On Sat, Aug 28, 2021 at 06:36:24PM +0100, Ximin Luo wrote: > plugwash: > > package: dh-cargo > > > > Recently a substantial number of upstream cargo packages started using > > timestamps the ftpmasters > > consider reject-worthy, I believe this was done in the name of > > reproducibility. > > > > On what basis are you forming your belief? Because I worked on > reproducibility for a couple of years (and was advising the rustc guys about > it), and this method is not suitable for that purpose.
Cargo package[0] uses tar-rs' HeaderMode::Deterministic when adding files to the tar archive (or an explicit mtime of 1 for generated files). HeaderMode::Deterministic sets the mtime for the member to a hard-coded date which was 0 (epoch)[1], then 123456789 (Nov 29, 1973)[2], and now 1153704088 (Jul 23, 2006)[3]. We already had a workaround for the generated files, and further workarounds were recently added for the non-generated files. [0]: https://github.com/rust-lang/cargo/blob/bf505afa92245afda23e8f121a34af836789ab2e/src/cargo/ops/cargo_package.rs#L546-L576 [1]: https://github.com/alexcrichton/tar-rs/commit/207be8862216b2f57730b21e10193c9aa5d6eaac [2]: https://github.com/alexcrichton/tar-rs/commit/e81f172113c44742c9e096c296f3055abd2dfa0b [3]: https://github.com/alexcrichton/tar-rs/commit/60c6bd81d73fd0e340cfb0e147aae13ce23e18c6 > >From what I gather during previous discussions, some overzealous FTP person > >ages ago decided to add this over-reaching check, to reject other > >bad-quality packages, without thinking about the long-term consequences of > >it. Now we must all suffer the consequences. The comment in dak around these checks is: """check timestamps of files in binary packages Files in the near future cause ugly warnings and extreme time travel can cause errors on extraction. """ Have you tried discussing this with ftp-team again? > The correct fix is to undo this injustice, not to leech volunteers' time with > this sort of bullshit. Covid has killed several million people in the past > couple years due to government incompetence and inaction, I don't want to > care about fucking timestamps, ESPECIALLY when it has nothing to do with > reproducibility. The checks from the ftp-team have nothing to do with reproducibility. That was the justification for the changes done on /Rust's/ side. The existing code in dh-cargo just sets mtime to $SOURCE_DATE_EPOCH for files it installs, but other files (like upstream's changelog) are installed by other debhelper commands. Maybe we need a dh_cargo-timestamp helper that can be automatically run just before dh_builddeb to adjust the timestamp for all files in binary packges? Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB