Hi David,
On Wed, Jun 21, 2017 at 11:06 PM, David Sommerseth <
open...@sf.lists.topphemmelig.net> wrote:
<snip>
> But for reasons unknown to me, those tarballs got re-created somewhere
> later in the release chain. The contents of all tarballs are
> essentially the same, but due to the "nice" artefact that the tar format
> is non-deterministic on the output, even though the input is the same,
> that begins to prepare the stage for this chaos. Especially when what
> is being uploaded is partly from the initial run and then some files
> from a different run
> .
>
It might be possible to pay with several tar options, including:
--sort=name : sort added files by name, and not by the order specified by
the OS
--mtime=DATE-OR-FILE : set mtime of added file to a known value (either the
mtime of a file or an arbitrary date/time string).
These two options should help
Both options are being used by the LEDE project which claim support of
reproducible builds for a limited list of targets (tar is used when
building packages [1]).
[1]
https://git.lede-project.org/?p=source.git;a=blob;f=scripts/ipkg-build#l142
> --
> kind regards,
>
> David Sommerseth
> OpenVPN Technologies, Inc
>
>
BR,
-- Emmanuel Deloget
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
