Bug#815716: pairs: please make the build reproducible (username)
Package: pairs
Version: 4.14.1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: username
Hi!
While working on the “reproducible builds” effort [1], we have noticed
that pairs could not be built reproducibly.
The attached patch removes extra timestamps from the build system
and
ensure a stable file order when creating the source archive. Once
applied,
pairs can be built reproducibly in our current experimental framework.
[1]: https://wiki.debian.org/ReproducibleBuilds
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.3.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru pairs-4.14.1/debian/changelog pairs-4.14.1/debian/changelog
--- pairs-4.14.1/debian/changelog 2014-09-17 00:44:43.000000000 -0700
+++ pairs-4.14.1/debian/changelog 2016-02-23 11:38:38.000000000 -0800
@@ -1,3 +1,10 @@
+pairs (4:4.14.1-1.0~reproducible1) UNRELEASED; urgency=medium
+
+ * Add --owner=root --group=root --numeric-owner to tar command line
+ patch to make package build reproducibly.
+
+ -- Scarlett Clark <sgclark@kubuntu.org> Tue, 23 Feb 2016 11:35:26 -0800
+
pairs (4:4.14.1-1) unstable; urgency=medium
* New upstream release (4.14.1).
diff -Nru pairs-4.14.1/debian/patches/series pairs-4.14.1/debian/patches/series
--- pairs-4.14.1/debian/patches/series 1969-12-31 16:00:00.000000000 -0800
+++ pairs-4.14.1/debian/patches/series 2016-02-23 13:12:06.000000000 -0800
@@ -0,0 +1 @@
+update_tar_flags_reproducibility_timestamps.diff
diff -Nru pairs-4.14.1/debian/patches/update_tar_flags_reproducibility_timestamps.diff pairs-4.14.1/debian/patches/update_tar_flags_reproducibility_timestamps.diff
--- pairs-4.14.1/debian/patches/update_tar_flags_reproducibility_timestamps.diff 1969-12-31 16:00:00.000000000 -0800
+++ pairs-4.14.1/debian/patches/update_tar_flags_reproducibility_timestamps.diff 2016-02-23 13:09:07.000000000 -0800
@@ -0,0 +1,18 @@
+Description: Add --owner=root --group=root --numeric-owner to tar command line.
+ To fix buid reproducibility.
+Forwarded: TBD
+Author: Scarlett Clark <sgclark-guest@users.alioth.debian.org>
+
+diff --git a/themes/CMakeLists.txt b/themes/CMakeLists.txt
+index fa3ae67..8597ccb 100644
+--- a/themes/CMakeLists.txt
++++ b/themes/CMakeLists.txt
+@@ -47,7 +47,7 @@ function(create_theme _baseName)
+ else(WIN32)
+ add_custom_command(OUTPUT ${_template}
+ COMMAND tar ARGS cjf
+- ${_template} ${_files}
++ ${_template} --owner=root --group=root --numeric-owner ${_files}
+ DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/${_baseName}"
+ WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/${_baseName}"
+ )
Reply to: