Add WITH_REPRODUCIBLE_BUILD src.conf(5) knob

MFC r310128: Add WITH_REPRODUCIBLE_BUILD src.conf(5) knob to disable kernel
  metadata

The kernel builds reproducibly, except for the time, date, user, and
hostname baked into the kernel (reported at startup and via the
kern.version sysctl for uname).  Add a build knob to disable the
inclusion of this metadata.

MFC r310268: Build loaders reproducibly when WITH_REPRODUCIBLE_BUILD

When WITH_REPRODUCIBLE_BUILD=yes is set in src.conf(5), eliminate the
time, user, and host from the loader's version information.  This allows
builds to produce bit-for-bit identical output.

6 files changed, 32 insertions, 4 deletions

diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk
index 17c0914..2d19b3e 100644
--- a/share/mk/src.opts.mk
+++ b/share/mk/src.opts.mk
@@ -187,6 +187,7 @@ __DEFAULT_NO_OPTIONS = \
     NAND \
     OFED \
     OPENLDAP \
+    REPRODUCIBLE_BUILD \
     SHARED_TOOLCHAIN \
     SORT_THREADS \
     SVN \
diff --git a/sys/boot/common/Makefile.inc b/sys/boot/common/Makefile.inc
index 8bd6c7d..eb17549 100644
--- a/sys/boot/common/Makefile.inc
+++ b/sys/boot/common/Makefile.inc
@@ -73,5 +73,9 @@ CFLAGS+=-I${.CURDIR}/../../../../lib/libstand
 
 CLEANFILES+=	vers.c
 VERSION_FILE?=	${.CURDIR}/version
+.if ${MK_REPRODUCIBLE_BUILD} != no
+REPRO_FLAG=	-r
+.endif
 vers.c: ${SRCTOP}/sys/boot/common/newvers.sh ${VERSION_FILE}
-	sh ${SRCTOP}/sys/boot/common/newvers.sh ${VERSION_FILE} ${NEWVERSWHAT}
+	sh ${SRCTOP}/sys/boot/common/newvers.sh ${REPRO_FLAG} ${VERSION_FILE} \
+	    ${NEWVERSWHAT}
diff --git a/sys/boot/common/newvers.sh b/sys/boot/common/newvers.sh
index 167b7cc..9547c85 100755
--- a/sys/boot/common/newvers.sh
+++ b/sys/boot/common/newvers.sh
@@ -35,11 +35,26 @@
 tempfile=$(mktemp tmp.XXXXXX) || exit
 trap "rm -f $tempfile" EXIT INT TERM
 
+include_metadata=true
+while getopts r opt; do
+	case "$opt" in
+	r)
+		include_metadata=
+		;;
+	esac
+done
+shift $((OPTIND - 1))
+
 LC_ALL=C; export LC_ALL
 u=${USER-root} h=${HOSTNAME-`hostname`} t=`date`
 #r=`head -n 6 $1 | tail -n 1 | awk -F: ' { print $1 } '`
 r=`awk -F: ' /^[0-9]\.[0-9]+:/ { print $1; exit }' $1`
 
-echo "char bootprog_info[] = \"FreeBSD/${3} ${2}, Revision ${r}\\n(${t} ${u}@${h})\\n\";" > $tempfile
+bootprog_info="FreeBSD/${3} ${2}, Revision ${r}\\n"
+if [ -n "${include_metadata}" ]; then
+	bootprog_info="$bootprog_info(${t} ${u}@${h})\\n"
+fi
+
+echo "char bootprog_info[] = \"$bootprog_info\";" > $tempfile
 echo "unsigned bootprog_rev = ${r%%.*}${r##*.};" >> $tempfile
 mv $tempfile vers.c
diff --git a/sys/conf/kern.opts.mk b/sys/conf/kern.opts.mk
index 343b4f8..bb4270e 100644
--- a/sys/conf/kern.opts.mk
+++ b/sys/conf/kern.opts.mk
@@ -47,7 +47,8 @@ __DEFAULT_NO_OPTIONS = \
     EISA \
     EXTRA_TCP_STACKS \
     NAND \
-    OFED
+    OFED \
+    REPRODUCIBLE_BUILD
 
 # Some options are totally broken on some architectures. We disable
 # them. If you need to enable them on an experimental basis, you
diff --git a/sys/conf/kern.post.mk b/sys/conf/kern.post.mk
index 128e47d..a16cb03 100644
--- a/sys/conf/kern.post.mk
+++ b/sys/conf/kern.post.mk
@@ -357,8 +357,11 @@ config.o env.o hints.o vers.o vnode_if.o:
 config.ln env.ln hints.ln vers.ln vnode_if.ln:
 	${NORMAL_LINT}
 
+.if ${MK_REPRODUCIBLE_BUILD} != "no"
+REPRO_FLAG="-r"
+.endif
 vers.c: $S/conf/newvers.sh $S/sys/param.h ${SYSTEM_DEP}
-	MAKE=${MAKE} sh $S/conf/newvers.sh ${KERN_IDENT}
+	MAKE=${MAKE} sh $S/conf/newvers.sh ${REPRO_FLAG} ${KERN_IDENT}
 
 vnode_if.c: $S/tools/vnode_if.awk $S/kern/vnode_if.src
 	${AWK} -f $S/tools/vnode_if.awk $S/kern/vnode_if.src -c
diff --git a/tools/build/options/WITH_REPRODUCIBLE_BUILD b/tools/build/options/WITH_REPRODUCIBLE_BUILD
new file mode 100644
index 0000000..5870051
--- /dev/null
+++ b/tools/build/options/WITH_REPRODUCIBLE_BUILD
@@ -0,0 +1,4 @@
+$FreeBSD$
+Set to exclude build metadata (such as the build time, user, or host)
+from the kernel, boot loaders, and uname output, so that builds produce
+bit-for-bit identical output.