Hi Ian and reproducible-builds folks, On Wed, 9 Nov 2016 12:03:48 +0000 Ian Jackson <ijack...@chiark.greenend.org.uk> wrote: > Currently, when adding a changelog stanza for a binnmu (or when appending to > the version number is requested for another reason), sbuild uses the existing > source changelog timestamp when inventing the changelog entry for the binnmu > itself: > > http://sources.debian.net/src/sbuild/0.72.0-2/lib/Sbuild/Build.pm/#L2005 > > This causes problems because it means that (in the usual case) the > rebuilt package has files with the same timestamps as the previous > build, but different contents. So on the end system, the timestamps > cani be misleading, causing malfunction of backup programs etc. (Eg > an upgrade to a binnmu would be captured only partially in a backup, > leading to lossage.) > > AIUI there were two reasons why this particular timestamp was (might > have been) chosen: > > Firstly, part of an early attempt to assist multiarch by making all > the changelogs identical on different architectures. But in fact, the > changelog is not identical in any case (because different > architectures may have differently version-numbered binnmus). So the > binnmu changelog entry is nowadays put in a separate file, and need > not be the same on different architectures. > > Secondly, an attempt to assist reproducible builds. But the > reproducible build output necessarily includes the complete binnmu > changelog entry; therefore the complete binnmu changelog entry is an > input to a repro-build attempt. It is indeed contained in the > Binary-Only-Changes field of the .buildinfo. > > Subsequent binnmu builds of the same package should generate packages > containing increasing timestamps. The best timestamp to use is the > timestamp of the build attempt. > > So, sbuild should use `date -R`[1] instead of the date from the last > changelog entry in the source package, when generating the binnmu > changelog entry. > > [1] Actually, sbuild seems to have a tweakable parameter > "Pkg Start Time" which looks like it would be appropriate, so > something like this: > my $date = strftime_c "%FT%TZ", gmtime($self->get('Pkg Start Time'));
thanks for putting all the relevant information from the original thread on debian-devel into this bug report in an organized manner! While "Pkg Start Time" might be a good default, I guess for to be able to reproduce a binNMU it would be necessary to also allow the user to pass a custom timestamp. I propose to add the command line option --binNMU-date and use that or, if the command line option is not given, the value from the environment variable SOURCE_DATE_EPOCH. The --binNMU-date option can then also be used by debrebuild.pl (see #774415). Does that sound like an acceptable fix? Thanks! cheers, josch
signature.asc
Description: signature
_______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds