Source: libtomcrypt Version: 1.17-7 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org
Hi! While working on the "reproducible builds" effort [1], we have noticed that libtomcrypt could not be built reproducibly. Because of #734109, a patch has been added to fix the reproducibility of crypt.pdf. It enforces timestamps based on the modification date of crypt.tex. But because of a newer patch from 2015 (fix-latex-here.patch), the modification time is changed on each build process, so the pdf file became unreproducible. There are now two possible solutions: - drop the original patch (deterministic-latex.patch), as texlive supports SOURCE_DATE_EPOCH since last week, so the pdf would be reproducible without the patch. Though I saw that the patch has already been applied upstream, so alternatively: - amend the patch to favor SOURCE_DATE_EPOCH over stat, if it is set. This is done by the attached patch. Regards, Reiner [1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/patches/deterministic-latex.patch b/debian/patches/deterministic-latex.patch
index f9cbb05..b9d426c 100644
--- a/debian/patches/deterministic-latex.patch
+++ b/debian/patches/deterministic-latex.patch
@@ -16,7 +16,7 @@ Index: libtomcrypt/makefile
rm -f doc/crypt.pdf $(LEFTOVERS)
+ cp crypt.tex crypt.bak
+ touch --reference=crypt.tex crypt.bak
-+ (echo "\\def\\fixedpdfdate{"; date +'D:%Y%m%d%H%M%S%:z' -d @$$(stat --format=%Y crypt.tex) | sed "s/:\([0-9][0-9]\)$$/'\1'}/g") > crypt-deterministic.tex
++ (echo "\\def\\fixedpdfdate{"; date +'D:%Y%m%d%H%M%S%:z' -d @$${SOURCE_DATE_EPOCH:-$$(stat --format=%Y crypt.tex)} | sed "s/:\([0-9][0-9]\)$$/'\1'}/g") > crypt-deterministic.tex
+ echo "\\pdfinfo{" >> crypt-deterministic.tex
+ echo "/CreationDate (\fixedpdfdate)" >> crypt-deterministic.tex
+ echo "/ModDate (\fixedpdfdate) }" >> crypt-deterministic.tex
signature.asc
Description: PGP signature
