[Reproducible-builds] Bug#759999: dpkg: please set reproducible timestamps in .deb ar file headers

Jérémy Bobbio lunar at debian.org
Sat Aug 30 23:00:20 UTC 2014 

Package: dpkg
Version: 1.17.14
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: toolchain, timestamps
X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org

Hi!

`.deb` are ar archives. The archive internal headers currently capture
the time when the build was made. As part of the reproducible builds
project [1], it would be great if these timestamps could be made
easily reproducible.

Guillem Jover already expressed [2] that he preferred to keep these
timestamps meaningful. The attached patches will set them to be the date
of the latest changelog entry when a package is built using
`dpkg-buildpackage`. During the discussions at DebConf14, there was a
consensus that it was the most meaningful time reference to use.

The first patch will modify `dpkg-deb` to use the same timestamp for
every member of the ar archive.

The second patch will:

 1. Make `dpkg-deb` try to look for a timestamp to use in the
    DEB_BUILD_TIMESTAMP environment variable in epoch format.
    If not set or not parseable, it will default to use the current
    time.
 2. Change `dpkg-buildpackage` to parse `debian/changelog` and preset
    DEB_BUILD_TIMESTAMP to the value of its latest entry. Unless
    DEB_BUILD_TIMESTAMP was already set in order to allow arbitrary
    dates to be reproduced.

 [1]: https://wiki.debian.org/ReproducibleBuilds
 [2]: https://bugs.debian.org/719844#10

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Use-a-single-timestamp-for-ar-headers-when-building-.patch
Type: text/x-diff
Size: 5832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20140830/9ecd9857/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Preset-build-timestamp-to-date-of-the-latest-changel.patch
Type: text/x-diff
Size: 2384 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20140830/9ecd9857/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20140830/9ecd9857/attachment.sig>

More information about the Reproducible-builds mailing list