PHP :: Request #69727 :: Remove timestamps from build to make it reproducible

Remove timestamps from build to make it reproducible

Submitted:

2015-05-29 08:19 UTC

Modified:

2015-09-16 16:16 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

thijs at debian dot org

Assigned:

Status:

Closed

Package:

Unknown/Other Function

PHP Version:

5.6.9

OS:

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	thijs at debian dot org
New email:
PHP Version:		OS:

New Comment:

[2015-05-29 08:19 UTC] thijs at debian dot org

Description:
------------
The PHP build embeds timestamps into the generated binaries at build time. This makes the build not reproducible, as in that the same source code will not generate the bitwise exact same binaries.

Reproducible builds are important amongst others to verify the integrity of distributions. See: https://wiki.debian.org/ReproducibleBuilds

We believe the value of the embedded timestamps is very limited. They do not indicate which release, commit or git branch has been built, only a date which in itself does not really say something. Therefore it seems safe to remove them.

Test script:
---------------
https://reproducible.debian.net/rb-pkg/unstable/amd64/php5.html

Expected result:
----------------
Building PHP two times yields bitwise identical binaries.

Actual result:
--------------
Building PHP two times yields bitwise different binaries.

Patches

php5_reproducible (last revision 2015-05-29 08:19 UTC by thijs at debian dot org)

Add a Patch

Pull Requests

Pull requests:

Support SOURCE_DATE_EPOCH for Build Date (php-src/2965)
Remove timestamps from build to make it reproducible (php-src/1419)

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-09-16 16:16 UTC] levim@php.net

To your knowledge is there anything else that prevents reproducible builds for PHP?

[2017-12-15 21:04 UTC] nikic@php.net

Automatic comment on behalf of jelle@vdwaa.nl
Revision: http://git.php.net/?p=php-src.git;a=commit;h=8a179fa02b50685fba47e7d19af922b07791d616
Log: Fix bug #69727: Support SOURCE_DATE_EPOCH for Build Date

[2017-12-15 21:05 UTC] nikic@php.net

-Status: Open +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 11:01:33 2024 UTC