Package: koko-data Severity: wishlist Tags: patch upstream X-Debbugs-Cc: User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps
Dear Maintainer, I'm an occasional volunteer contributor to the Reproducible Builds[1] project, and noticed recently that the koko-data package failed some automated Debian package reproducibility tests[2][3]. It looks like the cause of the non-reproducibility is that a zipfile extracted by libarchive (as used internally by cmake) during the build is output with a differing mtime based on the timezone that the build occurs in, since zipfiles are written with file modification times based on the local system they were created on. Some discussion of this behaviour can be found[4] on the libarchive bugtracker. Please find attached a patch to temporarily use a fixed (UTC) timezone during the relevant unzip step of the build process; I've confirmed that this results in a fixed output mtime for the cities1000.txt file when building in different timezones using dpkg-buildpackage on trixie. I'll also offer this as a merge request on Salsa. Thank you, James [1] - https://reproducible-builds.org [2] - https://tests.reproducible-builds.org/debian/rb-pkg/unstable/arm64/diffoscope-results/koko.html [3] - https://salsa.debian.org/DebianOnMobile-team/koko/-/jobs/5423718 [4] - https://github.com/libarchive/libarchive/issues/945
From: James Addison <j...@jp-hosting.net> Date: Tue, 12 Mar 2024 11:37:43 +0000 Subject: unzip the cities1000.zip file using a fixed timezone Zipfiles are not timezone-aware; that is, files are typically written to a zip archive with modification-times that are determined from the local system time. . That means that extracting the same zipfile in two different timezones may produce different output file modification-times. This occurs when libarchive (as used by cmake) extracts the cities1000.zip file when building this package. . To build the package reproducibly, this patch temporarily configures a fixed timezone of UTC during extraction of the cities1000.zip zipfile. . Ref: https://github.com/libarchive/libarchive/issues/945 --- --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -145,7 +145,7 @@ if (NOT EXISTS ${CMAKE_CURRENT_BINARY_DIR}/cities1000.zip) endif() execute_process( - COMMAND ${CMAKE_COMMAND} -E tar -xzf ${CMAKE_CURRENT_BINARY_DIR}/cities1000.zip + COMMAND env TZ=UTC ${CMAKE_COMMAND} -E tar -xzf ${CMAKE_CURRENT_BINARY_DIR}/cities1000.zip WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} )