On 17/04/17 23:34, Andrew Gregory wrote: > On 04/17/17 at 08:41pm, Allan McRae wrote: >> This patch introduces the SOURCE_DATE_EPOCH environmental variable. All >> files >> in a package are adjusted to have their modification dates set to the value >> of SOURCE_DATE_EPOCH, which defaults to "date +%s". >> >> Setting this variable allows a package that is built twice in the same >> environment to be (potentially) reproducible in that the checksum of the >> generated package file will be the same. >> >> Signed-off-by: Allan McRae <al...@archlinux.org> > > I'm of the opinion that makepkg is the wrong place to work on > reproducible builds. We could probably take care of the low-hanging > fruit directly in makepkg, but a number of packages are going to > require more find-grained control over the environment then I think we > should be putting in makepkg. If you look at `perl -V`, for instance, > it embeds the output of `uname -a` and a timestamp directly in the > executable. I suspect that any effort we put into reproducible builds > with makepkg would eventually have to be duplicated with a more > powerful wrapper script in order to handle packages like perl that > record more of their environment than we should be manipulating in > makepkg.
I agree that makepkg is not the place for much of this. However, the SOURCE_DATE_EPOCH variable is a standard and we require makepkg to understand it and make a few other minor changes for any tool to have a chance of recreating a package from its PKGBUILD and .BUILDINFO file. I am not looking to extend the changes beyond this initial patchset. Allan