[Debian-lego-team] Bug#849926: Bug#849926: nxt-firmware: please make the build reproducible (timestamps)

Dominik George nik at naturalnet.de
Fri Jan 6 13:49:44 UTC 2017


Hi,

> While working on the "reproducible builds" effort [1], we have noticed
> that nxt-firmware could not be built reproducibly.
> 
> Part of the source code used to build the firmware image embeds the
> build timestamp through the __DATE__ and __TIME__ gcc macros.
> Unfortunately arm-none-eabi-gcc doesn't honour SOURCE_DATE_EPOCH yet, so
> it generates unreproducible results.
> 
> The attached patch fixes this by replacing the usage of __DATE__ and
> __TIME__ by fixed date and time strings.  Once applied, nxt-firmware can
> be built reproducibly in our current experimental framework.

Thanks for finding that!

I chose to go a slightly different way by injecting the timestamp from
the debian/changelog into the build so it does not lose all meaning.

I built the package twice and verified the resulting binary has the same
sha1sum.

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 902 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-lego-team/attachments/20170106/45f50e14/attachment.sig>


More information about the Debian-lego-team mailing list