From d9cfd77149bc84fe755b68794528e7d7cb114d1a Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Mon, 24 Sep 2018 12:21:18 -0400
Subject: [PATCH] Ensure reproducible builds - support for SOURCE_DATE_EPOCH
 with dockerized builds

- Pass in SOURCE_DATE_EPOCH when we run the docker container
- Looks like cleaning up symbol table also helps
- Also trimming the path

Tips from
- https://blog.filippo.io/reproducing-go-binaries-byte-by-byte/
- https://blog.filippo.io/shrink-your-go-binaries-with-this-one-weird-trick/

Change-Id: Iedba85d9c1a36790fb8814795f7c27c1371cff1b
---
 build/common.sh    |  1 +
 hack/lib/golang.sh | 11 ++++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/build/common.sh b/build/common.sh
index 6ace6a06a56..28d0f2a683e 100755
--- a/build/common.sh
+++ b/build/common.sh
@@ -600,6 +600,7 @@ function kube::build::run_build_command_ex() {
     --env "GOFLAGS=${GOFLAGS:-}"
     --env "GOLDFLAGS=${GOLDFLAGS:-}"
     --env "GOGCFLAGS=${GOGCFLAGS:-}"
+    --env "SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-}"
   )
 
   if [[ -n "${DOCKER_CGROUP_PARENT:-}" ]]; then
diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
index bbe778ed35e..20c44d8679a 100755
--- a/hack/lib/golang.sh
+++ b/hack/lib/golang.sh
@@ -557,6 +557,7 @@ kube::golang::build_some_binaries() {
      fi
    else
     V=2 kube::log::info "Coverage is disabled."
+    kube::log::status "go install" "${build_args[@]}" "$@"
     go install "${build_args[@]}" "$@"
    fi
 }
@@ -586,6 +587,7 @@ kube::golang::build_binaries_for_platform() {
       -installsuffix static
       ${goflags:+"${goflags[@]}"}
       -gcflags "${gogcflags:-}"
+      -asmflags "${goasmflags:-}"
       -ldflags "${goldflags:-}"
     )
     CGO_ENABLED=0 kube::golang::build_some_binaries "${statics[@]}"
@@ -595,6 +597,7 @@ kube::golang::build_binaries_for_platform() {
     build_args=(
       ${goflags:+"${goflags[@]}"}
       -gcflags "${gogcflags:-}"
+      -asmflags "${goasmflags:-}"
       -ldflags "${goldflags:-}"
     )
     kube::golang::build_some_binaries "${nonstatics[@]}"
@@ -608,6 +611,7 @@ kube::golang::build_binaries_for_platform() {
     go test -c \
       ${goflags:+"${goflags[@]}"} \
       -gcflags "${gogcflags:-}" \
+      -asmflags "${goasmflags:-}" \
       -ldflags "${goldflags:-}" \
       -o "${outfile}" \
       "${testpkg}"
@@ -661,10 +665,11 @@ kube::golang::build_binaries() {
     host_platform=$(kube::golang::host_platform)
 
     # Use eval to preserve embedded quoted strings.
-    local goflags goldflags gogcflags
+    local goflags goldflags goasmflags gogcflags
     eval "goflags=(${GOFLAGS:-})"
-    goldflags="${GOLDFLAGS:-} $(kube::version::ldflags)"
-    gogcflags="${GOGCFLAGS:-}"
+    goldflags="${GOLDFLAGS:-} -s -w $(kube::version::ldflags)"
+    goasmflags="-trimpath=${KUBE_ROOT}"
+    gogcflags="${GOGCFLAGS:-} -trimpath=${KUBE_ROOT}"
 
     local -a targets=()
     local arg