[Pkg-javascript-devel] Bug#1000769: node-marked: please make the build reproducible

Chris Lamb lamby at debian.org
Sun Nov 28 19:39:13 GMT 2021 

Source: node-marked
Version: 4.0.5+ds-1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0] we noticed that
node-marked could not be built reproducibly.

This is because the existing reproducible.patch is not complete and
misses a copyright notice that has a nondeterministic date. A patch
to the current packaging is attached, but as this is a "diff of a
diff", I have also attached an updated reproducible.patch.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
--- a/debian/patches/reproducible.patch	2021-11-28 11:34:20.634085499 -0800
--- b/debian/patches/reproducible.patch	2021-11-28 11:37:35.838392663 -0800
@@ -3,9 +3,18 @@
 Forwarded: not-needed
 Last-Update: 2020-12-01
 
---- a/rollup.config.js
-+++ b/rollup.config.js
-@@ -19,7 +19,7 @@
+--- node-marked-4.0.5+ds.orig/rollup.config.js
++++ node-marked-4.0.5+ds/rollup.config.js
+@@ -19,7 +19,7 @@ The code in this file is generated from
+     license({
+       banner: `
+ marked - a markdown parser
+-Copyright (c) 2011-${new Date().getFullYear()}, Christopher Jeffrey. (MIT Licensed)
++Copyright (c) 2011-${(new Date(process.env.SOURCE_DATE_EPOCH ? (process.env.SOURCE_DATE_EPOCH * 1000) : new Date().getTime())).getFullYear()}, Christopher Jeffrey. (MIT Licensed)
+ https://github.com/markedjs/marked
+ `
+     }),
+@@ -46,7 +46,7 @@ The code in this file is generated from
      license({
        banner: `
  marked - a markdown parser
--- a/rollup.config.js	2021-11-28 11:34:20.634085499 -0800
--- b/rollup.config.js	2021-11-28 11:37:32.802388038 -0800
@@ -46,7 +46,7 @@
     license({
       banner: `
 marked - a markdown parser
-Copyright (c) 2011-${new Date().getFullYear()}, Christopher Jeffrey. (MIT Licensed)
+Copyright (c) 2011-${(new Date(process.env.SOURCE_DATE_EPOCH ? (process.env.SOURCE_DATE_EPOCH * 1000) : new Date().getTime())).getFullYear()}, Christopher Jeffrey. (MIT Licensed)
 https://github.com/markedjs/marked
 `
     }),
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reproducible.patch
Type: text/x-patch
Size: 1076 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20211128/761d1924/attachment.bin>

More information about the Pkg-javascript-devel mailing list