Hi Jelle, > * filebin - the package is not -git but does pull from git master, > ideally it would use #commit= and maybe verify the commit if it's > signed.
I've switched to `#tag=${pkgver}?signed` and `validpgpkeys`. Much
better than a checkout in `prepare()`, thanks!
> * srrdb-terminal-client is not reproducible at least not as you embed
> the build date.
Ah, correct. I've altered the date command to use `$SOURCE_DATE_EPOCH`,
good to know that exists.
> You can check if your package is reproducible by using `makerepropkg`.
I'll have to implement that in my pipeline, but that is something for
the weekend.
Best Regards
hashworks
--
hashworks
Web https://hashworks.net
Public Key 0x4FE7F4FEAC8EBE67
pgp2Qcw7DsoEL.pgp
Description: OpenPGP digital signature
