• zforman's avatar
    Makes GetBuildTime behave sanely on all build types. · 08d91b75
    zforman authored
    After discussion with maruel and agl, it seems that
    (1) for the purposes of build determinism, it's necessary
        to be able to arbitrarily set the build time.
    (2) for the purposes of continuous integration, longer duration
        between cache invalidation is better, but >=1mo is preferable.
    (3) for security purposes, timebombs would ideally be as close to
        the actual time of the build as possible. It must be in the past.
    (4) HSTS certificate pinning is valid for 70 days. To make CI builds enforce
        HTST pinning, <=1mo is preferable.
    
    All of these can reasonably be satisfied by using different settings for CI
    versus official builds:
    - For official build, the build time is set to 5:00am of the day of the build or
      the day before.
    - For continuous integration build, the build time is set to the current month.
      If the current day is within the first week of the month and last Sunday
      wasn't part of the current month, the Sunday of the previous month is used.
      This results that cache invalidation happens on a Sunday, which is preferable
      from an infrastructure standpoint.
    - In the case that the build time needs to be set to a specific value (i.e. to
      reproduce a build), the GN/GYP variable 'override_build_date' can be used to
      set the BUILD_DATE explicitly. Its format is "Mmm DD YYYY".
    
    The way it is done is:
    - Generate $target_gen_dir/generated_build_date.h that defines BUILD_DATE. Its
      value depends on if an official build is done or not.
    - This step depends on build/util/LASTCHANGE so it is run at every sync. The
      file is only touched if the content changed to not affect null build.
    
    Most importantly, this change removes the need of both GN/GYP variable
    "dont_embed_build_metadata" and C define "DONT_EMBED_BUILD_METADATA"; the build
    is always deterministic (up to a month) by default. This removes the risk
    oversight of forgetting to set this variable, which already happened.
    
    R=maruel@chromium.org
    BUG=489490
    
    Review URL: https://codereview.chromium.org/1641413002
    
    Cr-Commit-Position: refs/heads/master@{#375136}
    08d91b75
build_time.h 949 Bytes