Support reproducible builds (#1802)

* Makefile: Ensure we strip out embedded paths

To reproduce binaries undeterministic values needs to be removed. By
default Go embeds several module paths into the binaries, which prevents
people from reproducing said distributed binary.

The distributed binary from micro contains the full home path of the
current builder of the binary. -trimpath removes these paths from the
binary.

    $ strings micro | grep "/home/zyedidia" | wc -l
    868

This also helps other distributions providing reproducible versions of
micro down the line.

Signed-off-by: Morten Linderud <morten@linderud.pw>
* build-date: Ensure build time adheres to SOURCE_DATE_EPOCH

Embedding undeterministic values into binaries prevents reproduction of
the binaries. The reproducible builds projects defines
`SOURCE_DATE_EPOCH` to allow deterministic insertion of build times.

This patch ensures `build-date` checks the environment variable before
building with the local time.

    $ SOURCE_DATE_EPOCH=123123 go run tools/build-date.go
    January 02, 1970
    $ go run tools/build-date.go
    July 31, 2020

    $ make build-quick && ./micro --version
    [...]
    Compiled on July 31, 2020
    $ SOURCE_DATE_EPOCH=123123 make build-quick && ./micro --version
    [...]
    Compiled on January 02, 1970

https://reproducible-builds.org/specs/source-date-epoch/

Signed-off-by: Morten Linderud <morten@linderud.pw>

diff --git a/Makefile b/Makefile
index 19badb914bc95f228d3a9b298977c332221b90c2..91f84bae16bf3b23fa1d0f65f4dca1fdbc813353 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -15,20 +15,20 @@ VSCODE_TESTS_BASE_URL = 'https://raw.githubusercontent.com/microsoft/vscode/e6a4
 
 # Builds micro after checking dependencies but without updating the runtime
 build:
-       go build -ldflags "-s -w $(GOVARS) $(ADDITIONAL_GO_LINKER_FLAGS)" ./cmd/micro
+       go build -trimpath -ldflags "-s -w $(GOVARS) $(ADDITIONAL_GO_LINKER_FLAGS)" ./cmd/micro
 
 build-dbg:
-       go build -ldflags "-s -w $(ADDITIONAL_GO_LINKER_FLAGS) $(DEBUGVAR)" ./cmd/micro
+       go build -trimpath -ldflags "-s -w $(ADDITIONAL_GO_LINKER_FLAGS) $(DEBUGVAR)" ./cmd/micro
 
 build-tags: fetch-tags
-       go build -ldflags "-s -w $(GOVARS) $(ADDITIONAL_GO_LINKER_FLAGS)" ./cmd/micro
+       go build -trimpath -ldflags "-s -w $(GOVARS) $(ADDITIONAL_GO_LINKER_FLAGS)" ./cmd/micro
 
 # Builds micro after building the runtime and checking dependencies
 build-all: runtime build
 
 # Builds micro without checking for dependencies
 build-quick:
-       go build -ldflags "-s -w $(GOVARS) $(ADDITIONAL_GO_LINKER_FLAGS)" ./cmd/micro
+       go build -trimpath -ldflags "-s -w $(GOVARS) $(ADDITIONAL_GO_LINKER_FLAGS)" ./cmd/micro
 
 # Same as 'build' but installs to $GOBIN afterward
 install:

diff --git a/tools/build-date.go b/tools/build-date.go
index ff994d2aeb2944d3d2b0eede93f635add5f064ca..427ef1b1ddbb8eba8d8ede443b0986ec50ea9e6f 100644 (file)
--- a/tools/build-date.go
+++ b/tools/build-date.go
@@ -2,9 +2,23 @@ package main
 
 import (
        "fmt"
+       "os"
+       "strconv"
        "time"
 )
 
 func main() {
-       fmt.Println(time.Now().Local().Format("January 02, 2006"))
+       var buildTime time.Time
+       epoch := os.Getenv("SOURCE_DATE_EPOCH")
+       if epoch != "" {
+               i, err := strconv.Atoi(epoch)
+               if err != nil {
+                       fmt.Errorf("SOURCE_DATE_EPOCH is not a valid integer")
+                       os.Exit(1)
+               }
+               buildTime = time.Unix(int64(i), 0)
+       } else {
+               buildTime = time.Now().Local()
+       }
+       fmt.Println(buildTime.Format("January 02, 2006"))
 }