mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-05-30 13:00:02 +00:00
nftables: improve reproducibility
Use SOURCE_DATE_EPOCH to set MAKE_STAMP instead of using the current time, thereby improving reproducibility. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Yi Zhao
Khem Raj
+41
@@ -0,0 +1,41 @@
|
|||||||
|
From fde27e62b241fb7d96de36a2fd6d7879c24f5de6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jeremy Sowden <jeremy@azazel.net>
|
||||||
|
Date: Wed, 28 Jan 2026 18:31:07 +0000
|
||||||
|
Subject: [PATCH] build: support `SOURCE_DATE_EPOCH` for build time-stamp
|
||||||
|
|
||||||
|
In order to support reproducible builds, set the build time-stamp to the value
|
||||||
|
of the environment variable, `SOURCE_DATE_EPOCH`, if set, and fall back to
|
||||||
|
calling `date`, otherwise.
|
||||||
|
|
||||||
|
Link: https://reproducible-builds.org/docs/source-date-epoch/
|
||||||
|
Fixes: 64c07e38f049 ("table: Embed creating nft version into userdata")
|
||||||
|
Reported-by: Arnout Engelen <arnout@bzzt.net>
|
||||||
|
Closes: https://github.com/NixOS/nixpkgs/issues/478048
|
||||||
|
Suggested-by: Philipp Bartsch <phil@grmr.de>
|
||||||
|
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
||||||
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://git.netfilter.org/nftables/commit/?id=ca86f206c92704170a295b8dc7a41f6448835dde]
|
||||||
|
[Adjust patch for 1.1.6]
|
||||||
|
|
||||||
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
||||||
|
---
|
||||||
|
configure.ac | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 6825474..527049f 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -165,7 +165,7 @@ AC_CONFIG_COMMANDS([nftversion.h], [
|
||||||
|
])
|
||||||
|
# Current date should be fetched exactly once per build,
|
||||||
|
# so have 'make' call date and pass the value to every 'gcc' call
|
||||||
|
-AC_SUBST([MAKE_STAMP], ["\$(shell date +%s)"])
|
||||||
|
+AC_SUBST([MAKE_STAMP], ["${SOURCE_DATE_EPOCH:-$(date +%s)}"])
|
||||||
|
|
||||||
|
AC_ARG_ENABLE([distcheck],
|
||||||
|
AS_HELP_STRING([--enable-distcheck], [Build for distcheck]),
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
@@ -12,6 +12,7 @@ DEPENDS = "libmnl libnftnl bison-native \
|
|||||||
${@bb.utils.contains('PACKAGECONFIG', 'mini-gmp', '', 'gmp', d)}"
|
${@bb.utils.contains('PACKAGECONFIG', 'mini-gmp', '', 'gmp', d)}"
|
||||||
|
|
||||||
SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.xz \
|
SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.xz \
|
||||||
|
file://0001-build-support-SOURCE_DATE_EPOCH-for-build-time-stamp.patch \
|
||||||
file://run-ptest \
|
file://run-ptest \
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "372931bda8556b310636a2f9020adc710f9bab66f47efe0ce90bff800ac2530c"
|
SRC_URI[sha256sum] = "372931bda8556b310636a2f9020adc710f9bab66f47efe0ce90bff800ac2530c"
|
||||||
|
|||||||
Reference in New Issue
Block a user