Source: gcc-arm-none-eabi Severity: normal Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: randomness username timestamps fileordering X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
The file /autom4te.cache/requests includes non-deterministic ordering, and is shipped inside /usr/src/gcc-arm-none-eabi-source.tar.xz https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/gcc-arm-none-eabi.html Patch to debian/rules attached which excludes autom4ate.cache from the tarball, as well as sorting by name, set the user and group ids, and setting the timestamp using SOURCE_DATE_EPOCH. These additional normalizations will be needed if Rules-Requires-Root is ever enabled. It might be worth considering excluding .pc from the tarball as well; though this isn't strictly necessary for reproducible builds. This patch alone does not fix all reproducibility issues (e.g. build paths, which are only tested on unstable and experimental), but with the patch from #996194 applied, this should become reproducible once it migrates to bookworm. Thanks for maintaining gcc-arm-none-eabi! live well, vagrant
From 5d35d46092e41d95d3f9e76d8043c044ddbdca07 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagr...@reproducible-builds.org> Date: Fri, 15 Oct 2021 17:07:51 +0000 Subject: [PATCH 2/3] debian/rules: Generate tarball reproducibly. Exclude autom4ate.cache directory (contains autogenerated non-deterministic files), sort by name, set the user and group ids, and set timestamp using SOURCE_DATE_EPOCH. --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 07d9a2571..8f2e6526a 100755 --- a/debian/rules +++ b/debian/rules @@ -101,7 +101,7 @@ override_dh_strip: override_dh_install: dh_install -p$(PACKAGE_GCC) --sourcedir $(GCC_DEB_TMP_DIR) mkdir -p $(GCC_SOURCE_DEB_TMP_DIR)/usr/src - tar --exclude=build --exclude=.git --exclude=debian -C $(TOP_DIR) -c -f - . | xz -T0 > $(GCC_SOURCE_DEB_TMP_DIR)/usr/src/$(PACKAGE_GCC_SOURCE).tar.xz + tar --exclude=build --exclude=.git --exclude=debian --exclude=autom4te.cache --sort=name --mtime="@$(SOURCE_DATE_EPOCH)" --owner=0 --group=0 --numeric-owner -C $(TOP_DIR) -c -f - . | xz -T0 > $(GCC_SOURCE_DEB_TMP_DIR)/usr/src/$(PACKAGE_GCC_SOURCE).tar.xz dh_install -p$(PACKAGE_GCC_SOURCE) --sourcedir $(GCC_SOURCE_DEB_TMP_DIR) override_dh_compress: -- 2.30.2
signature.asc
Description: PGP signature