On Sat, Apr 18, 2015 at 10:20:42PM +0200, Jérémy Bobbio wrote: > Source: unzip > Version: 6.0-16 > Severity: wishlist > Tags: patch > User: reproducible-bui...@lists.alioth.debian.org > Usertags: timestamps fileordering > > Hi! > > While working on the “reproducible builds” effort [1], we have noticed > that unzip could not be built reproducibly. > > The attached patch removes timestamps from gzip files and from the > binary. It also make the mtime of files in the binary package > deterministic, and sort the md5sums file in order to make its content > independent from the filesystem ordering. > > Once applied, unzip can be built reproducibly in our current > experimental framework. > > [1]: https://wiki.debian.org/ReproducibleBuilds
Hello. I have some questions regarding this: When looking at the different reports which I have received so far, I see that some of them have the goal of making the build reproducible in the sense of "same file contents" (i.e. unpackaged file tree after dpkg-deb -x), while the most recent reports seem to have the stronger goal of "completely identical .deb" (which involves the clever touch/BUILD_DATE debian/rules trick usually found in the most recent pacthes received). The questions: * Was "identical .deb file" already the goal at the very beginning, or was the goal changed to that after the project started? (possibly after realizing that it was easy to achieve). * Does dh really take care of the build date issue to achieve a completely identical .deb? (I am really considering the wiki advice of "migrating to dh" as the best way to take). Regarding the suggested patch for this particular package: > diff -Nru unzip-6.0/debian/patches/13-remove-build-date > unzip-6.0/debian/patches/13-remove-build-date > --- unzip-6.0/debian/patches/13-remove-build-date 1970-01-01 > 01:00:00.000000000 +0100 > +++ unzip-6.0/debian/patches/13-remove-build-date 2015-04-18 > 21:59:26.000000000 +0200 > @@ -0,0 +1,16 @@ > +Description: Remove build date > + In order to make unzip build reproducibly, we remove the > + (already optional) build date from the binary. > +Author: Jérémy Bobbio <lu...@debian.org> > + > +--- unzip-6.0.orig/unix/unix.c > ++++ unzip-6.0/unix/unix.c > +@@ -1705,7 +1705,7 @@ void version(__G) > + #endif /* Sun */ > + #endif /* SGI */ > + > +-#ifdef __DATE__ > ++#if 0 > + " on ", __DATE__ > + #else > + "", "" I would rather undefine __DATE__ so that I don't even have to touch the source code (will find the way to do that, don't worry). In either case, I will forward this upstream because I see it as an upstream bug (maybe they remove the __DATE__ stuff altogether, who knows?) Thanks a lot. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
