bug#32026: [PATCH v3 04/11] gnu: icecat: Make language packs reproducible.
Hi Mark, Mark H Weaver writes: > Hi Maxim, > > Maxim Cournoyer writes: >> * gnu/packages/patches/icecat-reproducible-langpacks.patch: New file. >> * gnu/local.mk (dist_patch_DATA): Register. it. >> * gnu/packages/gnuzilla.scm (icecat-source): Apply it. > > Instead of adding this patch in Guix, let's make the change in upstream > IceCat. > > Among other things, adding a 'patches' field to 'icecat-source' has the > unfortunate consequence of forcing an additional 'patch-and-repack' > phase during the build, which unpacks the entire multigigabyte source > code, applies the patch, and repacks it all again. > > Would you like to submit a commit to the gnuzilla repo that simply adds > the 'icecat-reproducible-langpacks.patch' file to the data/patches/ > directory? I guess the file names in the patch also need a component > added to the front (e.g. "a/" and "b/"). > > If you don't want to do it, I'll do it. In any case, it should be > removed from this series of commits for Guix. Done! The issue number of the patch sent is: #61633 I tested it with this: --8<---cut here---start->8--- modified gnu/packages/gnuzilla.scm @@ -43,6 +43,7 @@ (define-module (gnu packages gnuzilla) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git) #:use-module (guix git-download) #:use-module (guix hg-download) #:use-module (guix gexp) @@ -523,19 +524,22 @@ (define icecat-source ;; The upstream-icecat-base-version may be older than the ;; %icecat-base-version. (upstream-icecat-base-version "102.8.0") - (gnuzilla-commit "03d9e3db5affe21db077c410ec08c313d6aa280e") + (gnuzilla-commit "fffdd8891c641a9f84a298c0a5ea42f75caec203") (gnuzilla-source - (origin -(method git-fetch) -(uri (git-reference - (url "git://git.savannah.gnu.org/gnuzilla.git") - (commit gnuzilla-commit))) -(file-name (git-file-name "gnuzilla" - ;;upstream-icecat-base-version - (string-take gnuzilla-commit 8))) -(sha256 - (base32 - "12id87nsdwm6kra0gm3d3ww8kr0xxb4yllw9wcqmnrlnmspdc1n8" + (git-checkout + (url "file:///home/maxim/src/gnuzilla") + (commit gnuzilla-commit)) + ;; (method git-fetch) + ;; (uri (git-reference + ;; (url "file:///home/maxim/src/gnuzilla") + ;; (commit gnuzilla-commit))) + ;; (file-name (git-file-name "gnuzilla" + ;; ;;upstream-icecat-base-version + ;; (string-take gnuzilla-commit 8))) + ;; (sha256 + ;; (base32 + ;; "12id87nsdwm6kra0gm3d3ww8kr0xxb4yllw9wcqmnrlnmspdc1n8")) + ) --8<---cut here---end--->8--- -- Thanks, Maxim
bug#32026: [PATCH v3 04/11] gnu: icecat: Make language packs reproducible.
Hi Maxim, Maxim Cournoyer writes: > * gnu/packages/patches/icecat-reproducible-langpacks.patch: New file. > * gnu/local.mk (dist_patch_DATA): Register. it. > * gnu/packages/gnuzilla.scm (icecat-source): Apply it. Instead of adding this patch in Guix, let's make the change in upstream IceCat. Among other things, adding a 'patches' field to 'icecat-source' has the unfortunate consequence of forcing an additional 'patch-and-repack' phase during the build, which unpacks the entire multigigabyte source code, applies the patch, and repacks it all again. Would you like to submit a commit to the gnuzilla repo that simply adds the 'icecat-reproducible-langpacks.patch' file to the data/patches/ directory? I guess the file names in the patch also need a component added to the front (e.g. "a/" and "b/"). If you don't want to do it, I'll do it. In any case, it should be removed from this series of commits for Guix. Does that make sense? Regards, Mark
bug#32026: [PATCH v3 04/11] gnu: icecat: Make language packs reproducible.
* gnu/packages/patches/icecat-reproducible-langpacks.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register. it.
* gnu/packages/gnuzilla.scm (icecat-source): Apply it.
---
(no changes since v1)
gnu/local.mk | 1 +
gnu/packages/gnuzilla.scm | 1 +
.../icecat-reproducible-langpacks.patch | 45 +++
3 files changed, 47 insertions(+)
create mode 100644 gnu/packages/patches/icecat-reproducible-langpacks.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 5fcbdd4586..ddc5796ca8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1327,6 +1327,7 @@ dist_patch_DATA =
\
%D%/packages/patches/i7z-gcc-10.patch\
%D%/packages/patches/icecat-makeicecat.patch \
%D%/packages/patches/icecat-avoid-bundled-libraries.patch\
+ %D%/packages/patches/icecat-reproducible-langpacks.patch \
%D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch \
%D%/packages/patches/icecat-use-system-media-libs.patch \
%D%/packages/patches/icedtea-7-hotspot-aarch64-use-c++98.patch\
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 1bafa92377..17edb9fa7e 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -554,6 +554,7 @@ (define icecat-source
(method computed-origin-method)
(file-name (string-append "icecat-" %icecat-version ".tar.xz"))
(sha256 #f)
+ (patches (search-patches "icecat-reproducible-langpacks.patch"))
(uri
(delay
(with-imported-modules '((guix build utils))
diff --git a/gnu/packages/patches/icecat-reproducible-langpacks.patch
b/gnu/packages/patches/icecat-reproducible-langpacks.patch
new file mode 100644
index 00..b36a770cc6
--- /dev/null
+++ b/gnu/packages/patches/icecat-reproducible-langpacks.patch
@@ -0,0 +1,45 @@
+Prevent the extension manifests from embedding the current date.
+
+This is inspired by the Debian
+"Use-build-id-as-langpack-version-for-reproducibility.patch" maintained for
+their Firefox package as well as reproducible-builds.org guidelines from
+https://reproducible-builds.org/docs/source-date-epoch/.
+
+Upstream status: https://phabricator.services.mozilla.com/D169979
+
+--- ./python/mozbuild/mozbuild/action/langpack_manifest.py.old 2023-02-13
11:01:21.051537347 -0500
./python/mozbuild/mozbuild/action/langpack_manifest.py 2023-02-13
11:04:33.141817330 -0500
+@@ -36,6 +36,15 @@
+ pushlog_api_url = "{0}/json-rev/{1}"
+
+
++import os
++import time
++import datetime
++
++def get_build_date():
++"""Honor SOURCE_DATE_EPOCH for reproducibility."""
++return datetime.datetime.utcfromtimestamp(
++int(os.environ.get('SOURCE_DATE_EPOCH', time.time(
++
+ ###
+ # Retrievers a UTC datetime of the push for the current commit
+ # from a mercurial clone directory.
+@@ -54,7 +63,7 @@
+ with mozversioncontrol.get_repository_object(path=path) as repo:
+ phase = repo._run("log", "-r", ".", "-T" "{phase}")
+ if phase.strip() != "public":
+-return datetime.datetime.utcnow()
++return get_build_date()
+ repo_url = repo._run("paths", "default")
+ repo_url = repo_url.strip().replace("ssh://", "https://;)
+ repo_url = repo_url.replace("hg://", "https://;)
+@@ -105,7 +114,7 @@
+ dt = get_dt_from_hg(path)
+
+ if dt is None:
+-dt = datetime.datetime.utcnow()
++dt = get_build_date()
+
+ dt = dt.replace(microsecond=0)
+ return dt.strftime("%Y%m%d%H%M%S")
--
2.39.1
