sysusers: make sp_lstchg shadow field reproducible

If the environment variable SOURCE_DATE_EPOCH is set, use its value
instead of the current time.

1 files changed, 14 insertions, 1 deletions

diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 8b2c242e7c..491e4a0ea2 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -10,6 +10,7 @@
 #include "creds-util.h"
 #include "def.h"
 #include "dissect-image.h"
+#include "env-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "format-util.h"
@@ -525,6 +526,18 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char
         return 0;
 }
 
+static usec_t epoch_or_now(void) {
+        uint64_t epoch;
+
+        if (getenv_uint64_secure("SOURCE_DATE_EPOCH", &epoch) >= 0) {
+                if (epoch > UINT64_MAX/USEC_PER_SEC) /* Overflow check */
+                        return USEC_INFINITY;
+                return (usec_t) epoch * USEC_PER_SEC;
+        }
+
+        return now(CLOCK_REALTIME);
+}
+
 static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char **tmpfile_path) {
         _cleanup_fclose_ FILE *original = NULL, *shadow = NULL;
         _cleanup_(unlink_and_freep) char *shadow_tmp = NULL;
@@ -545,7 +558,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
         if (r < 0)
                 return log_debug_errno(r, "Failed to open temporary copy of %s: %m", shadow_path);
 
-        lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
+        lstchg = (long) (epoch_or_now() / USEC_PER_DAY);
 
         original = fopen(shadow_path, "re");
         if (original) {