[Reproducible-builds] Bug#832099: lintian: please check for unnecessary SOURCE_DATE_EPOCH assignments

Russ Allbery rra at debian.org
Fri Jul 22 21:31:15 UTC 2016


Mattia Rizzolo <mattia at debian.org> writes:
> On Fri, Jul 22, 2016 at 12:14:56PM -0700, Russ Allbery wrote:

>> I think that's fine in this case, since not setting that variable
>> doesn't break the build.  It just means the build isn't reproducible,
>> which is an optional feature.

> 1/ it's an optional feature *for now*.  I'd really love to see it being
>    mandated asap.

I'm not sure that's a good idea, although it's mostly an intuitive
reaction and I can't think of a specific counter-example off the top of my
head.

I do think we should support reproducible builds for all packages, and
that our default build should be reproducible.  I'm just not sure that we
should rule out allowing packages to be configured to use default upstream
behavior for timestamps and whatnot, if it's not the default.

> 2/ it can break the build: I don't know if this is already present in
>    some package out there, but just think of calling a tool 'foo'
>    setting a cli flag 'bar' to SDE:
>      foo --bar="$(SOURCE_DATE_EPOCH)"
>    for example, using tar:
>      tar --mtime="@$(SOURCE_DATE_EPOCH)" -c -f out.tar in
>    this is a valid command when SDE is set, but it's going to fail as
>    soon as it's not set anymore, I fear; and it makes a lot of sense in
>    a d/rules to tar something up.

Good point -- in cases like that, the packager probably should set this
variable directly in debian/rules since the rest of the build does depend
on it.  (I don't think this is the typical use case, but there are
probably a few cases like this.)

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>



More information about the Reproducible-builds mailing list