Bug#777464: klone: please make the build reproducible

[Reiner Herrmann]

Source: klone
Version: 2.1.0~rc1-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps username

Hi!

While working on Debian's “reproducible builds” effort [1], we have
noticed that klone doesn't build reproducibly.
The file klone-source.tar.bz2 contains timestamps and usernames
of the build environment.

The attached patch fixes this by setting the timestamps to
the last date of the changelog and by setting the username
to root. Once applied, klone can be built reproducibly in our
current experimental framework.

Regards,
 Reiner

[1]: https://wiki.debian.org/ReproducibleBuilds




diff --git a/debian/rules b/debian/rules
index accc967..48a5bcf 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,8 @@
 
 VER := $(shell dh_testdir && ls build/dist/klone-core-*.tar* | head -n 1 | perl -ne 'print $$1 if /klone-core-(.*)\.tar\.gz/;')
 
+BUILD_DATE := $(shell dpkg-parsechangelog --show-field Date)
+
 build: build-stamp
 
 build-stamp:
@@ -14,7 +16,8 @@ build-stamp:
 	test -e "klone-source" || ln -s . klone-source
 	test -e "build/dist/klone-core-$(VER).tar.gz.orig" || mv "build/dist/klone-core-$(VER).tar.gz" "build/dist/klone-core-$(VER).tar.gz.orig"
 	test -L "build/dist/klone-core-$(VER).tar.gz" || ln -s "/usr/src/klone-core-$(VER).tar.gz" "build/dist/klone-core-$(VER).tar.gz"
-	tar cf debian/klone-source.tar.bz2 --bzip2 --exclude=klone-source/klone-source --exclude=klone-source/debian --exclude=klone-source/build/dist/klone-*orig --exclude="klone-core-$(VER)" klone-source/*
+	tar cf debian/klone-source.tar.bz2 --bzip2 --owner=root --group=root --numeric-owner --mtime="$(BUILD_DATE)" \
+		--exclude=klone-source/klone-source --exclude=klone-source/debian --exclude=klone-source/build/dist/klone-*orig --exclude="klone-core-$(VER)" klone-source/*
 	test ! -L "build/dist/klone-core-$(VER).tar.gz" || rm "build/dist/klone-core-$(VER).tar.gz"
 	test ! -e "build/dist/klone-core-$(VER).tar.gz.orig" || mv "build/dist/klone-core-$(VER).tar.gz.orig" "build/dist/klone-core-$(VER).tar.gz"
 	rm -f klone-source

signature.asc
Description: OpenPGP digital signature