[Reproducible-builds] Heads-up! (was: [dpkg] 07/07: Document 184.108.40.206~reproducible1)
lunar at debian.org
Fri Mar 4 22:44:50 UTC 2016
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,15 @@
> +dpkg (220.127.116.11~reproducible1) UNRELEASED; urgency=low
> + * Use a single timestamp for ar headers when building a .deb.
> + * Use the common build timestamp for all files created at a later time if
> + tar supports then --clamp-mtime option.
> + * Allow to set the build timestamp using SOURCE_DATE_EPOCH.
> + * Preset build timestamp to latest changelog entry. Closes: #759886, #759999
> + * Normalize file permissions when creating control.tar. Closes: #787980
> + * Add support for .buildinfo files. Closes: #138409
This versions implement changes discussed in #138409. One is that we are
now capturing some environment variables in .buildinfo files. In the
case of tests.reproducible-builds.org and the prebuilder script that means
that, as it is, every package would fail to be reproducible with the
current comparison. So I refrained from uploading binaries yet.
Couple of ways out I can think of:
1. Easy quick fix: use sed to remove .buildinfo from both .changes
file, then give .changes file to diffoscope.
2. Slightly more complicated: change diffoscope to ignore most
fields in .buildinfo files.
3. More involved: finally add “ignore modules” to diffoscope and
write a module to ignore most fields in .buildinfo files. I
would enable such a module by default.
(I won't have time to work on any of this before probably 8-10 days.)
Just for the record, Guillem said on IRC that he was waiting for us to
test the treewalk code before uploading dpkg/1.18.5 which ought to fix
file ordering issues.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the Reproducible-builds