Skip to content

Commit 8caf376

Browse files
nolangemstorsjo
nolange
authored and
mstorsjo
committed
attempt to use reproducible timestamps
This sets SOURCE_DATE_EPOCH to the commit timestamp, toolchains should pick up timestamps from this variable. The same sources ideally would produce the same binary, see https://reproducible-builds.org. Set the timestamps within the tar archives to the start of the CI pipeline. Sort the archive contents.
1 parent 45ad096 commit 8caf376

File tree

2 files changed

+32
-6
lines changed

2 files changed

+32
-6
lines changed

.github/workflows/build.yml

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,13 @@ jobs:
2626
MINGW_W64_VERSION: ${{steps.get-versions.outputs.MINGW_W64_VERSION}}
2727
PYTHON_VERSION_MINGW: ${{steps.get-versions.outputs.PYTHON_VERSION_MINGW}}
2828
TAG: ${{steps.get-tag.outputs.TAG}}
29+
COMMIT_DATE_UNIX: ${{steps.get-tag.outputs.COMMIT_DATE_UNIX}}
30+
BUILD_DATE: ${{steps.get-tag.outputs.BUILD_DATE}}
31+
BUILD_DATE_UNIX: ${{steps.get-tag.outputs.BUILD_DATE_UNIX}}
2932
steps:
33+
- uses: actions/checkout@v4
34+
with:
35+
sparse-checkout: .
3036
- name: Select build tag
3137
id: get-tag
3238
run: |
@@ -36,6 +42,9 @@ jobs:
3642
TAG=$(TZ=UTC date +%Y%m%d)
3743
fi
3844
echo TAG=$TAG >> $GITHUB_OUTPUT
45+
echo COMMIT_DATE_UNIX=$(git log -1 --pretty=%ct $GITHUB_SHA) >> $GITHUB_OUTPUT
46+
echo BUILD_DATE=$(date -u '+%FT%TZ') >> $GITHUB_OUTPUT
47+
echo BUILD_DATE_UNIX=$(date -d "${BUILD_DATE}" +%s) >> $GITHUB_OUTPUT
3948
cat $GITHUB_OUTPUT
4049
cat $GITHUB_OUTPUT >> parameters.txt
4150
- name: Check latest version
@@ -66,6 +75,8 @@ jobs:
6675
LLVM_VERSION: ${{needs.prepare.outputs.LLVM_VERSION}}
6776
MINGW_W64_VERSION: ${{needs.prepare.outputs.MINGW_W64_VERSION}}
6877
TAG: ${{needs.prepare.outputs.TAG}}
78+
SOURCE_DATE_EPOCH: ${{needs.prepare.outputs.COMMIT_DATE_UNIX}}
79+
BUILD_DATE: ${{needs.prepare.outputs.BUILD_DATE}}
6980
run: |
7081
sudo apt-get update && sudo apt-get install ninja-build
7182
# Skip dynamic library dependencies that might make it harder to
@@ -77,7 +88,7 @@ jobs:
7788
DISTRO=ubuntu-$(grep DISTRIB_RELEASE /etc/lsb-release | cut -f 2 -d =)-$(uname -m)
7889
NAME=llvm-mingw-$TAG-ucrt-$DISTRO
7990
mv llvm-mingw $NAME
80-
tar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 $NAME
91+
tar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 --sort=name --mtime="$BUILD_DATE" $NAME
8192
- uses: actions/upload-artifact@v4
8293
with:
8394
name: linux-ucrt-x86_64-toolchain
@@ -97,6 +108,7 @@ jobs:
97108
env:
98109
LLVM_VERSION: ${{needs.prepare.outputs.LLVM_VERSION}}
99110
MINGW_W64_VERSION: ${{needs.prepare.outputs.MINGW_W64_VERSION}}
111+
SOURCE_DATE_EPOCH: ${{needs.prepare.outputs.COMMIT_DATE_UNIX}}
100112
run: |
101113
sudo apt-get update && sudo apt-get install ninja-build g++-aarch64-linux-gnu
102114
./build-all.sh $(pwd)/install/llvm-mingw --disable-clang-tools-extra --no-runtimes --host=aarch64-linux-gnu
@@ -119,12 +131,13 @@ jobs:
119131
- name: Package the toolchain
120132
env:
121133
TAG: ${{needs.prepare.outputs.TAG}}
134+
BUILD_DATE: ${{needs.prepare.outputs.BUILD_DATE}}
122135
run: |
123136
cd install
124137
DISTRO=ubuntu-$(grep DISTRIB_RELEASE /etc/lsb-release | cut -f 2 -d =)-aarch64
125138
NAME=llvm-mingw-$TAG-ucrt-$DISTRO
126139
mv llvm-mingw $NAME
127-
tar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 $NAME
140+
tar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 --sort=name --mtime="$BUILD_DATE" $NAME
128141
- uses: actions/upload-artifact@v4
129142
with:
130143
name: linux-ucrt-aarch64-toolchain
@@ -149,6 +162,8 @@ jobs:
149162
env:
150163
LLVM_VERSION: ${{needs.prepare.outputs.LLVM_VERSION}}
151164
MINGW_W64_VERSION: ${{needs.prepare.outputs.MINGW_W64_VERSION}}
165+
SOURCE_DATE_EPOCH: ${{needs.prepare.outputs.COMMIT_DATE_UNIX}}
166+
BUILD_DATE: ${{needs.prepare.outputs.BUILD_DATE}}
152167
run: |
153168
sudo apt-get update && sudo apt-get install ninja-build
154169
# Skip dynamic library dependencies that might make it harder to
@@ -157,7 +172,7 @@ jobs:
157172
LLVM_CMAKEFLAGS="-DLLVM_ENABLE_LIBXML2=OFF -DLLVM_ENABLE_TERMINFO=OFF" ./build-all.sh $(pwd)/install/llvm-mingw --disable-clang-tools-extra --disable-lldb --enable-asserts
158173
.github/workflows/store-version.sh install/llvm-mingw/versions.txt
159174
cd install
160-
tar -Jcf ../llvm-mingw-linux.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 llvm-mingw
175+
tar -Jcf ../llvm-mingw-linux.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 --sort=name --mtime="$BUILD_DATE" llvm-mingw
161176
- uses: actions/upload-artifact@v4
162177
with:
163178
name: linux-asserts-toolchain
@@ -177,6 +192,8 @@ jobs:
177192
LLVM_VERSION: ${{needs.prepare.outputs.LLVM_VERSION}}
178193
MINGW_W64_VERSION: ${{needs.prepare.outputs.MINGW_W64_VERSION}}
179194
TAG: ${{needs.prepare.outputs.TAG}}
195+
SOURCE_DATE_EPOCH: ${{needs.prepare.outputs.COMMIT_DATE_UNIX}}
196+
BUILD_DATE: ${{needs.prepare.outputs.BUILD_DATE}}
180197
run: |
181198
brew install ninja gnu-tar
182199
# Disable zstd and python. Both are available on the runners, but
@@ -189,7 +206,7 @@ jobs:
189206
cd install
190207
NAME=llvm-mingw-$TAG-ucrt-macos-universal
191208
mv llvm-mingw $NAME
192-
gtar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 $NAME
209+
gtar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 --sort=name --mtime="$BUILD_DATE" $NAME
193210
- uses: actions/upload-artifact@v4
194211
with:
195212
name: macos-ucrt-toolchain
@@ -233,6 +250,8 @@ jobs:
233250
LLVM_VERSION: ${{needs.prepare.outputs.LLVM_VERSION}}
234251
MINGW_W64_VERSION: ${{needs.prepare.outputs.MINGW_W64_VERSION}}
235252
TAG: ${{needs.prepare.outputs.TAG}}
253+
SOURCE_DATE_EPOCH: ${{needs.prepare.outputs.COMMIT_DATE_UNIX}}
254+
BUILD_DATE: ${{needs.prepare.outputs.BUILD_DATE}}
236255
run: |
237256
./build-all.sh $(pwd)/install/llvm-mingw --disable-clang-tools-extra --disable-lldb
238257
.github/workflows/store-version.sh install/llvm-mingw/versions.txt
@@ -241,7 +260,7 @@ jobs:
241260
cd install
242261
NAME=llvm-mingw-$TAG-ucrt-msys2-${{matrix.sys}}
243262
mv llvm-mingw $NAME
244-
tar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 $NAME
263+
tar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 --sort=name --mtime="$BUILD_DATE" $NAME
245264
- uses: actions/upload-artifact@v4
246265
with:
247266
name: msys2-${{matrix.sys}}-toolchain
@@ -281,6 +300,8 @@ jobs:
281300
MINGW_W64_VERSION: ${{needs.prepare.outputs.MINGW_W64_VERSION}}
282301
PYTHON_VERSION_MINGW: ${{needs.prepare.outputs.PYTHON_VERSION_MINGW}}
283302
TAG: ${{needs.prepare.outputs.TAG}}
303+
SOURCE_DATE_EPOCH: ${{needs.prepare.outputs.COMMIT_DATE_UNIX}}
304+
BUILD_DATE: ${{needs.prepare.outputs.BUILD_DATE}}
284305
run: |
285306
sudo apt-get update && sudo apt-get install autoconf-archive ninja-build
286307
./build-cross-tools.sh /opt/llvm-mingw $(pwd)/install/llvm-mingw ${{matrix.arch}} --with-python

.github/workflows/msvcrt.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,9 @@ jobs:
2424
MINGW_W64_VERSION: ${{steps.get-parameters.outputs.MINGW_W64_VERSION}}
2525
PYTHON_VERSION_MINGW: ${{steps.get-parameters.outputs.PYTHON_VERSION_MINGW}}
2626
TAG: ${{steps.get-parameters.outputs.TAG}}
27+
COMMIT_DATE_UNIX: ${{steps.get-parameters.outputs.COMMIT_DATE_UNIX}}
28+
BUILD_DATE: ${{steps.get-parameters.outputs.BUILD_DATE}}
29+
BUILD_DATE_UNIX: ${{steps.get-parameters.outputs.BUILD_DATE_UNIX}}
2730
steps:
2831
- name: Download build parameters
2932
uses: dawidd6/action-download-artifact@v3
@@ -68,6 +71,8 @@ jobs:
6871
LLVM_VERSION: ${{needs.prepare.outputs.LLVM_VERSION}}
6972
MINGW_W64_VERSION: ${{needs.prepare.outputs.MINGW_W64_VERSION}}
7073
TAG: ${{needs.prepare.outputs.TAG}}
74+
SOURCE_DATE_EPOCH: ${{needs.prepare.outputs.COMMIT_DATE_UNIX}}
75+
BUILD_DATE: ${{needs.prepare.outputs.BUILD_DATE}}
7176
run: |
7277
sudo apt-get update && sudo apt-get install ninja-build
7378
./build-all.sh $(pwd)/install/llvm-mingw --no-tools --wipe-runtimes --with-default-msvcrt=msvcrt
@@ -76,7 +81,7 @@ jobs:
7681
DISTRO=ubuntu-$(grep DISTRIB_RELEASE /etc/lsb-release | cut -f 2 -d =)-$(uname -m)
7782
NAME=llvm-mingw-$TAG-msvcrt-$DISTRO
7883
mv llvm-mingw $NAME
79-
tar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 $NAME
84+
tar -Jcf ../$NAME.tar.xz --format=ustar --numeric-owner --owner=0 --group=0 --sort=name --mtime="$BUILD_DATE" $NAME
8085
- uses: actions/upload-artifact@v4
8186
with:
8287
name: linux-msvcrt-x86_64-toolchain

0 commit comments

Comments
 (0)