| |
@@ -44,7 +44,7 @@
|
| |
# $LDFLAGS is supported as a deprecated alias to $GO_LDFLAGS to add additional
|
| |
# arguments to `go build -ldflags "..."`.
|
| |
# Please set $GO_LDFLAGS instead of $LDFLAGS.
|
| |
- %gobuild_ldflags ${GO_LDFLAGS-${LDFLAGS-}} %{?currentgoldflags} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -compressdwarf=false -linkmode=external -extldflags '%{build_ldflags} %{?__golang_extldflags}'
|
| |
+ %gobuild_ldflags ${GO_LDFLAGS-${LDFLAGS-}} %{?currentgoldflags} -B 0x$(echo "%{name}-%{version}-%{release}-${SOURCE_DATE_EPOCH:-}" | sha1sum | cut -d ' ' -f1) -compressdwarf=false -linkmode=external -extldflags '%{build_ldflags} %{?__golang_extldflags}'
|
| |
# A shell-escaped version of %gobuild_ldflags.
|
| |
# Can be used to set an environment or make variable.
|
| |
# Example from the aerc package:
|
| |
Using random bytes makes the builds obviously irreproducible. Use instead
$SOURCE_DATE_EPOCH as the source of the identifier, so that rebuilds of the same
sources are the same. $SOURCE_DATE_EPOCH is augmented with
%{name}-%{version}-%{release} and hashed with sha1sum to get a number that is 40
hexadecimal bytes (same as the one generated from the random bytes before). Any
hash function would do, we only need something that has good hashing properties,
there is no security component here since the input is public.
Tested on podman-5.0.0~rc3-3.fc41.x86_64.rpm. Together with
https://github.com/rpm-software-management/rpm/pull/2930 and
https://src.fedoraproject.org/rpms/podman/pull-request/131, the build becomes
reproducible.