[Reproducible-builds] Bug#793721: signify: please make the mtimes reproducible

Sun, 26 Jul 2015 10:57:39 -0700 

Source: signify
Version: 1.14-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Hi!

While working on the “reproducible builds” effort [1], we have noticed
that signify could not be built reproducibly.

The attached patch sets the mtimes of all files which are modified
during the built to the date of the last changelog entry in order to
produce files with reproducible metadata. Please also consider this
other bug from the reproducible builds team:
https://bugs.debian.org/777062

Cheers,
akira

[1]: https://wiki.debian.org/ReproducibleBuilds


diff -Nru signify-1.14/debian/changelog signify-1.14/debian/changelog
--- signify-1.14/debian/changelog       2004-05-05 14:03:52.000000000 +0200
+++ signify-1.14/debian/changelog       2015-07-26 09:56:44.000000000 +0200
@@ -1,3 +1,10 @@
+signify (1.14-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix mtimes before building binary packages to produce reproducible output
+
+ -- akira <marival...@gmail.com>  Sun, 26 Jul 2015 09:53:45 +0200
+
 signify (1.14-1) unstable; urgency=low
 
   * improved handling of existing signify process
diff -Nru signify-1.14/debian/rules signify-1.14/debian/rules
--- signify-1.14/debian/rules   2004-01-18 05:56:26.000000000 +0100
+++ signify-1.14/debian/rules   2015-07-26 09:53:43.000000000 +0200
@@ -6,7 +6,7 @@
 
 package        := signify
 
-
+export SOURCE_DATE_EPOCH = $(shell date -d "$$(dpkg-parsechangelog --count 1 
-SDate)" +%s)
 
 default:
        @echo "What to do?"
@@ -52,6 +52,8 @@
        chown -R root.root debian/tmp
        chmod -R go=rX debian/tmp
        dpkg-gencontrol -is -ip
+       find debian/tmp -newermt "@$$SOURCE_DATE_EPOCH" -print0 | \
+               xargs -0r touch --no-dereference --date="@$$SOURCE_DATE_EPOCH"
        dpkg --build debian/tmp
        dpkg-name -o -s .. debian/tmp.deb

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Reply via email to