Could I get someone to try this out? Thanks,
- Ian On Mon, Mar 21, 2016 at 05:32:55PM -0400, Ian Goldberg wrote: > On Mon, Mar 21, 2016 at 09:09:40AM -0400, Ian Goldberg wrote: > > So who knows how to make a reproducible tarball? We'd need to > > normalize: > > - The order of the files (I think make dist already does this, though) > > - The timestamps (--mtime), owners (--owner, --group), permissions (I > > guess we could chmod the files first, or some combination of > > --no-same-permissions and umask?) of the files > > - Anything else? > > > > And getting autoconf to get the "make dist" target actually *do* that > > might take some examining, but worst case, we can override $TAR or > > $am__tar, I suppose. > > OK, here's the scoop. As with most people, my knowledge of > automake/autoconf is basically "find another project that does what I > want and copy that". Unfortunately, I couldn't easily find another > project successfully doing reproducible tarballs from "make dist". > So what I came up with may not be The Right Way To Do It. Please, if > anyone here can make this better, speak up! I'm particularly squeamish > about overriding am__tar in configure.ac, since things with double > underscores sound to me like "private! internal! don't look here!". > > The commit is here: > > https://bugs.otr.im/projects/pidgin-otr/repository/revisions/af8542f5ef26b3cc41245846a22537bd97c634fe/diff > > If other people want to see if they get the same .tar.gz as I do: > > git clone git://git.otr.im/pidgin_otr > cd pidgin_otr/ > git checkout devel > intltoolize --force --copy > autoreconf -s -i > ./configure > make dist > sha256sum pidgin-otr-4.0.2.tar.gz > > I get: > > b7eba26b65e30adb238813c2d45e4188075c2bfa44d4a7490a6fa4ac5033239d > pidgin-otr-4.0.2.tar.gz > > and then, why not: > > tar xzvvf pidgin-otr-4.0.2.tar.gz > cd pidgin-otr-4.0.2 > bash -x INSTALL.mingw > sha256sum pidgin-otr-4.0.2.* > > I get: > > 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 > pidgin-otr-4.0.2.exe > ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea > pidgin-otr-4.0.2.zip > > > *** NOTE: in order to run "./configure" as a precursor to "make dist" > for pidgin-otr, you will have to have pidgin-otr's _native_ dependencies > installed, including the dev versions of libotr (or an installation > from source/git), libgpg-error, libgcrypt, glib, gtk+, and pidgin. Is > there a way around this, if all you want to do is "make dist" and not > actually build the package? > > The sha256 checksums for the .exe and .zip files are different from > yesterday, since the changes to the pidgin-otr source caused the source > timestamp (*not* a build timestamp!) to change, and the source timestamp > appears in the binaries. > > Anyone want to give this a shot? > > Thanks, > > - Ian > _______________________________________________ > OTR-dev mailing list > [email protected] > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
