[Debian-med-packaging] Differences in repackaged tarballs (Was: libsbml_5.4.1-2_amd64.changes REJECTED)

Andreas Tille andreas at an3as.eu
Thu Apr 5 18:50:58 UTC 2012 

On Thu, Apr 05, 2012 at 07:04:41PM +0200, Thorsten Alteholz wrote:
> 
> >  http://lists.debian.org/debian-devel/2012/01/msg00378.html
> >
> >I do not consider it strange any more.  The changed timestamp of
> >directories makes a valid point here.
> 
> This article is about pristine tar and I have to admit that I know
> almost nothing about this.

Please read again.  It says pristine tar (which I do not know either)
does a lot of stuff to *prevent* the effect we are seeing.
 
> I am just wondering why a simple unzip and tar/gzip should not
> always give the same result.
> - After I zip and unzip something, both directories are identical, so
>   here are good default values that preserve everything.
> - If I tar a directory several times, the resulting tar files are
>   different. There is an information in the tar header about the last
>   modification of the tar file.
>   This is bad in our case and can be avoided by setting a well defined
>   modification time  => --mtime 0

You probably need to set the time of the directories which just get the
time stamp of the unzip process.  Once you tar this at different times
unzipped directory tree you get a different md5sum.  Perhaps would it
work to set a defined date for all dirs - however, I finally admitted
what Russ said:  It might not be worth the effort if you just follow the
rule to fetch the orig.tar.gz form the Debian mirror once it is there.

> - Almost the same is valid for gzip and can be avoided with --no-name

That's what we are doing in most get-orig-source scripts.

> So your line might look like:
> 
> >  GZIP="--best --no-name" tar --mtime 0 --owner=root --group=root \
> >                               --mode=a+rX -czf ...
> 
> and everything should be fine, right?

As far as I have understood the article this is *not* sufficient in all
cases but is somehow the best you can reasonably do.  I'm not very
motivated to spend more of my time into this finally minor issue (=can't
see the profit of our users when succeeding in this).

Kind regards

        Andreas.

-- 
http://fam-tille.de

More information about the Debian-med-packaging mailing list