Source: mailfilter Version: 0.8.4-1 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: fileordering umask X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org
Hi! While working on the "reproducible builds" effort [1], we have noticed that mailfilter could not be built reproducibly. A tarball generated during build is unsorted and has varying permissions depending on umask. A Makefile inside also varies with different shells. The attached patch fixes those issues. Regards, Reiner [1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/rules b/debian/rules index d93b262..44d2fa1 100755 --- a/debian/rules +++ b/debian/rules @@ -1,12 +1,13 @@ #!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all -BUILD_DATE := $(shell dpkg-parsechangelog --show-field Date) +export CONFIG_SHELL=/bin/bash %: dh $@ --with autotools-dev override_dh_auto_install: dh_auto_install - LC_ALL=C tar -cf - ./contrib --mtime="$(BUILD_DATE)" | gzip -n -9 > ./debian/mailfilter/usr/share/doc/mailfilter/contrib.tar.gz + LC_ALL=C tar -cf - ./contrib --sort=name --clamp-mtime --mtime="@$(SOURCE_DATE_EPOCH)" --mode=go=rX,u+rw,a-s --owner=root --group=root --numeric-owner \ + | gzip -n -9 > ./debian/mailfilter/usr/share/doc/mailfilter/contrib.tar.gz
signature.asc
Description: Digital signature