Source: dash Version: 0.5.8-2 Severity: wishlist Tags: patch User: [email protected] Usertags: timestamps fileordering
Hi! While working on the “reproducible builds” effort [1], we have noticed that dash could not be built reproducibly. The attached patches fix this. I hope their descriptions are explanatory enough. [1]: https://wiki.debian.org/ReproducibleBuilds -- Lunar .''`. [email protected] : :Ⓐ : # apt-get install anarchism `. `'` `-
From 386c9fffab10be7a38b491c77222191ed5005122 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Bobbio?= <[email protected]> Date: Fri, 2 Jan 2015 15:48:14 +0100 Subject: [PATCH 1/3] Fix mtimes before building binary packages To enable dash to build reproducibly, mtimes of any files created after the date of the latest debian/changelog entry will be changed to that date. --- debian/rules | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/rules b/debian/rules index 814a766..563edd2 100755 --- a/debian/rules +++ b/debian/rules @@ -11,6 +11,8 @@ LDFLAGS =$(shell DEB_BUILD_MAINT_OPTIONS=$(DEB_BUILD_MAINT_OPTIONS) \ CPPFLAGS =$(shell DEB_BUILD_MAINT_OPTIONS=$(DEB_BUILD_MAINT_OPTIONS) \ dpkg-buildflags --get CPPFLAGS) +BUILD_DATE := $(shell dpkg-parsechangelog | sed -n -e 's/^Date: //p') + DEB_HOST_GNU_TYPE =$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE =$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) @@ -95,12 +97,16 @@ install-arch: deb-checkdir deb-checkuid build-stamp binary: binary-indep binary-arch binary-indep: install-indep ash.deb dpkg-gencontrol -isp -pash -P'$(DIRA)' + find '$(DIRA)' -depth -newermt '$(BUILD_DATE)' -print0 | \ + xargs -0r touch --no-dereference --date='$(BUILD_DATE)' dpkg -b '$(DIRA)' .. binary-arch: install-arch po-templates dash.deb # dash rm -f debian/substvars test '$(CC)' != 'gcc' || dpkg-shlibdeps '$(DIR)'/bin/dash dpkg-gencontrol -isp -pdash -P'$(DIR)' + find '$(DIR)' -depth -newermt '$(BUILD_DATE)' -print0 | \ + xargs -0r touch --no-dereference --date='$(BUILD_DATE)' dpkg -b '$(DIR)' .. .PHONY: configure build po-templates clean patch install install-indep \ -- 2.1.4
From 3430d7f9e1be16c37d2b42bbdf002dc1530bb2f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Bobbio?= <[email protected]> Date: Fri, 2 Jan 2015 15:58:35 +0100 Subject: [PATCH 2/3] Stop recording timestamps when gzip'ing files To enable dash to build reproducibly, we stop recording the current time when creating gzip files. --- debian/implicit | 4 ++-- debian/rules | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/implicit b/debian/implicit index fbfce40..5eeef87 100644 --- a/debian/implicit +++ b/debian/implicit @@ -35,7 +35,7 @@ deb-checkuid: debian/$*/usr/share/doc/$*/changelog' @test -s debian/$*/usr/share/doc/$*/changelog || \ sh -cx 'rm -f debian/$*/usr/share/doc/$*/changelog' - @gzip -9 debian/$*/usr/share/doc/$*/changelog* + @gzip -9n debian/$*/usr/share/doc/$*/changelog* %.deb-docs-docs: %.deb-docs-base @for i in `cat debian/$*.docs 2>/dev/null || :`; do \ if test -d $$i; then \ @@ -57,7 +57,7 @@ deb-checkuid: @if test -r debian/$*.NEWS.Debian; then \ sh -cx 'install -m0644 debian/$*.NEWS.Debian \ debian/$*/usr/share/doc/$*/NEWS.Debian && \ - gzip -9 debian/$*/usr/share/doc/$*/NEWS.Debian'; \ + gzip -9n debian/$*/usr/share/doc/$*/NEWS.Debian'; \ fi %.deb-docs-examples: %.deb-docs-docs @rm -rf debian/$*/usr/share/doc/$*/examples diff --git a/debian/rules b/debian/rules index 563edd2..fad6656 100755 --- a/debian/rules +++ b/debian/rules @@ -87,7 +87,7 @@ install-arch: deb-checkdir deb-checkuid build-stamp ln -s dash '$(DIR)'/bin/sh install -d -m0755 '$(DIR)'/usr/share/man/man1/ install -m0644 src/dash.1 '$(DIR)'/usr/share/man/man1/dash.1 - gzip -9 '$(DIR)'/usr/share/man/man1/dash.1 + gzip -9n '$(DIR)'/usr/share/man/man1/dash.1 ln -s dash.1.gz '$(DIR)'/usr/share/man/man1/sh.1.gz install -d -m0755 '$(DIR)'/usr/share/menu install -m0644 debian/dash.menu '$(DIR)'/usr/share/menu/dash -- 2.1.4
From a406430b0e93fac889ae783a58276417d71050f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Bobbio?= <[email protected]> Date: Fri, 2 Jan 2015 16:01:57 +0100 Subject: [PATCH 3/3] Write md5sums in a stable order To allow dash to build reproducibly, we sort the list of files in md5sums. This will get us a stable order at every build. --- debian/implicit | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/implicit b/debian/implicit index 5eeef87..abadd53 100644 --- a/debian/implicit +++ b/debian/implicit @@ -90,7 +90,8 @@ deb-checkuid: : debian/$*/DEBIAN/md5sums @rm -f debian/$*/DEBIAN/md5sums @cd debian/$* && find * -path 'DEBIAN' -prune -o \ - -type f -exec md5sum {} >>DEBIAN/md5sums \; + -type f -print0 | LC_ALL=C sort -z | \ + xargs -0r md5sum >>DEBIAN/md5sums %.deb-DEBIAN: %.deb-checkdir %.deb-DEBIAN-base %.deb-DEBIAN-scripts \ %.deb-DEBIAN-md5sums : debian/$*/DEBIAN/ ok -- 2.1.4
signature.asc
Description: Digital signature
