When creating the signed attributes, e.g. via pesign -i $in -E $in.sattrs, the ASN1 node signingTime is added containing the timestamp of the invocation of the call. The corresponding code is (1). However, this breaks reproducible builds, as neither the SOURCE_DATE_EPOCH variable is honored, nor is there an option to not include this node or pin it to a fixed point in time.
|
if (generate_time(cms, &encoded, time(NULL)) < 0) |
It would be great, if an option for that could be added (and / or the SDE is honored).
When creating the signed attributes, e.g. via
pesign -i $in -E $in.sattrs, the ASN1 nodesigningTimeis added containing the timestamp of the invocation of the call. The corresponding code is (1). However, this breaks reproducible builds, as neither theSOURCE_DATE_EPOCHvariable is honored, nor is there an option to not include this node or pin it to a fixed point in time.pesign/src/signer_info.c
Line 114 in d734b6a
It would be great, if an option for that could be added (and / or the SDE is honored).