Re: [Reproducible-builds] Bug#832099: lintian: please check for unnecessary SOURCE_DATE_EPOCH assignments

2016-07-22 Thread Russ Allbery 
Mattia Rizzolo  writes:
> On Fri, Jul 22, 2016 at 12:14:56PM -0700, Russ Allbery wrote:

>> I think that's fine in this case, since not setting that variable
>> doesn't break the build.  It just means the build isn't reproducible,
>> which is an optional feature.

> 1/ it's an optional feature *for now*.  I'd really love to see it being
>mandated asap.

I'm not sure that's a good idea, although it's mostly an intuitive
reaction and I can't think of a specific counter-example off the top of my
head.

I do think we should support reproducible builds for all packages, and
that our default build should be reproducible.  I'm just not sure that we
should rule out allowing packages to be configured to use default upstream
behavior for timestamps and whatnot, if it's not the default.

> 2/ it can break the build: I don't know if this is already present in
>some package out there, but just think of calling a tool 'foo'
>setting a cli flag 'bar' to SDE:
>  foo --bar="$(SOURCE_DATE_EPOCH)"
>for example, using tar:
>  tar --mtime="@$(SOURCE_DATE_EPOCH)" -c -f out.tar in
>this is a valid command when SDE is set, but it's going to fail as
>soon as it's not set anymore, I fear; and it makes a lot of sense in
>a d/rules to tar something up.

Good point -- in cases like that, the packager probably should set this
variable directly in debian/rules since the rest of the build does depend
on it.  (I don't think this is the typical use case, but there are
probably a few cases like this.)

-- 
Russ Allbery (r...@debian.org)   

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: [Reproducible-builds] Bug#832099: lintian: please check for unnecessary SOURCE_DATE_EPOCH assignments

2016-07-22 Thread Mattia Rizzolo 
On Fri, Jul 22, 2016 at 12:14:56PM -0700, Russ Allbery wrote:
> I think that's fine in this case, since not setting that variable doesn't
> break the build.  It just means the build isn't reproducible, which is an
> optional feature.

1/ it's an optional feature *for now*.  I'd really love to see it being
   mandated asap.
2/ it can break the build: I don't know if this is already present in
   some package out there, but just think of calling a tool 'foo'
   setting a cli flag 'bar' to SDE:
 foo --bar="$(SOURCE_DATE_EPOCH)"
   for example, using tar:
 tar --mtime="@$(SOURCE_DATE_EPOCH)" -c -f out.tar in
   this is a valid command when SDE is set, but it's going to fail as
   soon as it's not set anymore, I fear; and it makes a lot of sense in
   a d/rules to tar something up.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: [Reproducible-builds] Bug#832099: lintian: please check for unnecessary SOURCE_DATE_EPOCH assignments

2016-07-22 Thread Russ Allbery 
Mattia Rizzolo  writes:
> On Fri, Jul 22, 2016 at 11:55:46AM +0200, Chris Lamb wrote:
>> Attached is the following:
>> 
>>   commit 3b10f7dbaecedb0a458c25cc0b8615b489d424af
>>   Author: Chris Lamb 
>>   Date:   Fri Jul 22 10:54:02 2016 +0100
>>   
>>   c/rules: Check for unnecessary SOURCE_DATE_EPOCH assignments
>>   
>>   As of dpkg 1.18.8, this is no longer necessary as dpkg exports this
>>   variable if it is not already set (#75). This should encourage
>>   removing some duplicated code from a lot of our rules files.

> though, using dpkg-buildpackage is not mandatory, a package should be
> able to build with just `debian/rules binary`.  In such case SDE
> wouldn't be exported.

> This looks fairly similar to e.g. DEB_HOST_ARCH & friends variables,
> that even if they are exported by dpkg-buildpackage you should set them
> in d/rules nonetheless.

> At least, that's what my AM told me back then ^^

I think that's fine in this case, since not setting that variable doesn't
break the build.  It just means the build isn't reproducible, which is an
optional feature.

I think it's fine for optional features to only be implemented by the
surrounding build wrapper or by environment variables explicitly set by
the person building the package.  In fact, it makes somewhat more sense to
me than having debian/rules unconditionally force a reproducible build.

In other words, I think this is more akin to DEB_BUILD_OPTIONS than it is
to DEB_HOST_ARCH.

-- 
Russ Allbery (r...@debian.org)   

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds