mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures

When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible
images.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromum.org>
diff --git a/include/image.h b/include/image.h
index 420b8ff..3bb7d29 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1009,6 +1009,7 @@
  * @comment:	Comment to add to signature nodes
  * @require_keys: Mark all keys as 'required'
  * @engine_id:	Engine to use for signing
+ * @cmdname:	Command name used when reporting errors
  *
  * Adds hash values for all component images in the FIT blob.
  * Hashes are calculated for all component images which have hash subnodes
@@ -1022,7 +1023,7 @@
  */
 int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
 			      const char *comment, int require_keys,
-			      const char *engine_id);
+			      const char *engine_id, const char *cmdname);
 
 int fit_image_verify_with_data(const void *fit, int image_noffset,
 			       const void *data, size_t size);
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 6f09a66..3c26535 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -60,7 +60,8 @@
 		ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
 						params->comment,
 						params->require_keys,
-						params->engine_id);
+						params->engine_id,
+						params->cmdname);
 	}
 
 	if (dest_blob) {
diff --git a/tools/image-host.c b/tools/image-host.c
index be2d59b..09e4f47 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -106,7 +106,7 @@
  */
 static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
 		int value_len, const char *comment, const char *region_prop,
-		int region_proplen)
+		int region_proplen, const char *cmdname)
 {
 	int string_size;
 	int ret;
@@ -128,8 +128,12 @@
 	}
 	if (comment && !ret)
 		ret = fdt_setprop_string(fit, noffset, "comment", comment);
-	if (!ret)
-		ret = fit_set_timestamp(fit, noffset, time(NULL));
+	if (!ret) {
+		time_t timestamp = imagetool_get_source_date(cmdname,
+							     time(NULL));
+
+		ret = fit_set_timestamp(fit, noffset, timestamp);
+	}
 	if (region_prop && !ret) {
 		uint32_t strdata[2];
 
@@ -201,7 +205,8 @@
 static int fit_image_process_sig(const char *keydir, void *keydest,
 		void *fit, const char *image_name,
 		int noffset, const void *data, size_t size,
-		const char *comment, int require_keys, const char *engine_id)
+		const char *comment, int require_keys, const char *engine_id,
+		const char *cmdname)
 {
 	struct image_sign_info info;
 	struct image_region region;
@@ -229,7 +234,7 @@
 	}
 
 	ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
-			NULL, 0);
+			NULL, 0, cmdname);
 	if (ret) {
 		if (ret == -FDT_ERR_NOSPACE)
 			return -ENOSPC;
@@ -296,7 +301,7 @@
  */
 int fit_image_add_verification_data(const char *keydir, void *keydest,
 		void *fit, int image_noffset, const char *comment,
-		int require_keys, const char *engine_id)
+		int require_keys, const char *engine_id, const char *cmdname)
 {
 	const char *image_name;
 	const void *data;
@@ -333,7 +338,7 @@
 				strlen(FIT_SIG_NODENAME))) {
 			ret = fit_image_process_sig(keydir, keydest,
 				fit, image_name, noffset, data, size,
-				comment, require_keys, engine_id);
+				comment, require_keys, engine_id, cmdname);
 		}
 		if (ret)
 			return ret;
@@ -574,7 +579,7 @@
 static int fit_config_process_sig(const char *keydir, void *keydest,
 		void *fit, const char *conf_name, int conf_noffset,
 		int noffset, const char *comment, int require_keys,
-		const char *engine_id)
+		const char *engine_id, const char *cmdname)
 {
 	struct image_sign_info info;
 	const char *node_name;
@@ -609,7 +614,7 @@
 	}
 
 	ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
-				region_prop, region_proplen);
+				region_prop, region_proplen, cmdname);
 	if (ret) {
 		if (ret == -FDT_ERR_NOSPACE)
 			return -ENOSPC;
@@ -638,7 +643,7 @@
 
 static int fit_config_add_verification_data(const char *keydir, void *keydest,
 		void *fit, int conf_noffset, const char *comment,
-		int require_keys, const char *engine_id)
+		int require_keys, const char *engine_id, const char *cmdname)
 {
 	const char *conf_name;
 	int noffset;
@@ -657,7 +662,7 @@
 			     strlen(FIT_SIG_NODENAME))) {
 			ret = fit_config_process_sig(keydir, keydest,
 				fit, conf_name, conf_noffset, noffset, comment,
-				require_keys, engine_id);
+				require_keys, engine_id, cmdname);
 		}
 		if (ret)
 			return ret;
@@ -668,7 +673,7 @@
 
 int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
 			      const char *comment, int require_keys,
-			      const char *engine_id)
+			      const char *engine_id, const char *cmdname)
 {
 	int images_noffset, confs_noffset;
 	int noffset;
@@ -691,7 +696,8 @@
 		 * i.e. component image node.
 		 */
 		ret = fit_image_add_verification_data(keydir, keydest,
-				fit, noffset, comment, require_keys, engine_id);
+				fit, noffset, comment, require_keys, engine_id,
+				cmdname);
 		if (ret)
 			return ret;
 	}
@@ -715,7 +721,7 @@
 		ret = fit_config_add_verification_data(keydir, keydest,
 						       fit, noffset, comment,
 						       require_keys,
-						       engine_id);
+						       engine_id, cmdname);
 		if (ret)
 			return ret;
 	}