[Pkg-fonts-devel] Bug#774274: fontforge: please use SOURCE_DATE_EPOCH for

[Theppitak Karoonboonyanan]

On Sun, Nov 10, 2019 at 11:54 PM Hideki Yamane <henrich at iijmio-mail.jp> wrote:
> On Sat, 21 Sep 2019 12:35:07 +0700 Theppitak Karoonboonyanan <theppitak at gmail.com> wrote:
> > However, as there have already been three 2019 releases (March, April, August),
> > updating from official release could be another choice.
>
>  Could you try to check it with new fontforge package in experimental?

In short, it make my package build reproducibly.

In detail, I have tried 4 builds, the first two with unstable version,
and the next two with the experimental version, then compared
the binaries.

* Type1 LaTeX deb (the one in question):

The first 3 builds all differ, while the last 2 builds are identical,
which is what we desire: the experimental version makes
the previously unreproducible build reproducible.

* TTF deb (previously reproducible):

The first 2 builds yield identical binaries,
and the last 2 builds also yield identical binaries,
but the binaries between the two sets differ.
That means the build is still reproducible with
the same fontforge version, but not with different versions.

By dumping TTX with 'ttx' command from fonttools,
the differences appear to be:
  1) the "checkSumAdjustment" in <head>
  2) the "flags" in <head>: "00000010 00011111" -> "00000000 00011111"
  3) the "fontDirectionHint" in <head>: "0" -> "2"
  4) the "underlinePosition" in <post>: "-204" -> "-102"
  5) the "FFTimeStamp" in <FFTM> (this seems to be fontforge build timestamp)
I doubt how 2), 3), 4) are changed across different fontforge versions.
But that's probably not in the scope of this bug, provided that
the build is still repoducible within the same fontforge version.

So, I think this bug could be closed now.
Thanks for your work!

Regards,
-- 
Theppitak Karoonboonyanan
http://linux.thai.net/~thep/