Hi,
I wrote this many times, but I don't see why we should use any "upstream tarball" when the Git repository itself contains the tarball with:
git archive --prefix=$(DEBPKGNAME)-$(VERSION)/ $(GIT_TAG) \ | xz >../$(DEBPKGNAME)_$(VERSION).orig.tar.xz
(which leads to a .xz, which is nicer)
"git archive" is reproducible, for simplicity I wouldn't use a prefix though. xz has some issues with reproducibility, AFAIK "-T2" makes it disable some internal heuristics that are based on the machine it is running on, and generates consistent output.
Simon
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature