On 2018-03-30 20:15, Sven Joachim wrote:
On 2018-03-30 15:02 +0100, Chris Lamb wrote:
[adding 894441@ to CC]
Hi Jean-Michel,
Filled as #894441
https://bugs.debian.org/894441
Thanks for this. I was just briefly wondering whether this is related
to:
https://lists.debian.org/debian-security/2017/05/msg00011.html
It seems so. What you are describing there had been noticed by Ian
Jackson before:
https://lists.debian.org/debian-devel/2016/11/msg00328.html
Ian then filed bug #843773 against sbuild, and as a result sbuild (as
of
version 0.73.0-1) no longer reuses the timestamp of the last changelog
entry in binNMUs.
The same version of sbuild introduced a --binNMU-timestamp option, and
I
think wanna-build should use it to achieve a consistent
SOURCE_DATE_EPOCH across architectures in binNMUs. Something along
these lines had already been proposed in #843773.
I'd hold that the sourceful uploads Ubuntu does (XbuildY) are actually a
cleaner solution to the problem. The cute hack is necessary because a)
our policies discourage sourceful NMUs heavily and b) scheduling an
automatic rebuild is more than a simple RPC call and involves a
re-upload of the whole source package.
Right now wanna-build still has no notion of a consistent state across
architectures. So just like version picking is already done in higher
level orchestration (wb) that tool would need to provide the timestamps
as well. Information is also lost whenever new state is merged, although
practically that's probably not a problem here because a new sourceful
build would be pushed to all architectures mostly at once anyway.
Kind regards
Philipp Kern
_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
