Source: torbutton Version: 1.4.6.3-1 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
Hi, While working on the "reproducible builds" effort [1], we have noticed that torbutton could not be built reproducibly. The attached patch removes timezone-varying timestamps from the files compressed with zip. Once applied, torbutton can be built reproducibly in our current experimental framework. [1]: https://wiki.debian.org/ReproducibleBuilds Regards, -- Dhole
diff -Nru torbutton-1.4.6.3/debian/changelog torbutton-1.4.6.3/debian/changelog --- torbutton-1.4.6.3/debian/changelog 2012-10-16 21:22:39.000000000 +0200 +++ torbutton-1.4.6.3/debian/changelog 2015-07-21 00:35:00.000000000 +0200 @@ -1,3 +1,11 @@ +torbutton (1.4.6.3-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * add TZ=UTC before zip in makexpi.sh to make the files mtime + invariant to timezone to make the package build reproducibly. + + -- Dhole <dh...@openmailbox.org> Tue, 21 Jul 2015 00:34:36 +0200 + torbutton (1.4.6.3-1) unstable; urgency=high * New upstream release: diff -Nru torbutton-1.4.6.3/debian/patches/fix-timezone-in-zip torbutton-1.4.6.3/debian/patches/fix-timezone-in-zip --- torbutton-1.4.6.3/debian/patches/fix-timezone-in-zip 1970-01-01 01:00:00.000000000 +0100 +++ torbutton-1.4.6.3/debian/patches/fix-timezone-in-zip 2015-07-21 00:36:48.000000000 +0200 @@ -0,0 +1,18 @@ +Description: Fix timezone before calling zip +Author: Dhole <dh...@openmailbox.org> + +--- + +--- torbutton-1.4.6.3.orig/makexpi.sh ++++ torbutton-1.4.6.3/makexpi.sh +@@ -18,8 +18,8 @@ cd ../.. + # create .xpi + echo ---------- create $APP_NAME.xpi ---------- + cd src +-echo zip -X -9r ../pkg/$XPI_NAME ./ -x "certDialogsOverride.js" -x "chrome/*" -x "*.diff" -x "*.svn/*" +-zip -X -9r ../pkg/$XPI_NAME ./ -x "components/certDialogsOverride.js" -x "*.svn/*" -x "*.diff" -x "components/torRefSpoofer.js" #-x "chrome/*" ++echo TZ=UTC zip -X -9r ../pkg/$XPI_NAME ./ -x "certDialogsOverride.js" -x "chrome/*" -x "*.diff" -x "*.svn/*" ++TZ=UTC zip -X -9r ../pkg/$XPI_NAME ./ -x "components/certDialogsOverride.js" -x "*.svn/*" -x "*.diff" -x "components/torRefSpoofer.js" #-x "chrome/*" + #mv ../$APP_NAME.jar ./chrome + #zip -9m ../pkg/$XPI_NAME chrome/$APP_NAME.jar + cd .. diff -Nru torbutton-1.4.6.3/debian/patches/series torbutton-1.4.6.3/debian/patches/series --- torbutton-1.4.6.3/debian/patches/series 2012-10-16 21:22:39.000000000 +0200 +++ torbutton-1.4.6.3/debian/patches/series 2015-07-21 00:36:30.000000000 +0200 @@ -1,3 +1,4 @@ localhost-proxy.patch restore-status-panel-on-ff4.patch disable-locked-mode.patch +fix-timezone-in-zip
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
