From 1bed0f734b3f2dd876193b5cad303bfab1d250d5 Mon Sep 17 00:00:00 2001
From: will <will@256k1.dev>
Date: Sun, 27 Jul 2025 21:51:39 +0100
Subject: [PATCH] guix: warn SOURCE_DATE_EPOCH set in guix-codesign

Currently there is a warning for this in guix-build, but we also need
one in guix-codesign, otherwise the codesigned hashes are not
reproducible.

Move common functionality into prelude and call the function in both
guix actions.
---
 contrib/guix/guix-build           | 14 +-------------
 contrib/guix/guix-codesign        |  6 ++++++
 contrib/guix/libexec/prelude.bash | 20 ++++++++++++++++++++
 3 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/contrib/guix/guix-build b/contrib/guix/guix-build
index 715568c1543..ee285bf322c 100755
--- a/contrib/guix/guix-build
+++ b/contrib/guix/guix-build
@@ -73,19 +73,7 @@ mkdir -p "$VERSION_BASE"
 # SOURCE_DATE_EPOCH should not unintentionally be set
 ################
 
-if [ -n "$SOURCE_DATE_EPOCH" ] && [ -z "$FORCE_SOURCE_DATE_EPOCH" ]; then
-cat << EOF
-ERR: Environment variable SOURCE_DATE_EPOCH is set which may break reproducibility.
-
-     Aborting...
-
-Hint: You may want to:
-      1. Unset this variable: \`unset SOURCE_DATE_EPOCH\` before rebuilding
-      2. Set the 'FORCE_SOURCE_DATE_EPOCH' environment variable if you insist on
-         using your own epoch
-EOF
-exit 1
-fi
+check_source_date_epoch
 
 ################
 # Build directories should not exist
diff --git a/contrib/guix/guix-codesign b/contrib/guix/guix-codesign
index dedee135b4a..ac7aae3a180 100755
--- a/contrib/guix/guix-codesign
+++ b/contrib/guix/guix-codesign
@@ -67,6 +67,12 @@ EOF
 exit 1
 fi
 
+################
+# SOURCE_DATE_EPOCH should not unintentionally be set
+################
+
+check_source_date_epoch
+
 ################
 # The codesignature git worktree should not be dirty
 ################
diff --git a/contrib/guix/libexec/prelude.bash b/contrib/guix/libexec/prelude.bash
index f7fc932dfd3..d25c371a10c 100644
--- a/contrib/guix/libexec/prelude.bash
+++ b/contrib/guix/libexec/prelude.bash
@@ -21,6 +21,26 @@ check_tools() {
     done
 }
 
+################
+# SOURCE_DATE_EPOCH should not unintentionally be set
+################
+
+check_source_date_epoch() {
+    if [ -n "$SOURCE_DATE_EPOCH" ] && [ -z "$FORCE_SOURCE_DATE_EPOCH" ]; then
+        cat << EOF
+ERR: Environment variable SOURCE_DATE_EPOCH is set which may break reproducibility.
+
+     Aborting...
+
+Hint: You may want to:
+      1. Unset this variable: \`unset SOURCE_DATE_EPOCH\` before rebuilding
+      2. Set the 'FORCE_SOURCE_DATE_EPOCH' environment variable if you insist on
+         using your own epoch
+EOF
+        exit 1
+    fi
+}
+
 check_tools cat env readlink dirname basename git
 
 ################