misleading timestamps in binnmus

Ximin Luo infinity0 at debian.org
Tue Nov 8 23:18:00 UTC 2016 

Ian Jackson:
> I have just had my backups fail due to the following chain of events:
> 
>  * I had python2.7-stdlib:amd64 2.7.12-3 installed
>  * I did a backup
>  * I upgraded to python2.7-stdlib:amd64 2.7.12-3+b1 was built
>  * I did another backup, during which:
>  * Many files were not copied to the backup volume because
>    their mtimes had not changed
>  * However, the contents of these files had changed because of the
>    rebuild
>  * My backup system is clever enough to spot that there is a problem
> 
> I see the python2.7 source package does this:
> 
>  LAST_CHANGE := $(shell dpkg-parsechangelog -S Date)
>  export BUILD_DATE := $(shell LC_ALL=C date -u +'%b %e %Y' -d '$(LAST_CHANGE)')
>  export BUILD_TIME := $(shell LC_ALL=C date -u +'%H:%M:%S' -d '$(LAST_CHANGE)')
> 
> Is this a recommended recipe ?  AIUI a buildd doing a binnmu will not
> modify the debian/changelog file.
> 
> The result is that the file timestamps will be lies after a binnmu.  I
> think this is quite undesirable.  Less careful backup programs than
> mine wouldn't notice.  The results would then be a corrupted backup,
> which would break when restored.  There are probably other bad
> consequences.
> 
> Can we come up with a better recipe ?  For example perhaps
> 
>  DEBIAN_LAST_CHANGE ?= $(shell dpkg-parsechangelog -S Date)
> 
> which would make it possible for a buildd to override the value.
> 
> Thanks for your attention.
> 

Hi Ian, we have SOURCE_DATE_EPOCH for this. debhelper, CDBS, dpkg-buildpackage and /usr/share/dpkg/pkg-info.mk set this, and possibly others. The code you quote above might have been written before we introduced this though. Yes, it should be changed.

In the spec we explicitly state that processes should not set this variable if it is already set, so buildds doing binNMUs are free to override it with a later value.

https://reproducible-builds.org/specs/source-date-epoch/

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

More information about the Reproducible-builds mailing list