diff options
| author | zforman <zforman@google.com> | 2016-02-11 22:23:42 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-02-12 06:24:45 +0000 |
| commit | 08d91b75212b6592f05ff993d5a71c0f5a546563 (patch) | |
| tree | d9e86994229610d8cb51523ef31afbbe4ad19dc9 /tools/mb | |
| parent | f894844c6a03f9dbf716b71677f89c10a4d8f69b (diff) | |
| download | chromium_src-08d91b75212b6592f05ff993d5a71c0f5a546563.zip chromium_src-08d91b75212b6592f05ff993d5a71c0f5a546563.tar.gz chromium_src-08d91b75212b6592f05ff993d5a71c0f5a546563.tar.bz2 | |
Makes GetBuildTime behave sanely on all build types.
After discussion with maruel and agl, it seems that
(1) for the purposes of build determinism, it's necessary
to be able to arbitrarily set the build time.
(2) for the purposes of continuous integration, longer duration
between cache invalidation is better, but >=1mo is preferable.
(3) for security purposes, timebombs would ideally be as close to
the actual time of the build as possible. It must be in the past.
(4) HSTS certificate pinning is valid for 70 days. To make CI builds enforce
HTST pinning, <=1mo is preferable.
All of these can reasonably be satisfied by using different settings for CI
versus official builds:
- For official build, the build time is set to 5:00am of the day of the build or
the day before.
- For continuous integration build, the build time is set to the current month.
If the current day is within the first week of the month and last Sunday
wasn't part of the current month, the Sunday of the previous month is used.
This results that cache invalidation happens on a Sunday, which is preferable
from an infrastructure standpoint.
- In the case that the build time needs to be set to a specific value (i.e. to
reproduce a build), the GN/GYP variable 'override_build_date' can be used to
set the BUILD_DATE explicitly. Its format is "Mmm DD YYYY".
The way it is done is:
- Generate $target_gen_dir/generated_build_date.h that defines BUILD_DATE. Its
value depends on if an official build is done or not.
- This step depends on build/util/LASTCHANGE so it is run at every sync. The
file is only touched if the content changed to not affect null build.
Most importantly, this change removes the need of both GN/GYP variable
"dont_embed_build_metadata" and C define "DONT_EMBED_BUILD_METADATA"; the build
is always deterministic (up to a month) by default. This removes the risk
oversight of forgetting to set this variable, which already happened.
R=maruel@chromium.org
BUG=489490
Review URL: https://codereview.chromium.org/1641413002
Cr-Commit-Position: refs/heads/master@{#375136}
Diffstat (limited to 'tools/mb')
| -rw-r--r-- | tools/mb/mb_config.pyl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tools/mb/mb_config.pyl b/tools/mb/mb_config.pyl index 78b4e27..9716594 100644 --- a/tools/mb/mb_config.pyl +++ b/tools/mb/mb_config.pyl @@ -279,9 +279,10 @@ 'mixins': ['debug_bot_minimal_symbols'], }, + # TODO(zforman): This doesn't do anything now, find out if it can + # be removed, and remove it. 'deterministic': { 'gn_args': 'error', - 'gyp_defines': 'dont_embed_build_metadata=1', }, 'disable_nacl': { |