velociraptor/velociraptor-reproducible-timestamp.diff

From: Jeff Mahoney <jeffm@suse.com>
Subject: magefile: use stable timestamps for build

In order to create reprodicible builds, we can't have timestamps that vary
without anything else changing.
---
 magefiles/magefile.go |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

--- a/magefiles/magefile.go
+++ b/magefiles/magefile.go
@@ -472,10 +472,18 @@ func build_gui_files() error {
 }
 
 func flags() string {
-	timestamp := time.Now().Format(time.RFC3339)
+	timestamp := os.Getenv("VELOCIRAPTOR_BUILD_TIME")
+	if timestamp == "" {
+		timestamp = time.Now().Format(time.RFC3339)
+	}
 	flags := fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.build_time=%s"`, timestamp)
 
-	flags += fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.commit_hash=%s"`, hash())
+	head := os.Getenv("VELOCIRAPTOR_GIT_HEAD")
+	if head == "" {
+		head = hash()
+	}
+
+	flags += fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.commit_hash=%s"`, head)
 
 	// If we are running on the CI pipeline we need to know the run
 	// number and URL so we can report them.
Accepting request 1060929 from home:jeff_mahoney:branches:security:sensor - Use obsinfo mtime to produce stable build timestamp (bsc#1207369). - Update to version 0.6.7.4~git60.8abed37a: * http_comms: create ring buffer temporary file in the same directory * cronsnoop: plumb in real scope logging * cronsnoop: don't treat routine errors as fatal * cronsnoop: fix typo - Use obsinfo mtime to produce stable build timestamp (bsc#1207369). - Update to version 0.6.7.4~git60.8abed37a: * http_comms: create ring buffer temporary file in the same directory * cronsnoop: plumb in real scope logging * cronsnoop: don't treat routine errors as fatal * cronsnoop: fix typo OBS-URL: https://build.opensuse.org/request/show/1060929 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=41 2023-01-25 14:29:03 +01:00			`From: Jeff Mahoney <jeffm@suse.com>`
			`Subject: magefile: use stable timestamps for build`

			`In order to create reprodicible builds, we can't have timestamps that vary`
			`without anything else changing.`
Accepting request 1133905 from home:jeff_mahoney:branches:security:sensor - Temporarily use the NODE_MODULES BEGIN/END form of the node_modules service due to a bug in debbuild preventing Debian builds from succeeding. - Update to version 0.7.0.4.git4.c1b68a5b: * hash: fix nil pointer dereference panic * velociraptor: add dummy main function for mage - Removed patch: * velociraptor-golang-mage-vendoring.diff - Switched to using go_modules and node_modules source services - Eliminated bespoke vendoring scripts. - Pulled sysuser definition into the velociraptor package. - Remove PrivateTmp and PrivateDevices settings in velociraptor-client.service (SENS-70) - Update to version 0.7.0.4.git0.e09a0df8: * Add additional sanitization to HTML templates on JS side. (#2) (#3077) (CVE-2023-5950) * vql/linux/sdjournal: Fix open/close lifetimes * vql/linux/audit: fix shutdown races * vql/linux/audit: fix goroutine lifetimes * vql/linux/audit: limit messageQueue to within runService * vql/linux/audit: add auditService.Log() * vql/linux/audit: pull parts of shutdown into shutdown watcher * vql/linux/audit: remove unnecessary error handling for reassembler * vql/linux/audit: remove unused waitgroup from main event loop * vql/linux/audit: handle top-level cancelation properly * vql/linux/audit: make explicit that goroutines in the main errgroup don't return errors * vql/linux/audit: make stats reporting separate from debug prints * vql/linux/audit: simplify polling in listener * vql/linux/audit: tests, check various rule scenarios * vql/linux/audit: Add more client failure test cases * vql/linux/audit: Fix audit client lifecycle OBS-URL: https://build.opensuse.org/request/show/1133905 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=55 2023-12-18 19:44:23 +01:00			`---`
			`magefiles/magefile.go \| 12 ++++++++++--`
			`1 file changed, 10 insertions(+), 2 deletions(-)`

			`--- a/magefiles/magefile.go`
			`+++ b/magefiles/magefile.go`
			`@@ -472,10 +472,18 @@ func build_gui_files() error {`
Accepting request 1060929 from home:jeff_mahoney:branches:security:sensor - Use obsinfo mtime to produce stable build timestamp (bsc#1207369). - Update to version 0.6.7.4~git60.8abed37a: * http_comms: create ring buffer temporary file in the same directory * cronsnoop: plumb in real scope logging * cronsnoop: don't treat routine errors as fatal * cronsnoop: fix typo - Use obsinfo mtime to produce stable build timestamp (bsc#1207369). - Update to version 0.6.7.4~git60.8abed37a: * http_comms: create ring buffer temporary file in the same directory * cronsnoop: plumb in real scope logging * cronsnoop: don't treat routine errors as fatal * cronsnoop: fix typo OBS-URL: https://build.opensuse.org/request/show/1060929 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=41 2023-01-25 14:29:03 +01:00			`}`

			`func flags() string {`
			`- timestamp := time.Now().Format(time.RFC3339)`
			`+ timestamp := os.Getenv("VELOCIRAPTOR_BUILD_TIME")`
			`+ if timestamp == "" {`
			`+ timestamp = time.Now().Format(time.RFC3339)`
			`+ }`
			flags := fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.build_time=%s"`, timestamp)

			- flags += fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.commit_hash=%s"`, hash())
			`+ head := os.Getenv("VELOCIRAPTOR_GIT_HEAD")`
			`+ if head == "" {`
			`+ head = hash()`
			`+ }`
			`+`
			+ flags += fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.commit_hash=%s"`, head)

			`// If we are running on the CI pipeline we need to know the run`
			`// number and URL so we can report them.`