Bug ID 1230361
Summary scap-security-guide: reproducible builds issue (date)
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS All
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee rumen.chikov@suse.com
Reporter bwiedemann@suse.com
QA Contact qa-bugs@suse.de
CC meissner@suse.com
Blocks 1047218
Target Milestone ---
Found By Development
Blocker --- 

While working on reproducible builds for openSUSE, I found that
our scap-security-guide varied in each build,
even when varying as little as possible.
This is because, there is a build date+time embedded in the output:

--- old//usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml
2024-09-02 13:58:51.000000000 +0000
+++ new//usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml
2024-09-02 13:58:51.000000000 +0000
@@ -1,4 +1,4 @@
-<xccdf-1.2:Tailoring xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"
id="xccdf_content-disa-delta_tailoring_default"><xccdf-1.2:version
time="2024-09-06T15:14:18.947277+00:00">1</xccdf-1.2:version><xccdf-1.2:Profile
id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"
extends="xccdf_org.ssgproject.content_profile_stig"><xccdf-1.2:title
override="true">DISA STIG for Red Hat Enterprise Linux 8</xccdf-1.2:title>
+<xccdf-1.2:Tailoring xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"
id="xccdf_content-disa-delta_tailoring_default"><xccdf-1.2:version
time="2024-09-06T15:15:45.696526+00:00">1</xccdf-1.2:version><xccdf-1.2:Profile
id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"
extends="xccdf_org.ssgproject.content_profile_stig"><xccdf-1.2:title
override="true">DISA STIG for Red Hat Enterprise Linux 8</xccdf-1.2:title>


If timestamps cannot be dropped, they should use $SOURCE_DATE_EPOCH
https://reproducible-builds.org/docs/source-date-epoch/

You are receiving this mail because: