Source: libtomcrypt
Version: 1.17-7
Severity: wishlist
Tags: patch
Usertags: timestamps


While working on the "reproducible builds" effort [1], we have noticed
that libtomcrypt could not be built reproducibly.
Because of #734109, a patch has been added to fix the reproducibility
of crypt.pdf. It enforces timestamps based on the modification date of
crypt.tex. But because of a newer patch from 2015 (fix-latex-here.patch),
the modification time is changed on each build process, so the pdf file
became unreproducible.

There are now two possible solutions:
- drop the original patch (deterministic-latex.patch), as texlive
  supports SOURCE_DATE_EPOCH since last week, so the pdf would be
  reproducible without the patch.
  Though I saw that the patch has already been applied upstream,
  so alternatively:
- amend the patch to favor SOURCE_DATE_EPOCH over stat, if it is set.
  This is done by the attached patch.


diff --git a/debian/patches/deterministic-latex.patch b/debian/patches/deterministic-latex.patch
index f9cbb05..b9d426c 100644
--- a/debian/patches/deterministic-latex.patch
+++ b/debian/patches/deterministic-latex.patch
@@ -16,7 +16,7 @@ Index: libtomcrypt/makefile
  	rm -f doc/crypt.pdf $(LEFTOVERS)
 +	cp crypt.tex crypt.bak
 +	touch --reference=crypt.tex crypt.bak
-+	(echo "\\def\\fixedpdfdate{"; date +'D:%Y%m%d%H%M%S%:z' -d @$$(stat --format=%Y crypt.tex) | sed "s/:\([0-9][0-9]\)$$/'\1'}/g") > crypt-deterministic.tex
++	(echo "\\def\\fixedpdfdate{"; date +'D:%Y%m%d%H%M%S%:z' -d @$${SOURCE_DATE_EPOCH:-$$(stat --format=%Y crypt.tex)} | sed "s/:\([0-9][0-9]\)$$/'\1'}/g") > crypt-deterministic.tex
 +	echo "\\pdfinfo{" >> crypt-deterministic.tex
 +	echo "/CreationDate (\fixedpdfdate)" >> crypt-deterministic.tex
 +	echo "/ModDate (\fixedpdfdate) }" >> crypt-deterministic.tex

Attachment: signature.asc
Description: PGP signature

Reproducible-builds mailing list

Reply via email to