https://bugzilla.suse.com/show_bug.cgi?id=1230361 Bug ID: 1230361 Summary: scap-security-guide: reproducible builds issue (date) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: All Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: rumen.chikov@suse.com Reporter: bwiedemann@suse.com QA Contact: qa-bugs@suse.de CC: meissner@suse.com Blocks: 1047218 Target Milestone: --- Found By: Development Blocker: --- While working on reproducible builds for openSUSE, I found that our scap-security-guide varied in each build, even when varying as little as possible. This is because, there is a build date+time embedded in the output: --- old//usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml 2024-09-02 13:58:51.000000000 +0000 +++ new//usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml 2024-09-02 13:58:51.000000000 +0000 @@ -1,4 +1,4 @@ -<xccdf-1.2:Tailoring xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" id="xccdf_content-disa-delta_tailoring_default"><xccdf-1.2:version time="2024-09-06T15:14:18.947277+00:00">1</xccdf-1.2:version><xccdf-1.2:Profile id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring" extends="xccdf_org.ssgproject.content_profile_stig"><xccdf-1.2:title override="true">DISA STIG for Red Hat Enterprise Linux 8</xccdf-1.2:title> +<xccdf-1.2:Tailoring xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" id="xccdf_content-disa-delta_tailoring_default"><xccdf-1.2:version time="2024-09-06T15:15:45.696526+00:00">1</xccdf-1.2:version><xccdf-1.2:Profile id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring" extends="xccdf_org.ssgproject.content_profile_stig"><xccdf-1.2:title override="true">DISA STIG for Red Hat Enterprise Linux 8</xccdf-1.2:title> If timestamps cannot be dropped, they should use $SOURCE_DATE_EPOCH https://reproducible-builds.org/docs/source-date-epoch/ -- You are receiving this mail because: You are on the CC list for the bug.