[Reproducible-builds] Bug#793721: signify: please make the mtimes reproducible

Maria Valentina Marin marivalenm at gmail.com
Sun Jul 26 17:52:05 UTC 2015 

Source: signify
Version: 1.14-1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org

Hi!

While working on the “reproducible builds” effort [1], we have noticed
that signify could not be built reproducibly.

The attached patch sets the mtimes of all files which are modified
during the built to the date of the last changelog entry in order to
produce files with reproducible metadata. Please also consider this
other bug from the reproducible builds team:
https://bugs.debian.org/777062

Cheers,
akira

[1]: https://wiki.debian.org/ReproducibleBuilds

-------------- next part --------------
diff -Nru signify-1.14/debian/changelog signify-1.14/debian/changelog
--- signify-1.14/debian/changelog	2004-05-05 14:03:52.000000000 +0200
+++ signify-1.14/debian/changelog	2015-07-26 09:56:44.000000000 +0200
@@ -1,3 +1,10 @@
+signify (1.14-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix mtimes before building binary packages to produce reproducible output
+
+ -- akira <marivalenm at gmail.com>  Sun, 26 Jul 2015 09:53:45 +0200
+
 signify (1.14-1) unstable; urgency=low
 
   * improved handling of existing signify process
diff -Nru signify-1.14/debian/rules signify-1.14/debian/rules
--- signify-1.14/debian/rules	2004-01-18 05:56:26.000000000 +0100
+++ signify-1.14/debian/rules	2015-07-26 09:53:43.000000000 +0200
@@ -6,7 +6,7 @@
 
 package	:= signify
 
-
+export SOURCE_DATE_EPOCH = $(shell date -d "$$(dpkg-parsechangelog --count 1 -SDate)" +%s)
 
 default:
 	@echo "What to do?"
@@ -52,6 +52,8 @@
 	chown -R root.root debian/tmp
 	chmod -R go=rX debian/tmp
 	dpkg-gencontrol -is -ip
+	find debian/tmp -newermt "@$$SOURCE_DATE_EPOCH" -print0 | \
+		xargs -0r touch --no-dereference --date="@$$SOURCE_DATE_EPOCH"
 	dpkg --build debian/tmp
 	dpkg-name -o -s .. debian/tmp.deb
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150726/12cb0728/attachment.sig>

More information about the Reproducible-builds mailing list