Source: cpio Version: 2.11+dfsg-4 Severity: wishlist User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps fileordering
Hi! While working on the “reproducible builds” effort [1], we have noticed that cpio could not be built reproducibly. The attached patch fixes this for our experimental framework. It contains several small changes for `debian/rules`. [1]: https://wiki.debian.org/ReproducibleBuilds -- Lunar .''`. lu...@debian.org : :Ⓐ : # apt-get install anarchism `. `'` `-
diff -Nru cpio-2.11+dfsg/debian/changelog cpio-2.11+dfsg/debian/changelog --- cpio-2.11+dfsg/debian/changelog 2014-12-22 12:42:30.000000000 +0100 +++ cpio-2.11+dfsg/debian/changelog 2015-01-02 16:17:48.000000000 +0100 @@ -1,3 +1,12 @@ +cpio (2.11+dfsg-4.0~reproducible1) UNRELEASED; urgency=low + + * Make the package build reproducibly: + - Fix mtimes before building binary packages. + - Stop recording the current time when creating gzip files. + - Sort file list in md5sums. + + -- Jérémy Bobbio <lu...@debian.org> Fri, 02 Jan 2015 16:15:58 +0100 + cpio (2.11+dfsg-4) unstable; urgency=high [ Michael Gilbert <mgilb...@debian.org> ] diff -Nru cpio-2.11+dfsg/debian/rules cpio-2.11+dfsg/debian/rules --- cpio-2.11+dfsg/debian/rules 2014-03-22 23:22:58.000000000 +0100 +++ cpio-2.11+dfsg/debian/rules 2015-01-02 16:15:57.000000000 +0100 @@ -19,6 +19,8 @@ STRIP = strip endif +BUILD_DATE := $(shell dpkg-parsechangelog | sed -n -e 's/^Date: //p') + ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) INSTALL_PROGRAM += -s endif @@ -83,16 +85,18 @@ # Install changelog & copyright install -m 644 debian/changelog \ debian/tmp-win32/usr/share/doc/$(package)-win32/changelog.Debian - gzip -9v debian/tmp-win32/usr/share/doc/$(package)-win32/* + gzip -9nv debian/tmp-win32/usr/share/doc/$(package)-win32/* install -m 644 debian/copyright debian/tmp-win32/usr/share/doc/$(package)-win32/. # Generate md5sums - cd debian/tmp-win32 && find * -type f ! -regex '^DEBIAN/.*' -print0 | xargs -r0 md5sum > DEBIAN/md5sums + cd debian/tmp-win32 && find * -type f ! -regex '^DEBIAN/.*' -print0 | LC_ALL=C sort -z | xargs -r0 md5sum > DEBIAN/md5sums # Generate deb file dpkg-gencontrol -pcpio-win32 -Pdebian/tmp-win32 chown -R root.root debian/tmp-win32 chmod -R g-ws debian/tmp-win32 + find debian/tmp-win32 -depth -newermt '$(BUILD_DATE)' -print0 | \ + xargs -0r touch --no-dereference --date='$(BUILD_DATE)' dpkg-deb --build debian/tmp-win32 .. binary-arch: checkroot build @@ -125,20 +129,22 @@ # Install changelog & copyright install -m 644 debian/changelog \ debian/tmp/usr/share/doc/$(package)/changelog.Debian - gzip -9v debian/tmp/usr/share/doc/$(package)/* - gzip -9v debian/tmp/usr/share/man/*/* + gzip -9nv debian/tmp/usr/share/doc/$(package)/* + gzip -9nv debian/tmp/usr/share/man/*/* rm -rf debian/tmp/usr/share/info install -m 644 debian/copyright debian/tmp/usr/share/doc/$(package)/. # Determine shared library dependencies dpkg-shlibdeps debian/tmp/bin/cpio debian/tmp/bin/mt-gnu # Generate md5sums - cd debian/tmp && find * -type f ! -regex '^DEBIAN/.*' -print0 | xargs -r0 md5sum > DEBIAN/md5sums + cd debian/tmp && find * -type f ! -regex '^DEBIAN/.*' -print0 | LC_ALL=C sort -z | xargs -r0 md5sum > DEBIAN/md5sums # Generate deb file dpkg-gencontrol -pcpio -Pdebian/tmp chown -R root.root debian/tmp chmod -R g-ws debian/tmp + find debian/tmp -depth -newermt '$(BUILD_DATE)' -print0 | \ + xargs -0r touch --no-dereference --date='$(BUILD_DATE)' dpkg-deb --build debian/tmp .. define checkdir
signature.asc
Description: Digital signature