Source: debootstrap
Version: 1.0.66
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
Hi!
While working on the “reproducible builds” effort [1], we have noticed
that debootstrap could not be built reproducibly.
The current build process captures the build time when devices.tar.gz is
created. The attached patch will use the time of the latest
debian/changelog entry as the mtime for devices.tar members, and remove
the timestamp from the gzip header of devices.tar.gz.
debootstrap can then be built reproducibly within our current
framework.
[1]: https://wiki.debian.org/ReproducibleBuilds
--
Lunar .''`.
lunar@debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
From 7e09ce8dd142e7334afba41f8033ae4ba0f179c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Bobbio?= <lunar@debian.org>
Date: Sun, 28 Dec 2014 12:52:01 +0100
Subject: [PATCH] Use debian/changelog timestmap as mtime for devices.tar
members
We also remove the timestamp in gzip header. This enables debootstap to be
built reproducibly.
---
Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 6f70f35..c2d93aa 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,6 @@
# avoid dpkg-dev dependency; fish out the version with sed
VERSION := $(shell sed 's/.*(\(.*\)).*/\1/; q' debian/changelog)
+DATE := $(shell sed -n '/^ -- /{s/.*> \(.*\)/\1/p;q}' debian/changelog)
MAKEDEV := /sbin/MAKEDEV
@@ -35,7 +36,7 @@ devices.tar.gz:
chown 0:0 dev
chmod 755 dev
(cd dev && $(MAKEDEV) std ptmx fd consoleonly)
- tar cf - dev | gzip -9 >devices.tar.gz
+ tar --mtime="$(DATE)" -cf - dev | gzip -9n >devices.tar.gz
@if [ "$$(tar tvf devices.tar.gz | wc -l)" -lt 2 ]; then \
echo " ** devices.tar.gz is empty!" >&2; \
exit 1; \
--
1.9.1
Attachment:
signature.asc
Description: Digital signature