Description: Make the build reproducible Author: Chris Lamb Last-Update: 2017-05-05 --- shim-0.9+1474479173.6c180c6.orig/make-certs +++ shim-0.9+1474479173.6c180c6/make-certs @@ -13,6 +13,10 @@ DIGEST=SHA256 CRLHOURS=24 CRLDAYS= +build_date="${SOURCE_DATE_EPOCH:-$(date +%s)}" +startdate="$(date --utc --date="@${build_date}" +%y%M%d%H%M%SZ)" +enddate="$(date --utc --date="@$((${build_date} + ($DAYS * 86400)))" +%y%M%d%H%M%SZ)" + # Cleanup temporary files at exit. touch openssl.cnf newcertdir=`mktemp -d` @@ -408,7 +412,7 @@ if ! test -s ocsp.crt ; then sed -i -e 's,^\[req_ocsp\]$,\[req\],g' `pwd`/openssl.cnf openssl req -config `pwd`/openssl.cnf -new -key ocsp.key > ocsp.csr 2> /dev/null sed -i -e 's,^\[req\]$,\[req_ocsp\],g' `pwd`/openssl.cnf - openssl ca -batch -config `pwd`/openssl.cnf -extensions v3_ocsp -preserveDN -in ocsp.csr -days $DAYS -out ocsp.crt 2> /dev/null + openssl ca -batch -config `pwd`/openssl.cnf -extensions v3_ocsp -preserveDN -in ocsp.csr -startdate $startdate -enddate $enddate -out ocsp.crt 2> /dev/null openssl x509 -noout -text -in ocsp.crt > ocsp.txt cat ocsp.crt >> ocsp.txt cat ocsp.txt > ocsp.crt @@ -491,7 +495,7 @@ if ! test -s "$cert" ; then openssl req -config `pwd`/openssl.cnf -new -key "$key" > "$csr" 2> /dev/null sed -i -e 's,^\[req\]$,\[req_issued\],g' `pwd`/openssl.cnf fi - openssl ca -batch -config `pwd`/openssl.cnf -extensions v3_issued -preserveDN -in "$csr" -days $DAYS -out "$cert" 2> /dev/null + openssl ca -batch -config `pwd`/openssl.cnf -extensions v3_issued -preserveDN -in "$csr" -startdate $startdate -enddate $enddate -out "$cert" 2> /dev/null openssl x509 -noout -text -in "$cert" > "$cert.txt" cat "$cert" >> "$cert.txt" cat "$cert.txt" > "$cert"