[Reproducible-builds] debhelper: set SOURCE_DATE_EPOCH env var for reproducible builds

Dhole dhole at openmailbox.org
Wed Jul 8 17:48:07 UTC 2015 

Source: debhelper
Version: 9.20150628
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: toolchain timestamps

Hi!

While working on the “reproducible builds” effort [1] we have a proposal
of using deterministic timestamps [2] (based on the latest
debian/changelog entry) which is to be set in the environment variable
SOURCE_DATE_EPOCH.

The attached patch makes debhelper export the SOURCE_DATE_EPOCH env
variable during the execution with the latest debian/changelog entry
timestamp, so that packages running during the build process can read it
and replace localtime date/times calls with the exported timestamp in
order to have reproducible builds.

Also, in order to help reproducible builds, a fixed timezone is exported
(TZ=UTC).

 [1]: https://wiki.debian.org/ReproducibleBuilds
 [2]: https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal

Regards,
-- 
Dhole
-------------- next part --------------
diff -Nru debhelper-9.20150628/debian/changelog debhelper-9.20150628+nmu1/debian/changelog
--- debhelper-9.20150628/debian/changelog	2015-06-28 13:56:15.000000000 +0200
+++ debhelper-9.20150628+nmu1/debian/changelog	2015-07-08 19:35:19.000000000 +0200
@@ -1,3 +1,12 @@
+debhelper (9.20150628+nmu1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * export the env var SOURCE_DATE_EPOCH with the last debian/changelog
+    timestamp.
+  * set env TZ=UTC
+
+ -- Dhole <dhole at openmailbox.org>  Wed, 08 Jul 2015 19:34:46 +0200
+
 debhelper (9.20150628) unstable; urgency=medium
 
   * Upload to unstable with ddebs support disabled by default.
diff -Nru debhelper-9.20150628/Debian/Debhelper/Dh_Lib.pm debhelper-9.20150628+nmu1/Debian/Debhelper/Dh_Lib.pm
--- debhelper-9.20150628/Debian/Debhelper/Dh_Lib.pm	2015-06-28 13:24:32.000000000 +0200
+++ debhelper-9.20150628+nmu1/Debian/Debhelper/Dh_Lib.pm	2015-07-08 19:34:25.000000000 +0200
@@ -1144,12 +1144,44 @@
 	}
 }
 
+# Read latest debian/changelog timestamp and export the environment variable
+# SOURCE_DATE_EPOCH with its value, so that any package can read it and replace 
+# calls to localtime (or other undeterministic timestamps) with the exported 
+# timestamp to get reproducible builds.
+sub set_source_date_epoch {
+	eval "use Dpkg::Changelog::Debian";
+	if ($@) {
+		warning "unable to set SOURCE_DATE_EPOCH: $@";
+		return;
+	}
+	eval "use Time::Piece";
+	if ($@) {
+		warning "unable to set SOURCE_DATE_EPOCH: $@";
+		return;
+	}
+
+	my $changelog = Dpkg::Changelog::Debian->new();
+	$changelog->load("debian/changelog");
+
+	my $tt = @{$changelog}[0]->get_timestamp();
+	$tt =~ s/\s*\([^\)]+\)\s*$//; # Remove the optional timezone codename
+	my $timestamp = Time::Piece->strptime($tt, "%a, %d %b %Y %T %z");
+
+	$ENV{SOURCE_DATE_EPOCH} = $timestamp->epoch();
+}
+
 # Sets environment variables from dpkg-buildflags. Avoids changing
 # any existing environment variables.
 sub set_buildflags {
-	return if $ENV{DH_INTERNAL_BUILDFLAGS} || compat(8);
+	return if $ENV{DH_INTERNAL_BUILDFLAGS};
 	$ENV{DH_INTERNAL_BUILDFLAGS}=1;
 
+	set_source_date_epoch();
+	# Set env timezone to UTC to help packages build reproducibly
+	$ENV{TZ} = "UTC";
+
+	return if compat(8);
+
 	eval "use Dpkg::BuildFlags";
 	if ($@) {
 		warning "unable to load build flags: $@";
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150708/92e1c9d3/attachment.sig>

More information about the Reproducible-builds mailing list