- Change the generated_build_date.h to contain the full timestamp, it makes the
code less brittle.
- For official builds before 5:00am, it would generate a build time in the
future. Fix this.
- Improve the error message in BuildTime.InThePast.
- Add test case to ensure the build is not more than 45 days old.
- Remove dummy test.
- Improve comments in base/BUILD.gn and base/base.gyp.
- Add functional write_build_date_header.py --help.
This change builds upon work in https://codereview.chromium.org/1641413002.
R=thakis@chromium.org,felt@chromium.org,lgarron@chromium.org
BUG=587694
Review URL: https://codereview.chromium.org/1846713002
Cr-Original-Commit-Position: refs/heads/master@{#384991}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 1c9b02233631b0ba9b096d79bf5b8d71a370dbb0
After discussion with maruel and agl, it seems that
(1) for the purposes of build determinism, it's necessary
to be able to arbitrarily set the build time.
(2) for the purposes of continuous integration, longer duration
between cache invalidation is better, but >=1mo is preferable.
(3) for security purposes, timebombs would ideally be as close to
the actual time of the build as possible. It must be in the past.
(4) HSTS certificate pinning is valid for 70 days. To make CI builds enforce
HTST pinning, <=1mo is preferable.
All of these can reasonably be satisfied by using different settings for CI
versus official builds:
- For official build, the build time is set to 5:00am of the day of the build or
the day before.
- For continuous integration build, the build time is set to the current month.
If the current day is within the first week of the month and last Sunday
wasn't part of the current month, the Sunday of the previous month is used.
This results that cache invalidation happens on a Sunday, which is preferable
from an infrastructure standpoint.
- In the case that the build time needs to be set to a specific value (i.e. to
reproduce a build), the GN/GYP variable 'override_build_date' can be used to
set the BUILD_DATE explicitly. Its format is "Mmm DD YYYY".
The way it is done is:
- Generate $target_gen_dir/generated_build_date.h that defines BUILD_DATE. Its
value depends on if an official build is done or not.
- This step depends on build/util/LASTCHANGE so it is run at every sync. The
file is only touched if the content changed to not affect null build.
Most importantly, this change removes the need of both GN/GYP variable
"dont_embed_build_metadata" and C define "DONT_EMBED_BUILD_METADATA"; the build
is always deterministic (up to a month) by default. This removes the risk
oversight of forgetting to set this variable, which already happened.
R=maruel@chromium.org
BUG=489490
Review URL: https://codereview.chromium.org/1641413002
Cr-Original-Commit-Position: refs/heads/master@{#375136}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 08d91b75212b6592f05ff993d5a71c0f5a546563
Marc-Antoine Ruel
zforman