Source: mpack Version: 1.6-8 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
Hi! While working on the “reproducible builds” effort [1], we have noticed that mpack could not be built reproducibly. The attached patch sets the mtimes of all files which are modified during the built to the date of the last changelog entry in order to produce files with reproducible metadata. Please also consider this other bug from the reproducible builds team: https://bugs.debian.org/777376 Cheers, akira [1]: https://wiki.debian.org/ReproducibleBuilds
diff -Nru mpack-1.6/debian/changelog mpack-1.6/debian/changelog --- mpack-1.6/debian/changelog 2012-06-10 01:02:11.000000000 +0200 +++ mpack-1.6/debian/changelog 2015-07-24 14:29:58.000000000 +0200 @@ -1,3 +1,10 @@ +mpack (1.6-8.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Fix mtimes before building binary packages to produce reproducible output + + -- akira <marival...@gmail.com> Fri, 24 Jul 2015 14:29:09 +0200 + mpack (1.6-8) unstable; urgency=low * CVE-2011-4919 - Fix permissions diff -Nru mpack-1.6/debian/rules mpack-1.6/debian/rules --- mpack-1.6/debian/rules 2012-06-10 01:00:43.000000000 +0200 +++ mpack-1.6/debian/rules 2015-07-24 14:29:06.000000000 +0200 @@ -14,6 +14,8 @@ export DEB_HOST ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) export DEB_BUILD ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +export SOURCE_DATE_EPOCH = $(shell date -d "$$(dpkg-parsechangelog --count 1 -SDate)" +%s) + #export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk @@ -65,6 +67,8 @@ install -d ${DEBDIR} dpkg-shlibdeps ${BINDIR}/* dpkg-gencontrol -isp + find debian/tmp -newermt "@$$SOURCE_DATE_EPOCH" -print0 | \ + xargs -0r touch --no-dereference --date="@$$SOURCE_DATE_EPOCH" dpkg-deb -Zbzip2 -z9 --build debian/tmp .. binary: binary-indep binary-arch
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds