From 67ee73cb0c37031394b02a16b90ba214defe91cb Mon Sep 17 00:00:00 2001 From: Chris Lamb Date: Tue, 23 Jul 2024 14:37:05 +0100 Subject: [PATCH] Make the documentation reproducible when rebuilt The Reproducible Builds project aims to arrange for rebuilding the same source code in a sufficiently similar environment to produce the same installable packages every time, as a way to discourage supply-chain attacks by making it possible to verify that a particular installable package was built from the claimed source code. Previously, if meson-python was built twice, at least a year apart, then its documentation would contain different copyright dates. The SOURCE_DATE_EPOCH environment variable is used here to avoid that difference: the intention is that environments that want to produce reproducible packages will set SOURCE_DATE_EPOCH to some suitable fixed date (perhaps the date of the most recent git commit) which is held constant across rebuilds. See the specification for SOURCE_DATE_EPOCH for more details: https://reproducible-builds.org/docs/source-date-epoch/ [smcv: Added commit message] Co-authored-by: Simon McVittie --- docs/conf.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/conf.py b/docs/conf.py index d191a89ef..5f39f0e4e 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -16,15 +16,21 @@ import datetime import os +import time import sys sys.path.insert(0, os.path.abspath('..')) import mesonpy +build_date = datetime.datetime.fromtimestamp( + int(os.environ.get('SOURCE_DATE_EPOCH', time.time())), + tz=datetime.timezone.utc, +) + # -- Project information ----------------------------------------------------- project = 'meson-python' -copyright = f'2021\N{EN DASH}{datetime.date.today().year} The meson-python developers' +copyright = f'2021\N{EN DASH}{build_date.year} The meson-python developers' # The short X.Y version version = mesonpy.__version__