[Reproducible-builds] GSoC 2015 Week 3: Move forward reproducible builds

Sun Jun 14 19:04:03 UTC 2015

Hi,

During this third week I continued working on fixing timestamp related
issues.

Regarding the issue of timestamps captured by dpkg (packages not using
dh_debbuild), Lunar has suggested a better approach for it. The current
approach was add the following line in the build script (debian/rules),
just before calling `dpkg --build`  so that files created at build time
get a fixed and known date:

`find debian/tmp -newermt '$(BUILD_DATE)' -print0 | \
xargs -0r touch --no-dereference --date='$(BUILD_DATE)'`

With the previous declaration of the `BUILD_DATE` variable:

`BUILD_DATE := $(shell dpkg-parsechangelog --show-field Date)`

Lunar's suggestion is to add a functionality as an option to the tar
package (--clamp-mtime) which will change the stored timestamps in the
metadata of the tar file, only of files which were newer than a given
time. This approach gives the same result without being intrusive on the
build script and without touching the filesystem (files mtimes are not
touched, only the tar metadata is modified). With this, dpkg could call
tar with this option and solve the reproducibility issue. Lunar sent
this patch to tar upstream and is positive that they will accept it
(eventhough right now they don't seem to be convinced).

This week I have patched packages witch had these issues:
- Timestamps embedded into compiled binaries from C/C++ source code due
to the usage of the __DATE__ and __TIME__ macros [1]

The packages I patched are the following:

## 14/06
- https://reproducible.debian.net/rb-pkg/unstable/amd64/0xffff.html
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788747

- https://reproducible.debian.net/rb-pkg/unstable/amd64/abcm2ps.html
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788748

- https://reproducible.debian.net/rb-pkg/unstable/amd64/amideco.html
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788750

- https://reproducible.debian.net/rb-pkg/unstable/amd64/amsynth.html
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788751

- https://reproducible.debian.net/rb-pkg/unstable/amd64/analog.html
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788752

-
https://reproducible.debian.net/rb-pkg/unstable/amd64/aolserver4-nsmysql.html
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788753

- https://reproducible.debian.net/rb-pkg/unstable/amd64/antpm.html
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788754

-
https://reproducible.debian.net/rb-pkg/unstable/amd64/aolserver4-nssqlite3.html
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788756

[1] https://wiki.debian.org/ReproducibleBuilds/TimestampsFromCPPMacros
-- 
Dhole

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150614/8d1ac942/attachment.sig>