Several flaws were identified with the previous approach at generating
the build timestamp during compilation:

- Recursive expansion of the BUILD_STAMP make variable caused changing
  values upon each gcc call
- Partial recompiling could also lead to changing BUILD_STAMP values in
  objects

While it is possible to work around the above issues using simple
expansion and a mandatorily recompiled source file holding the values,
generating the stamp at configure time is a much simpler solution and
deemed sufficient enough for the purpose.

While at it:

- Respect SOURCE_DATE_EPOCH environment variable to support reproducible
  builds, suggested by Philipp Bartsch
- Guard the header against multiple inclusion, just in case

Fixes: 64c07e38f049 ("table: Embed creating nft version into userdata")
Reported-by: Arnout Engelen <arnout@bzzt.net>
Closes: https://github.com/NixOS/nixpkgs/issues/478048
Sugested-by: Philipp Bartsch <phil@grmr.de>
Cc: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 Makefile.am  |  2 --
 configure.ac | 16 ++++++++--------
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 5c7c197f43ca7..c60c2e63d5aff 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -159,8 +159,6 @@ AM_CFLAGS = \
 	\
 	$(GCC_FVISIBILITY_HIDDEN) \
 	\
-	-DMAKE_STAMP=$(MAKE_STAMP) \
-	\
 	$(NULL)
 
 AM_YFLAGS = -d -Wno-yacc
diff --git a/configure.ac b/configure.ac
index dd172e88ca581..ff1d86213eb80 100644
--- a/configure.ac
+++ b/configure.ac
@@ -152,20 +152,20 @@ AC_CONFIG_COMMANDS([stable_release],
                    [stable_release=$with_stable_release])
 AC_CONFIG_COMMANDS([nftversion.h], [
 (
+	echo "#ifndef NFTABLES_NFTVERSION_H"
+	echo "#define NFTABLES_NFTVERSION_H"
+	echo ""
 	echo "static char nftversion[[]] = {"
 	echo "	${VERSION}," | tr '.' ','
 	echo "	${STABLE_RELEASE}"
 	echo "};"
-	echo "static char nftbuildstamp[[]] = {"
-	for i in `seq 56 -8 0`; do
-		echo "	((uint64_t)MAKE_STAMP >> $i) & 0xff,"
-	done
-	echo "};"
+	printf "static char nftbuildstamp[[]] = { "
+	printf "%.16x" "$(printenv SOURCE_DATE_EPOCH || date '+%s')" | \
+		sed -e 's/\(..\)/0x\1, /g' -e 's/, $/ };\n/'
+	echo ""
+	echo "#endif /* NFTABLES_NFTVERSION_H */"
 ) >nftversion.h
 ])
-# Current date should be fetched exactly once per build,
-# so have 'make' call date and pass the value to every 'gcc' call
-AC_SUBST([MAKE_STAMP], ["\$(shell date +%s)"])
 
 AC_ARG_ENABLE([distcheck],
 	      AS_HELP_STRING([--enable-distcheck], [Build for distcheck]),
-- 
2.51.0