On Thu Aug 31, 2017 at 10:57 AM CEST, Chris Lamb wrote: >> mk-origtargz: create reproducible tarballs and --mtime option > > Adding a Reproducible Builds usertag and pinging the ML -- I hadn't > spotted this wishlist bug before.
How about adding f.e. ``--sort name`` to the tar invocation? That parameter was explicitly added for reproducibility here: https://salsa.debian.org/kernel-team/linux/-/commit/ea024852d4 The Debian kernel team switched from their own 'genorig.py' script to using ``uscan``, which IIUC invokes mk-origtargz here: https://salsa.debian.org/kernel-team/linux/-/commit/55243dbd8d6842f But I want to use my local clone of the upstream kernel instead of downloading ~250MB each time, so I want to restore that 'genorig.py' script for myself, but still get identical results. The sha256sums of the uncompressed tar archives are identical and diff-ing the extracted orig.tar.xz archives showed no difference at all. So I went looking what could be the reason why the sha256sums of the orig.tar.xz files were different. And that's when I found the first mentioned commit. And reproducibility is good, so it seems best if mk-origtargz is improved to produce reproducible results. So a +1 on this feature request from me. Cheers, Diederik
signature.asc
Description: PGP signature
