From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 20 Jan 2026 14:28:59 +0000 (+0100)
Subject: bootctl,sbsign: fix $SOURCE_DATE_EPOCH parsing
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6edc812305f2cac26534c0aa29d1d1329fd0029;p=thirdparty%2Fsystemd.git

bootctl,sbsign: fix $SOURCE_DATE_EPOCH parsing

This fixes two things:

* $SOURCE_DATE_EPOCH is previously treated as usec, while it's in seconds
* >= 0 is passed to log_debug_errno(), triggering assertion

Replaces #40403
---

diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
index ebaf5720b5a..ac15ce8020e 100644
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@@ -16,12 +16,12 @@
 #include "efi-fundamental.h"
 #include "efivars.h"
 #include "env-file.h"
-#include "env-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
 #include "glyph-util.h"
 #include "id128-util.h"
+#include "install-file.h"
 #include "io-util.h"
 #include "kernel-config.h"
 #include "log.h"
@@ -597,17 +597,12 @@ static int install_entry_token(void) {
 
 #if HAVE_OPENSSL
 static int efi_timestamp(EFI_TIME *ret) {
-        uint64_t epoch = UINT64_MAX;
         struct tm tm = {};
         int r;
 
         assert(ret);
 
-        r = secure_getenv_uint64("SOURCE_DATE_EPOCH", &epoch);
-        if (r != -ENXIO)
-                log_debug_errno(r, "Failed to parse $SOURCE_DATE_EPOCH, ignoring: %m");
-
-        r = localtime_or_gmtime_usec(epoch != UINT64_MAX ? epoch : now(CLOCK_REALTIME), /* utc= */ true, &tm);
+        r = localtime_or_gmtime_usec(source_date_epoch_or_now(), /* utc= */ true, &tm);
         if (r < 0)
                 return log_error_errno(r, "Failed to convert timestamp to calendar time: %m");
 
diff --git a/src/sbsign/sbsign.c b/src/sbsign/sbsign.c
index ba09350e843..d13dc5e326a 100644
--- a/src/sbsign/sbsign.c
+++ b/src/sbsign/sbsign.c
@@ -9,10 +9,10 @@
 #include "build.h"
 #include "copy.h"
 #include "efi-fundamental.h"
-#include "env-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
+#include "install-file.h"
 #include "io-util.h"
 #include "log.h"
 #include "main-func.h"
@@ -293,16 +293,12 @@ static int spc_indirect_data_content_new(const void *digest, size_t digestsz, ui
 
 static int asn1_timestamp(ASN1_TIME **ret) {
         ASN1_TIME *time;
-        uint64_t epoch = UINT64_MAX;
-        int r;
 
         assert(ret);
 
-        r = secure_getenv_uint64("SOURCE_DATE_EPOCH", &epoch);
-        if (r != -ENXIO)
-                log_debug_errno(r, "Failed to parse $SOURCE_DATE_EPOCH, ignoring: %m");
+        usec_t epoch = parse_source_date_epoch();
 
-        if (epoch == UINT64_MAX) {
+        if (epoch == USEC_INFINITY) {
                 time = X509_gmtime_adj(NULL, 0);
                 if (!time)
                         return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get current time: %s",