[Reproducible-builds] dpkg-dev: please make mtimes of packaged files deterministic
Jérémy Bobbio
lunar at debian.org
Fri Jan 15 21:28:12 UTC 2016
reassign 759886 dpkg-dev
retitle 759886 dpkg-dev: please make mtimes of packaged files deterministic
thanks
Hi!
The attached patch series is an attempt to make the mtimes of packaged
files deterministic. It is taken from the `pu/reproducible_builds`
dpkg branch maintained by the “reproducible builds” folks [1].
The first two patches introduce the idea of a canonical build timestamp
that will be used throughout dpkg-deb.
The first patch will make use of this timestamp to set the mtime in ar
headers (that's #759999). All headers will thus get the same timestamp
instead of recording the current time as they are added.
The second patch will use the --mtime and --clamp-mtime option of tar to
clamp the mtime of files recorded in control.tar and data.tar to the
build timestamp: files created at a later time will see their mtime
set to the build timestamp (that's #759886). As --clamp-mtime is only
available since tar/1.28-1 and has not yet been merged upstream,
dpkg-deb will first look for its availability by looking for the option
in the output of “tar --help”. If it's not available, it will fallback
to the previous behavior.
The third patch adds the ability to set the aforementioned build
timestamp using the SOURCE_DATE_EPOCH environment variable [2].
The forth patch changes dpkg-buildpackage to set SOURCE_DATE_EPOCH to
the time of the latest debian/changelog entry if it hasn't been already
set, effectively making the timestamps recorded by dpkg-deb in the most
common build process deterministic.
[1]: https://anonscm.debian.org/cgit/reproducible/dpkg.git/log/?h=pu/reproducible_builds
[2]: https://reproducible-builds.org/specs/source-date-epoch/
--
Lunar .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dpkg-deb-Use-a-single-timestamp-for-ar-headers-when-.patch
Type: text/x-diff
Size: 5866 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160115/6a6aea58/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-dpkg-deb-Use-the-common-build-timestamp-for-all-file.patch
Type: text/x-diff
Size: 4912 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160115/6a6aea58/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-dpkg-deb-Allow-to-set-the-build-timestamp-using-SOUR.patch
Type: text/x-diff
Size: 1941 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160115/6a6aea58/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-dpkg-buildpackage-Preset-build-timestamp-to-latest-c.patch
Type: text/x-diff
Size: 1281 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160115/6a6aea58/attachment-0003.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160115/6a6aea58/attachment.sig>
More information about the Reproducible-builds
mailing list