Bug#894441: dpkg-buildpackage: SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries. Breaks M-A:same
Julien Cristau
jcristau at debian.org
Thu Apr 12 13:21:18 BST 2018
Control: severity -1 wishlist
On 04/12/2018 02:10 PM, Guillem Jover wrote:
> Control: reassign -1 buildd.debian.org
>
> Hi!
>
> On Thu, 2018-04-05 at 17:43:58 +0200, Jean-Michel Vourgère wrote:
>> On Friday, 30 March 2018 15:02:31 CEST Chris Lamb wrote:
>>> [ https://lists.debian.org/debian-security/2017/05/msg00011.html ]
>>
>> On Friday, 30 March 2018 20:15:33 CEST Sven Joachim wrote:
>>> [ https://bugs.debian.org/843773 ]
>>
>> Thanks a lot guys for pointing out that issue!
>>
>> Basically, when doing bin-nmus, we really want to bump the mtime of the
>> distributed files. Not doing so results in some backups programs (rsync...) to
>> loose updates. Other programs restarting services on libraries updates
>> (needrestart...) would also be affected.
>>
>>
>> So, during compilation:
>> SOURCE_DATE_EPOCH must ignore bin-nmu changelog entries
>> because it breaks Multi-Arch:same on bin-nmu.
>>
>> During dpkg-deb (:
>> SOURCE_DATE_EPOCH must *not* ignore bin-nmu changelog entries
>> because it would break software relying on files mtime.
>>
>> Doh!
>>
>> In https://bugs.debian.org/843773#75 Ian Jackson propose to introduce a
>> BUILD_DATE_EPOCH (= time of sbuild binnmu invocation) be prefered over
>> SOURCE_DATE_EPOCH by dpkg-deb.
>>
>> That would work, wouldn't it?
>
> Please, see my reply at <https://bugs.debian.org/843773#132>. This is
> really a fundamental problem with binNMUs+multiarch-refcounting or how
> they are being issued. :)
>
Indeed. I suspect eventually we'll make no-change sourceful uploads
less labor intensive and binNMUs will go away, but we're not there right
now.
Cheers,
Julien
More information about the Reproducible-builds
mailing list