Hello community, here is the log from the commit of package libtomcrypt for openSUSE:Factory checked in at 2017-06-07 09:50:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libtomcrypt (Old) and /work/SRC/openSUSE:Factory/.libtomcrypt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtomcrypt" Wed Jun 7 09:50:43 2017 rev:5 rq:499509 version:1.17 Changes: -------- --- /work/SRC/openSUSE:Factory/libtomcrypt/libtomcrypt.changes 2016-02-25 21:52:40.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libtomcrypt.new/libtomcrypt.changes 2017-06-07 09:50:44.258414250 +0200 @@ -1,0 +2,6 @@ +Mon May 29 13:08:06 UTC 2017 - [email protected] + +- Add reproducible.patch to sort input files to make build reproducible + (boo#1041090) + +------------------------------------------------------------------- New: ---- reproducible.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libtomcrypt.spec ++++++ --- /var/tmp/diff_new_pack.sx2Q26/_old 2017-06-07 09:50:45.022306294 +0200 +++ /var/tmp/diff_new_pack.sx2Q26/_new 2017-06-07 09:50:45.022306294 +0200 @@ -31,6 +31,8 @@ Source3: %{name}.changes # PATCH-FIX-UPSTREAM libtomcrypt-makefile.shared.patch Patch0: %{name}-makefile.shared.patch +# PATCH-FIX-UPSTREAM https://github.com/libtom/libtomcrypt/pull/222 +Patch1: reproducible.patch BuildRequires: libtool BuildRequires: texlive-latex BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -84,6 +86,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE3}")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" ++++++ reproducible.patch ++++++ https://github.com/libtom/libtomcrypt/pull/222 sort input files when building packages (e.g. for openSUSE Linux) (random) filesystem order of input files influences ordering of functions in the output, thus without the patch, builds (in disposable VMs) would differ. See https://reproducible-builds.org/ for why this matters. Index: libtomcrypt-1.17/makefile.shared =================================================================== --- libtomcrypt-1.17.orig/makefile.shared +++ libtomcrypt-1.17/makefile.shared @@ -249,7 +249,7 @@ testprof/$(LIBTEST): objs: $(OBJECTS) $(LIBNAME): $(OBJECTS) testprof/$(LIBTEST) - libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION) + libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | sort | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION) install: $(LIBNAME) install -d $(DESTDIR)$(LIBPATH) Index: libtomcrypt-1.17/testprof/makefile.shared =================================================================== --- libtomcrypt-1.17.orig/testprof/makefile.shared +++ libtomcrypt-1.17/testprof/makefile.shared @@ -18,7 +18,7 @@ endif default: $(LIBTEST) $(LIBTEST): $(OBJECTS) - libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION) + libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | sort | xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION) install: $(LIBTEST) libtool --silent --mode=install install -c $(LIBTEST) $(DESTDIR)$(LIBPATH)/$(LIBTEST)
