Bug#894441: dpkg-buildpackage: SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries. Breaks M-A:same
Jean-Michel Vourgère
nirgal at debian.org
Thu Apr 5 15:43:58 UTC 2018
On Friday, 30 March 2018 15:02:31 CEST Chris Lamb wrote:
> [ https://lists.debian.org/debian-security/2017/05/msg00011.html ]
On Friday, 30 March 2018 20:15:33 CEST Sven Joachim wrote:
> [ https://bugs.debian.org/843773 ]
Thanks a lot guys for pointing out that issue!
Basically, when doing bin-nmus, we really want to bump the mtime of the
distributed files. Not doing so results in some backups programs (rsync...) to
loose updates. Other programs restarting services on libraries updates
(needrestart...) would also be affected.
So, during compilation:
SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries
because it breaks Multi-Arch:same on bin-nmu.
During dpkg-deb (:
SOURCE_DATE_EPOCH must *not* ignore bin-nmu changelog entries
because it would break software relying on files mtime.
Doh!
In https://bugs.debian.org/843773#75 Ian Jackson propose to introduce a
BUILD_DATE_EPOCH (= time of sbuild binnmu invocation) be prefered over
SOURCE_DATE_EPOCH by dpkg-deb.
That would work, wouldn't it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20180405/6e1609e1/attachment.sig>
More information about the Reproducible-builds
mailing list