Hi Zygmunt, On Sun, 25 Feb 2024 at 12:12, James Addison <j...@jp-hosting.net> wrote: > > On Wed, 21 Feb 2024 at 15:52, Zygmunt Krynicki <m...@zygoon.pl> wrote: > > > > > > > Wiadomość napisana przez James Addison <j...@jp-hosting.net> w dniu > > > 21.02.2024, o godz. 15:49: > > > > > > Source: snapd > > > Version: 2.61.1-1 > > > Severity: wishlist > > > > > > ... [snip] ... > > > > > > One cause of non-reproducibility for the package appears to be that the > > > snap.8 manual page (compressed as snap.8.gz) contains a timestamp in the > > > header that becomes timezone-localized, meaning that the Debian binary > > > packages > > > built may vary based on the timezone they're built in. > > > > > > Although one way to fix this could be to request and display a UTC > > > timestamp, > > > there's a comment[3] in the debian/rules file that hints at a better > > > solution: > > > from version 1.4.0-2 of golang-go-flags there is in-built support[4] for > > > the > > > SOURCE_DATE_EPOCH variable, a time-in-seconds since the Unix epoch > > > (interpreted > > > in UTC[5]). > > > > > > ... [ snip ] ... > > > > > > Thank you for bringing this to my attention and for offering a patch. I was > > aware of numerous TODOs in the packaging but have not yet managed to come > > up with a solution that would work both upstream and downstream (snapd CI > > system uses a copy of the debian packaging to check that a package can > > indeed be built), so any iteration on this is rather tedious. > > > > ... [ snip ] ... > > > > Thanks, Zygmunt - > https://salsa.debian.org/debian/snapd/-/merge_requests/7 contains a > minimal change that I believe should make the package reproducible on > Debian - it does not alter any build-time dependencies, and does not > affect the rules files for any other distros/releases (the debian-sid > (experimental) rules file in the packaging dir is _not_ updated). > > The change updates the packaging to remove customization of > golangs-go-flags manual-page-generation timestamping. That library > previously lacked support for reproducible build timestamping, that > was subsequently patched[1] into Debian in v1.4.0-2 and merged > upstream[2] into v1.5.0.
Thanks for applying the patch - however it seems that there is a snag: although golang-go-flags does correctly read the SOURCE_DATE_EPOCH value, and fixes a build-time documentation-creation-timestamp based on that, the output manual page displays a date that is timezone-localized, and therefore may vary. In particular, if documentation is built from the source package in two different timezones, and particularly when the distance between their latitudes is significant, then a different date may be written to the header of the manual page(s). A straightforward fix could be to configure a static UTC timezone during the construction of documentation. However, there would be a small drawback to that: since the SOURCE_DATE_EPOCH value read by Debian's build processes is taken from the 'debian/changelog' file, using UTC could have the unusual effect of meaning that the date on the documentation differs from the actual current local calendar date when the maintained stamped their changelog entry. An alternative could be to parse the changelog to read the timezone of the most recent changelog entry, and use that during each build. A repeat build elsewhere in the world with the same dependencies (including same tzdata) would then parse the same timezone, localize to where the _maintainer_ was located (not to the current build host timezone), and the output date value should become identical. It's possible that that would be an overcomplicated solution but it could also be more comprehensible to maintainers themselves (thought process: 'my calendar date was X when I finished the packaging for release Y, and that is why date X exactly appears in the corresponding documentation'). I'll continue to consider the implications before offering a follow-up patch. Thank you again, James > ... [ snip ] ... > > [1] - > https://salsa.debian.org/go-team/packages/golang-go-flags/-/commit/3015faf7a972cb074e65f8c210476937698a492b > > [2] - https://github.com/jessevdk/go-flags/pull/285
