Bug#1035405: bnd: reproducible-builds: build timestamps in files inside of .jar
Vagrant Cascadian
vagrant at reproducible-builds.org
Wed May 3 00:55:49 BST 2023
Source: bnd
Severity: normal
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps timezone
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org
The build timestamp is embedded inside a jar embedded inside
/usr/share/java/bnd-5.0.1.jar:
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/bnd.html
embedded-repo.jar
Timestamp:·1715504316639\xd
vs.
Timestamp:·1681094408754\xd
The attached patch fixes this from debian/rules by replacing the
Timestamp field with SOURCE_DATE_EPOCH.
Alternately, a better fix might be to figure out exactly where the
${_ at tstamp} value is derived from, and add SOURCE_DATE_EPOCH support to
that. There are various functions throughout the codebase that affect
TSTAMP, _tstamp and _ at tstamp, but I could not find the right one to fix
this particular issue. In debian/patches there are a few which
presumably fix other issues by adding SOURCE_DATE_EPOCH support.
According to my local tests, with this patch applied, bnd should build
reproducibly on tests.reproducible-builds.org!
Thanks for maintaining bnd!
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-debian-rules-Override-the-timestamp-used-in-embedded.patch
Type: text/x-diff
Size: 1205 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20230502/4c394f90/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20230502/4c394f90/attachment.sig>
More information about the pkg-java-maintainers
mailing list