Make the Unix build process more repeatable#28449
Closed
ngie-eign wants to merge 1 commit intoopenssl:masterfrom
Closed
Make the Unix build process more repeatable#28449ngie-eign wants to merge 1 commit intoopenssl:masterfrom
ngie-eign wants to merge 1 commit intoopenssl:masterfrom
Conversation
openssl-machine
added
the
hold: cla required
ngie-eign
force-pushed
the
issue-28323
branch
from
91dab0a to
55c9d44
Compare
openssl-machine
removed
the
hold: cla required
ngie-eign
force-pushed
the
issue-28323
branch
from
55c9d44 to
4b44ba5
Compare
ngie-eign
changed the title
ngie-eign
force-pushed
the
issue-28323
branch
from
4b44ba5 to
887cc15
Compare
levitte
reviewed
Sep 5, 2025
openssl-machine
added
the
hold: cla required
levitte
added
branch: master
Member
|
I'm wondering what the effect is when VERSION.dat doesn't contain a date, like in the current branch. In Debian, we set the SOURCE_DATE_EPOCH, which is based on the debian/changelog file. It would now get an other date, when upstream released it, instead of when Debian did, which looks fine to me. |
t8m
added
approval: review pending
t8m
previously approved these changes
Sep 5, 2025
Member
t8m
left a comment
t8m
left a comment
There was a problem hiding this comment.
It is borderline on what we would accept with CLA: trivial. Please consider signing a CLA. https://openssl-library.org/policies/cla/index.html
Member
my $t = $config{"release_date"}
? Time::Piece->strptime($config{"release_date"}, "%d %b %Y")
: localtime;
$t->strftime("%Y-%m-%d")When the release date ( |
Member
I could accept it with |
Member
|
So if we ever decide to shipped a non-released version, which seems unlikely, this will make it non-reproducible. |
Contributor
Author
I submitted my individual CLA just last night. The second commit doesn't contain that metadata because I planned on squashing the second commit to the first one (which has the metadata) prior to merge. |
Contributor
Author
Yes. That seems extremely unlikely though, since releasing sources without a fixed version to the public would be contradictory. Background for other readers: multiple OSes out there (I can speak directly to FreeBSD and a FreeBSD variant I develop on for work) keep patches which normalize dates to deterministic values in order to make builds reproducible. This is sometimes done for to simplify binary patching processes. |
openssl-machine
added
the
hold: cla required
openssl-machine
pushed a commit
that referenced
this pull request
Sep 9, 2025
Before this change all manpages would contain the date when pod2man was run. This resulted in outputs that differed between builds--or potentially across a single build if the host clock "ticked" to the next day when the build was being run. This commit modifies the manpage generation process as follows: - The date all manpages were generated will be normalized to a single date. - The release date specified in `VERSION.dat` is used instead of the date/time when `pod2man` was executed OR--in the event a date isn't specified in `VERSION.dat`--the time when the Makefiles were last regenerated. Embedding a consistent date into the generated manpages helps ensure that the build process as a whole is more repeatable and helps ensure that release versions of OpenSSL create artifacts consistent with the date that the official release was cut. Co-authored-by: Richard Levitte <[email protected]> Signed-off-by: Enji Cooper <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #28449) (cherry picked from commit 2c0c9c8)
openssl-machine
pushed a commit
that referenced
this pull request
Sep 9, 2025
Before this change all manpages would contain the date when pod2man was run. This resulted in outputs that differed between builds--or potentially across a single build if the host clock "ticked" to the next day when the build was being run. This commit modifies the manpage generation process as follows: - The date all manpages were generated will be normalized to a single date. - The release date specified in `VERSION.dat` is used instead of the date/time when `pod2man` was executed OR--in the event a date isn't specified in `VERSION.dat`--the time when the Makefiles were last regenerated. Embedding a consistent date into the generated manpages helps ensure that the build process as a whole is more repeatable and helps ensure that release versions of OpenSSL create artifacts consistent with the date that the official release was cut. Co-authored-by: Richard Levitte <[email protected]> Signed-off-by: Enji Cooper <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #28449)
Member
|
Merged to all the active branches. Thank you for your contribution. |
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 11, 2025
CHANGES.md: * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 11, 2025
CHANGES.md: * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 11, 2025
CHANGES.md: * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 13, 2025
CHANGES.md: * #28398 * #28411 * #28447 * #28449 NEWS.md: * #28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from #28521)
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 15, 2025
CHANGES.md: * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 15, 2025
CHANGES.md: * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 16, 2025
CHANGES.md: * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28447 * openssl#28449 NEWS.md: * openssl#28447 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 16, 2025
CHANGES.md: * #28198 * #28398 * #28411 * #28447 * #28449 NEWS.md: * #28447 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from #28558)
openssl-machine
pushed a commit
that referenced
this pull request
Sep 16, 2025
CHANGES.md: * #28398 * #28411 * #28447 * #28449 NEWS.md: * #28447 Release: yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #28547)
2 tasks
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.0.18 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28624 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.2.6 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.2.6 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.3.5 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.3.5 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.4.3 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28415 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.4.3 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.3.5 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.3.5 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.4.3 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28415 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.4.3 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.2.6 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28603 * openssl#28624 * openssl#28642 3.2.6 NEWS.md do not have any updates. Updated the changes and news in the previous branches. Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
esyr
added a commit
to esyr/openssl
that referenced
this pull request
Sep 30, 2025
3.0.18 CHANGES.md includes the following: * openssl#28098 * openssl#28198 * openssl#28398 * openssl#28411 * openssl#28449 * openssl#28504 * openssl#28535 * openssl#28591 * openssl#28624 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 30, 2025
3.4.3 CHANGES.md includes the following: * #28198 * #28398 * #28411 * #28415 * #28449 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 30, 2025
3.3.5 CHANGES.md includes the following: * #28198 * #28398 * #28411 * #28449 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 30, 2025
3.2.6 CHANGES.md includes the following: * #28198 * #28398 * #28411 * #28449 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
Sep 30, 2025
3.0.18 CHANGES.md includes the following: * #28198 * #28398 * #28411 * #28449 Release: Yes Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Before this change all manpages would contain the date when pod2man was
run. This resulted in outputs that differed between builds--or
potentially across a single build if the host clock "ticked" to the next
day when the build was being run.
This commit modifies the manpage generation process as follows:
date instead of a potentially rolling date.
VERSION.datis used instead of thedate/time when
pod2manwas executed OR--in the event a dateisn't specified in
VERSION.dat--the time when the Makefiles werelast regenerated.
Embedding a consistent date into the generated manpages helps ensure that
the build process as a whole is more repeatable and helps ensure that
release versions of OpenSSL create artifacts consistent with the date
that the official release was cut.
Closes: #28323