From 765afe8f6af05a8505951a6ece03721c50f19bec Mon Sep 17 00:00:00 2001
From: Al Cutter <al@google.com>
Date: Mon, 30 Oct 2023 14:03:23 +0000
Subject: [PATCH] Use a time-based semver version for dev builds, and log build
 versions at boot time. (#43)

---
 Makefile | 5 +++--
 go.mod   | 2 +-
 go.sum   | 4 ++--
 main.go  | 6 +++++-
 4 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 8833180..d067105 100644
--- a/Makefile
+++ b/Makefile
@@ -14,12 +14,13 @@
 
 BUILD_USER ?= $(shell whoami)
 BUILD_HOST ?= $(shell hostname)
+BUILD_EPOCH ?= $(shell /bin/date -u "+%s")
 BUILD_DATE ?= $(shell /bin/date -u "+%Y-%m-%d %H:%M:%S")
 BUILD_TAGS = linkramsize,linkramstart,linkprintk
 BUILD = ${BUILD_USER}@${BUILD_HOST} on ${BUILD_DATE}
 REV = $(shell git rev-parse --short HEAD 2> /dev/null)
 LOG_ORIGIN ?= "DEV.armoredwitness.transparency.dev/${USER}"
-GIT_SEMVER_TAG ?= $(shell (git describe --tags --exact-match --match 'v*.*.*' 2>/dev/null || git describe --match 'v*.*.*' --tags 2>/dev/null || git describe --tags 2>/dev/null || echo -n 'v0.0.0+'`git rev-parse HEAD`) | tail -c +2 )
+GIT_SEMVER_TAG ?= $(shell (git describe --tags --exact-match --match 'v*.*.*' 2>/dev/null || git describe --match 'v*.*.*' --tags 2>/dev/null || git describe --tags 2>/dev/null || echo -n v0.0.${BUILD_EPOCH}+`git rev-parse HEAD`) | tail -c +2 )
 LOG_VERIFIER = $(shell test ${LOG_PUBLIC_KEY} && cat ${LOG_PUBLIC_KEY})
 OS_VERIFIERS = [\"$(shell test ${OS_PUBLIC_KEY1} && cat ${OS_PUBLIC_KEY1})\", \"$(shell test ${OS_PUBLIC_KEY2} && cat ${OS_PUBLIC_KEY2})\"]
 
@@ -39,7 +40,7 @@ GOENV := GO_EXTLINK_ENABLED=0 CGO_ENABLED=0 GOOS=tamago GOARM=7 GOARCH=arm
 TEXT_START := 0x90010000 # ramStart (defined in imx6/imx6ul/memory.go) + 0x10000
 TAMAGOFLAGS := -tags ${BUILD_TAGS} -trimpath \
 	-ldflags "-s -w -T $(TEXT_START) -E _rt0_arm_tamago -R 0x1000 \
-			  -X 'main.Build=${BUILD}' -X 'main.Revision=${REV}' \
+			  -X 'main.Build=${BUILD}' -X 'main.Revision=${REV}' -X 'main.Version=${GIT_SEMVER_TAG}' \
 			  -X 'main.OSLogOrigin=${LOG_ORIGIN}' \
 			  -X 'main.OSLogVerifier=${LOG_VERIFIER}' \
 			  -X 'main.OSManifestVerifiers=${OS_VERIFIERS}'"
diff --git a/go.mod b/go.mod
index fb500e9..a7c0744 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/transparency-dev/armored-witness-boot
 go 1.20
 
 require (
-	github.com/transparency-dev/armored-witness-common v0.0.0-20231012085018-f5e62744cd3e
+	github.com/transparency-dev/armored-witness-common v0.0.0-20231027110430-3802c9e3e15d
 	github.com/usbarmory/armory-boot v0.0.0-20230922092524-e66d926bc36c
 	github.com/usbarmory/tamago v0.0.0-20230922151120-1f76695abebe
 	golang.org/x/mod v0.13.0
diff --git a/go.sum b/go.sum
index f9be4e9..7d6042a 100644
--- a/go.sum
+++ b/go.sum
@@ -10,8 +10,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/pierrec/lz4/v4 v4.1.14 h1:+fL8AQEZtz/ijeNnpduH0bROTu0O3NZAlPjQxGn8LwE=
 github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/transparency-dev/armored-witness-applet v0.0.0-20230918140527-29dcafed830b h1:d8bLTgqLrvH1VJyNUTAzLyY/Ux13s7QHb19vEcTum7E=
-github.com/transparency-dev/armored-witness-common v0.0.0-20231012085018-f5e62744cd3e h1:xfRW77mjLPStON23m0cRHtkMhy/Hyc9LefW/MhFCZ2s=
-github.com/transparency-dev/armored-witness-common v0.0.0-20231012085018-f5e62744cd3e/go.mod h1:6M39UQVYzzFdzXGrJFjRC+G9D5f0icxOVkcX/yaWZss=
+github.com/transparency-dev/armored-witness-common v0.0.0-20231027110430-3802c9e3e15d h1:76yBTOSuqGXpKe7qjF1Yjzf4MOhXYryeVObzUkpKHf0=
+github.com/transparency-dev/armored-witness-common v0.0.0-20231027110430-3802c9e3e15d/go.mod h1:6M39UQVYzzFdzXGrJFjRC+G9D5f0icxOVkcX/yaWZss=
 github.com/transparency-dev/formats v0.0.0-20230920083814-0f75b1d4e813 h1:PHklaeYyhPsbhWt+MnKpBvJrsJGkPEaU1JutMj4wNqM=
 github.com/transparency-dev/formats v0.0.0-20230920083814-0f75b1d4e813/go.mod h1:J2NdDb6IhKIvF6MwCvKikz9/QStRylEtS2mv+En+jBg=
 github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=
diff --git a/main.go b/main.go
index c00033a..f9a8710 100644
--- a/main.go
+++ b/main.go
@@ -46,6 +46,7 @@ const (
 var (
 	Build    string
 	Revision string
+	Version  string
 
 	OSLogOrigin         string
 	OSLogVerifier       string
@@ -116,6 +117,7 @@ func main() {
 
 	usbarmory.LED("blue", false)
 	usbarmory.LED("white", false)
+	log.Printf("armored-witness-boot: version %v", Version)
 
 	if len(OSManifestVerifiers) == 0 {
 		panic("armored-witness-boot: missing public keys, aborting")
@@ -149,9 +151,11 @@ func main() {
 		LogVerifer:        logVerifier,
 		ManifestVerifiers: manifestVerifiers,
 	}
-	if err := bv.Verify(*os); err != nil {
+	manifest, err := bv.Verify(*os)
+	if err != nil {
 		panic(fmt.Sprintf("armored-witness-boot: kernel verification error, %v", err))
 	}
+	log.Printf("armored-witness-boot: loaded kernel version %v", manifest.GitTagName)
 
 	// For reference, this is how we'd fall back to verifying signatures only.
 	if false {