Source: blosxom
Version: 2.1.2-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
Hi!
While working on the “reproducible builds” effort [1], we have noticed
that blosxom could not be built reproducibly.
The attached patch sets the mtimes of all files which are modified
during the built to the date of the last changelog entry in order to
produce files with reproducible metadata.
Cheers,
akira
[1]: https://wiki.debian.org/ReproducibleBuilds
diff -u blosxom-2.1.2/debian/changelog blosxom-2.1.2/debian/changelog
--- blosxom-2.1.2/debian/changelog
+++ blosxom-2.1.2/debian/changelog
@@ -1,3 +1,10 @@
+blosxom (2.1.2-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix mtimes before building binary packages to produce reproducible output
+
+ -- akira <marival...@gmail.com> Thu, 16 Jul 2015 23:03:56 +0200
+
blosxom (2.1.2-1) unstable; urgency=high
* New upstream release: Fixes Cross-Site Scripting (XSS) vulnerability with
diff -u blosxom-2.1.2/debian/rules blosxom-2.1.2/debian/rules
--- blosxom-2.1.2/debian/rules
+++ blosxom-2.1.2/debian/rules
@@ -12,7 +12,7 @@
INSTALL_SCRIPT = $(INSTALL) -p -oroot -groot -m755
INSTALL_DIR = $(INSTALL) -p -d -oroot -groot -m755
-
+BUILD_DATE := $(shell dpkg-parsechangelog --show-field Date)
clean:
$(checkdir)
@@ -72,6 +72,8 @@
dpkg-gencontrol -ldebian/changelog -isp -p$(PKG) -P$(TMP)
cd $(TMP) && find * -type f ! -regex '^DEBIAN/.*' -print0 | \
xargs -r0 md5sum > DEBIAN/md5sums
+ find $(TMP) -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(TMP) ..
_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
