Source: mono Version: 6.8.0.105+dfsg-3 Severity: normal Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps buildpath locale username X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
The time, user id, group id, locale, and in some cases build path change the resulting /usr/src/mono-source.tar.xz Attached is a patch which should consistantly produce the same mono-source.tar.xz regardless of the above variations. While this doesn't fix all of the reproducibility issues in the mono source package; it should make the mono-source binary package reproducible. The diff for mono-source is currently large enough that diffoscope often times out tests.reproducible-builds.org when comparing, which makes it harder to diagnose and troubleshoot other outstanding issues. Thanks! live well, vagrant
From b2a35ebc9e29cde7b87cab4d0a14021f2de9c453 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagr...@reproducible-builds.org> Date: Sat, 30 May 2020 18:57:52 +0000 Subject: [PATCH 1/2] mono-source: Ensure reproducible mono-source.tar.xz. Pass flags to tar to sort the input, specify mtime, user id, group id, format, locale and directory name to ensure reproducible builds: https://reproducible-builds.org/docs/archives/ --- debian/rules | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 71531b6b2b..eae72ddb36 100755 --- a/debian/rules +++ b/debian/rules @@ -125,7 +125,12 @@ endif source: source-stamp source-stamp: - cd $(DEBIAN_DIR) && tar cJf mono-source.tar.xz --exclude=mono-source.tar.xz -C ../.. $$(cd ..; basename $$(pwd)) + LC_ALL=C.UTF-8 tar cJf debian/mono-source.tar.xz --exclude=mono-source.tar.xz \ + --sort=name \ + --mtime="@${SOURCE_DATE_EPOCH}" \ + --owner=0 --group=0 --numeric-owner \ + --format=gnu \ + --transform="s|^\.|$(DEB_SOURCE_NAME)-$(UPVERSION)+dfsg|" . touch $@ autoreconf: autoreconf-stamp -- 2.20.1
signature.asc
Description: PGP signature