[Reproducible-builds] Bug#786615: kfreebsd-10: source tarballs have unreproducible file order
Package: src:kfreebsd-10 Version: 10.1~svn274115-4 Severity: wishlist Tags: patch pending User: reproducible-builds@lists.alioth.debian.org Usertags: fileordering Hi, The kfreebsd-10 (kernel) packaging creates two source tarballs: * orig.tar.xz, updated by the package maintainer for each new upstream version * in kfreebsd-source, a binary arch-indep package The ordering of files is uncertain when these tarballs are created, perhaps especially on the ZFS filesystem. The attached patch will fix that, so that independently built tarballs don't differ needlessly, and any real difference in their content is easy to identify. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 9.0-2-amd64-xenhvm-ipsec Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Bug#786615: kfreebsd-10: source tarballs have unreproducible file order
Steven Chamberlain wrote: > The attached patch will be attached. Index: debian/rules === --- debian/rules (revision 5678) +++ debian/rules (working copy) @@ -95,7 +95,12 @@ rm -rf $(ORIG_DIR) svn export --ignore-keywords -r $(svn_revision) $(SVN)/sys $(ORIG_DIR)/sys cd $(ORIG_DIR) && $(CURDIR)/debian/prune.sh - tar --numeric-owner --owner 0 --group 0 -cJf ../$(ORIG_TAR) $(ORIG_DIR) + # Create tarball with files sorted in a stable order, see + # https://wiki.debian.org/ReproducibleBuilds/FileOrderInTarballs + find $(ORIG_DIR) -print0 | LC_ALL=C sort -z \ + | tar --null --no-recursion --files-from - \ + --numeric-owner --owner 0 --group 0 \ + -cJf ../$(ORIG_TAR) rm -rf $(ORIG_DIR) control: clean @@ -166,7 +171,11 @@ chown -R root.src $(SRC_DIR) # Avoid the top-level directory timestamp changing touch $(SRC_DIR) --reference=$(SRC_DIR)/sys - tar cfJ $(SOURCE_PACKAGE)/usr/src/$(SRC_TAR) $(SRC_DIR) + # Create tarball with files sorted in a stable order, see + # https://wiki.debian.org/ReproducibleBuilds/FileOrderInTarballs + find $(SRC_DIR) -print0 | LC_ALL=C sort -z \ + | tar --null --no-recursion --files-from - \ + -cJf $(SOURCE_PACKAGE)/usr/src/$(SRC_TAR) touch install-indep-stamp ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
