Package: gitpkg Version: 0.26 Severity: wishlist The tarballs created by gitpkg are not reproducible. I am running gitpkg against tuptime here, and it gives me this:
[1022]anarcat@angela:test$ diffoscope 3.3.0.tar.gz deb-packages/tuptime/ build-tuptime_3.3.0-1_20160412+19.53.log tuptime_3.3.0-1_amd64.deb tuptime_3.3.0-1.dsc tuptime_3.3.0-1_amd64.changes tuptime_3.3.0-1.debian.tar.xz tuptime_3.3.0.orig.tar.gz [1022]anarcat@angela:test$ diffoscope 3.3.0.tar.gz deb-packages/tuptime/tuptime_3.3.0.orig.tar.gz --- 3.3.0.tar.gz +++ deb-packages/tuptime/tuptime_3.3.0.orig.tar.gz ├── metadata │ @@ -1 +1 @@ │ -gzip compressed data, from Unix │ +gzip compressed data, last modified: Tue Apr 12 19:53:23 2016, from Unix ╵ To reproduce this: 1014 wget https://github.com/rfrail3/tuptime/archive/3.3.0.tar.gz 1015 git clone g...@github.com:anarcat/tuptime.git 1016 cd tuptime/ 1017 ~/dist/gitpkg/gitpkg --exit-hook=dpkg-buildpackage-exit-hook 3.3.0-1 3.3.0 1018 gitpkg --exit-hook=dpkg-buildpackage-exit-hook 3.3.0-1 3.3.0 1019 pwd 1020 cd ../ 1021 ls 1022 diffoscope 3.3.0.tar.gz deb-packages/tuptime/tuptime_3.3.0.orig.tar.gz To fix this: diff --git a/gitpkg b/gitpkg index cfb0b7c..ba0a38c 100755 --- a/gitpkg +++ b/gitpkg @@ -680,9 +680,9 @@ build_with_exported_orig() # handles making tarballs badly anyhow and will leave the .orig suffix # in the path inside them. - echo "tar cf - $DEB_PACKAGE(.orig) | $ORIG_COMPRESSOR$ORIG_COMPRESS_LEVEL > $DEB_ORIG" + echo "tar cf - $DEB_PACKAGE(.orig) | $ORIG_COMPRESSOR -n $ORIG_COMPRESS_LEVEL > $DEB_ORIG" tar --transform "s,^$DEB_PACKAGE.orig,$DEB_PACKAGE," \ - -cf - "$DEB_PACKAGE.orig" | $ORIG_COMPRESSOR $ORIG_COMPRESS_LEVEL > "$DEB_ORIG" + -cf - "$DEB_PACKAGE.orig" | $ORIG_COMPRESSOR -n $ORIG_COMPRESS_LEVEL > "$DEB_ORIG" if ! format3_lameness; then echo "dpkg-source" "${DPKG_SOURCE_OPTS[@]}" "-b -ss $DEB_PACKAGE" @@ -885,9 +885,9 @@ else ) || exit 1 else printf "git archive --prefix=$DEB_PACKAGE/ $GITPKG_ORIG_TREEISH" - printf " | $ORIG_COMPRESSOR$ORIG_COMPRESS_LEVEL > $DEB_ORIG\n" + printf " | $ORIG_COMPRESSOR -n $ORIG_COMPRESS_LEVEL > $DEB_ORIG\n" git archive --format=tar --prefix="$DEB_PACKAGE/" "$GITPKG_ORIG_TREEISH" | - $ORIG_COMPRESSOR $ORIG_COMPRESS_LEVEL \ + $ORIG_COMPRESSOR -n $ORIG_COMPRESS_LEVEL \ > "$DEB_DIR/$DEB_SOURCE/$DEB_ORIG" ( cd "$DEB_DIR/$DEB_SOURCE" Then it all feels fuzzy and warm. Of course this assumes upstreams have clues. -- System Information: Debian Release: 8.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (1, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.2.0-0.bpo.1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gitpkg depends on: ii dpkg-dev 1.17.26 ii git 1:2.1.4-2.1+deb8u2 gitpkg recommends no packages. Versions of packages gitpkg suggests: ii devscripts 2.15.3 -- no debconf information