[Reproducible-builds] Bug#793706: mpack: please make the mtimes reproducible

Sun, 26 Jul 2015 10:46:38 -0700 

Source: mpack
Version: 1.6-8
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Hi!

While working on the “reproducible builds” effort [1], we have noticed
that mpack could not be built reproducibly.

The attached patch sets the mtimes of all files which are modified
during the built to the date of the last changelog entry in order to
produce files with reproducible metadata. Please also consider this
other bug from the reproducible builds team:
https://bugs.debian.org/777376

Cheers,
akira

[1]: https://wiki.debian.org/ReproducibleBuilds


diff -Nru mpack-1.6/debian/changelog mpack-1.6/debian/changelog
--- mpack-1.6/debian/changelog  2012-06-10 01:02:11.000000000 +0200
+++ mpack-1.6/debian/changelog  2015-07-24 14:29:58.000000000 +0200
@@ -1,3 +1,10 @@
+mpack (1.6-8.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix mtimes before building binary packages to produce reproducible output
+
+ -- akira <marival...@gmail.com>  Fri, 24 Jul 2015 14:29:09 +0200
+
 mpack (1.6-8) unstable; urgency=low
 
   * CVE-2011-4919 - Fix permissions
diff -Nru mpack-1.6/debian/rules mpack-1.6/debian/rules
--- mpack-1.6/debian/rules      2012-06-10 01:00:43.000000000 +0200
+++ mpack-1.6/debian/rules      2015-07-24 14:29:06.000000000 +0200
@@ -14,6 +14,8 @@
 export DEB_HOST  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 export DEB_BUILD ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 
+export SOURCE_DATE_EPOCH = $(shell date -d "$$(dpkg-parsechangelog --count 1 
-SDate)" +%s)
+
 #export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 DPKG_EXPORT_BUILDFLAGS = 1
 include /usr/share/dpkg/buildflags.mk
@@ -65,6 +67,8 @@
        install -d ${DEBDIR}
        dpkg-shlibdeps ${BINDIR}/*
        dpkg-gencontrol -isp
+       find debian/tmp -newermt "@$$SOURCE_DATE_EPOCH" -print0 | \
+               xargs -0r touch --no-dereference --date="@$$SOURCE_DATE_EPOCH"
        dpkg-deb -Zbzip2 -z9 --build debian/tmp ..
 
 binary: binary-indep binary-arch

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Reply via email to