diff options
author | Harald Hoyer <harald@redhat.com> | 2018-11-02 10:38:43 +0100 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2018-11-02 12:35:00 +0100 |
commit | e81f6af7ed3b39b8df0bb7ce150619ea8178d47c (patch) | |
tree | cf3f118ebae4e9b29c6fbf64d3d9efe021f5c49a /trust | |
parent | 1d6913d5a551b6bd8efaa1705178e49f1527aa7e (diff) |
trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time
For reproducible builds, accept a define timestamp for the java
keystore.
See https://reproducible-builds.org/docs/source-date-epoch/
Diffstat (limited to 'trust')
-rw-r--r-- | trust/extract-jks.c | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/trust/extract-jks.c b/trust/extract-jks.c index e1f1340..33554df 100644 --- a/trust/extract-jks.c +++ b/trust/extract-jks.c @@ -48,6 +48,8 @@ #include <stdlib.h> #include <stdint.h> #include <string.h> +#include <errno.h> +#include <limits.h> time_t _p11_extract_jks_timestamp = 0; @@ -247,10 +249,38 @@ prepare_jks_buffer (p11_enumerate *ex, * when this was this certificate was added to the keystore, however * we don't have that information. Java uses time in milliseconds */ - if (_p11_extract_jks_timestamp) - now = _p11_extract_jks_timestamp; - else - now = time (NULL); + { + char *source_date_epoch; + source_date_epoch = secure_getenv ("SOURCE_DATE_EPOCH"); + if (source_date_epoch) { + unsigned long long epoch; + char *endptr; + errno = 0; + epoch = strtoull (source_date_epoch, &endptr, 10); + if ((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0)) + || (errno != 0 && epoch == 0)) { + p11_message_err (errno, "Environment variable $SOURCE_DATE_EPOCH: strtoull"); + return false; + } + if (endptr == source_date_epoch) { + fprintf (stderr, "Environment variable $SOURCE_DATE_EPOCH: No digits were found: %s\n", endptr); + return false; + } + if (*endptr != '\0') { + fprintf (stderr, "Environment variable $SOURCE_DATE_EPOCH: Trailing garbage: %s\n", endptr); + return false; + } + if (epoch > ULONG_MAX) { + fprintf (stderr, "Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to %lu but was found to be: %llu \n", ULONG_MAX, epoch); + return false; + } + now = epoch; + } else if (_p11_extract_jks_timestamp) + now = _p11_extract_jks_timestamp; + else + now = time (NULL); + } + return_val_if_fail (now > 0, false); now *= 1000; /* seconds to milliseconds */ |