTimestamp}"
fi
fi

# Restore exit behavior
set -eu
}
Expand Down Expand Up @@ -773,6 +796,10 @@ generateSBoM() {
addSBOMComponentPropertyFromFile "${javaHome}" "${classpath}" "${sbomJson}" "Eclipse Temurin" "OpenJDK Source Commit" "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/openjdkSource.txt"
# Add buildRef as JDK Component Property
addSBOMComponentPropertyFromFile "${javaHome}" "${classpath}" "${sbomJson}" "Eclipse Temurin" "Temurin Build Ref" "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/buildSource.txt"

# Add build timestamp
addSBOMComponentProperty "${javaHome}" "${classpath}" "${sbomJson}" "Eclipse Temurin" "Build Timestamp" "${BUILD_CONFIG[BUILD_TIMESTAMP]}"

# Add Tool Summary section from configure.txt
checkingToolSummary
addSBOMComponentPropertyFromFile "${javaHome}" "${classpath}" "${sbomJson}" "Eclipse Temurin" "Build Tools Summary" "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/dependency_tool_sum.txt"
Expand Down
3 changes: 2 additions & 1 deletion sbin/common/config_init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ OPENJDK_BUILD_REPO_URI
BRANCH
BUILD_FULL_NAME
BUILD_REPRODUCIBLE_DATE
BUILD_TIMESTAMP
BUILD_VARIANT
CERTIFICATE
CLEAN_DOCKER_BUILD
Expand Down Expand Up @@ -131,7 +132,7 @@ index=0
while [ $index -lt $numParams ]; do
paramName=${CONFIG_PARAMS[$index]};
eval declare -r -x "$paramName=$index"
PARAM_LOOKUP[$index]=$paramName
PARAM_LOOKUP[index]=$paramName

# shellcheck disable=SC2219
let index=index+1
Expand Down