On 24/08/17 07:12, Eli Schwartz wrote: > If SOURCE_DATE_EPOCH is set, `touch` all source files before running > build() to fix the modification times. This works around build systems > and compilers that embed the file modification times into the file > contents of release artifacts. > > Signed-off-by: Eli Schwartz <[email protected]> > --- > > v3: add makepkg(8) documentation > > doc/makepkg.8.txt | 16 ++++++++++++++++ > scripts/makepkg.sh.in | 14 +++++++++++++- > 2 files changed, 29 insertions(+), 1 deletion(-) > > diff --git a/doc/makepkg.8.txt b/doc/makepkg.8.txt > index 2dff1b19..4258e6bd 100644 > --- a/doc/makepkg.8.txt > +++ b/doc/makepkg.8.txt > @@ -206,6 +206,7 @@ Options > *\--printsrcinfo*:: > Generate and print the SRCINFO file to stdout. > > + > Additional Features > ------------------- > makepkg supports building development versions of packages without having to > @@ -214,6 +215,19 @@ separate utility 'versionpkg'. See linkman:PKGBUILD[5] > for details on how to > set up a development PKGBUILD. > > > +Reproducibility > +--------------- > +makepkg is designed to be compatible with > +link:https://reproducible-builds.org/docs/[Reproducible Builds]. If the > +**SOURCE_DATE_EPOCH** environment variable is set, it will be exported to > +subprocesses, and source and package file modification times and package > +metadata will be unified based on the timestamp specified. > + > +If the **SOURCE_DATE_EPOCH** environment variable is not set, makepkg will > use > +its own start date for internal use, but is not responsible for ensuring the > +package files themselves are built reproducibly. > +
I don't like the phrasing there. How about : If the **SOURCE_DATE_EPOCH** environment variable is not set, makepkg will use its own start date for internal use, but will not unify source file timestamps before building. > + > Environment Variables > --------------------- > **PACMAN**:: > @@ -265,6 +279,8 @@ Environment Variables > Specify a key to use when signing packages, overriding the GPGKEY > setting > in linkman:makepkg.conf[5] > > +**SOURCE_DATE_EPOCH=**"<date>":: > + Used for link:https://reproducible-builds.org/docs/[Reproducible > Builds]. > > Configuration > ------------- > diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in > index 20e9dd7e..77d39ca5 100644 > --- a/scripts/makepkg.sh.in > +++ b/scripts/makepkg.sh.in > @@ -79,6 +79,7 @@ PKGFUNC=0 > PKGVERFUNC=0 > PREPAREFUNC=0 > REPKG=0 > +REPRODUCIBLE=0 > RMDEPS=0 > SKIPCHECKSUMS=0 > SKIPPGPCHECK=0 > @@ -87,7 +88,12 @@ SPLITPKG=0 > SOURCEONLY=0 > VERIFYSOURCE=0 > > -export SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-$(date +%s)} > +if [[ -n $SOURCE_DATE_EPOCH ]]; then > + REPRODUCIBLE=1 > +else > + SOURCE_DATE_EPOCH=$(date +%s) > +fi > +export SOURCE_DATE_EPOCH > > PACMAN_OPTS=() > > @@ -475,6 +481,12 @@ run_prepare() { > } > > run_build() { > + if (( REPRODUCIBLE )); then > + # We have activated reproducible builds, so unify source times > before > + # building > + find "$srcdir" -exec touch -h -d @$SOURCE_DATE_EPOCH {} + > + fi > + I don't like this in run_build(). That will introduce an undocumented requirement that a PKGBUILD has a build() function to have its source file timestamps unified. I am happy with the location suggested here: https://github.com/anthraxx/pacman/commit/520acf93 > run_function_safe "build" > } > >
