Source: imagemagick Version: 8:6.8.9.9-5 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org
Hi! While working on Debian's “reproducible builds” effort [1], we have noticed that imagemagick doesn't build reproducibly. There are two issues with the build: - PNG icons contain timestamps in their metadata - The release date, which is used in ImageMagick's source, is using the system time The two attached patches fix those issues. One prevents convert from embedding timestamps into the icons, the other uses the latest upstream ChangeLog entry for the PACKAGE_RELEASE_DATE (similar to PACKAGE_CHANGE_DATE). Regards, Reiner [1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/rules b/debian/rules
index 385dc10..5549eea 100755
--- a/debian/rules
+++ b/debian/rules
@@ -214,6 +214,7 @@ quantum_override_dh_auto_install-arch_%:
$(CONVERT) $(CURDIR)/debian/display-im$(DEB_UPSTREAM_VERSION_MAJOR).svg \
$(CONVERT_FLAGS) -resize $$SIZE \
-gravity center -extent $$SIZE \
+ +set date:create +set date:modify -define png:exclude-chunk=time \
$(CURDIR)/debian/tmp-$*/usr/share/icons/hicolor/$$SIZE/apps/display-im$(DEB_UPSTREAM_VERSION_MAJOR).${shell echo $* | sed -e 's/\(.*\)/\L\1/'}.png; \
done < $(CURDIR)/debian/display-im$(DEB_UPSTREAM_VERSION_MAJOR).iconssize
# make xpm
diff --git a/debian/patches/0057-Reproducible-release-date.patch b/debian/patches/0057-Reproducible-release-date.patch
new file mode 100644
index 0000000..b7d29d8
--- /dev/null
+++ b/debian/patches/0057-Reproducible-release-date.patch
@@ -0,0 +1,37 @@
+Author: Reiner Herrmann <rei...@reiner-h.de>
+Description: Use last changelog date also as release date
+ This enables reproducible builds by using a deterministic date.
+
+Index: imagemagick-6.8.9.9/version.sh
+===================================================================
+--- imagemagick-6.8.9.9.orig/version.sh
++++ imagemagick-6.8.9.9/version.sh
+@@ -8,6 +8,11 @@
+ PACKAGE_NAME='ImageMagick'
+
+ #
++# Date of last ChangeLog update
++#
++PACKAGE_CHANGE_DATE=`awk '/^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]/ { print substr($1,1,4) substr($1,6,2) substr($1,9,2); exit; }' ${srcdir}/ChangeLog`
++
++#
+ # Package version. This is is the numeric version suffix applied to
+ # PACKAGE_NAME (e.g. "1.0.0").
+ PACKAGE_VERSION='6.8.9'
+@@ -15,15 +20,10 @@ PACKAGE_PERL_VERSION='6.89'
+ PACKAGE_LIB_VERSION="0x689"
+ PACKAGE_RELEASE="9"
+ PACKAGE_LIB_VERSION_NUMBER="6,8,9,${PACKAGE_RELEASE}"
+-PACKAGE_RELEASE_DATE=`date +%F`
++PACKAGE_RELEASE_DATE=`date +%F -d "${PACKAGE_CHANGE_DATE}"`
+ PACKAGE_STRING="$PACKAGE_NAME $PACKAGE_VERSION"
+
+ #
+-# Date of last ChangeLog update
+-#
+-PACKAGE_CHANGE_DATE=`awk '/^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]/ { print substr($1,1,4) substr($1,6,2) substr($1,9,2); exit; }' ${srcdir}/ChangeLog`
+-
+-#
+ # Package version addendum. This is an arbitrary suffix (if any) appended
+ # to the package version. (e.g. "beta1")
+ PACKAGE_VERSION_ADDENDUM="-${PACKAGE_RELEASE}"
diff --git a/debian/patches/series b/debian/patches/series
index 42ebda0..a6efee4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -55,3 +55,4 @@
0054-Replaced-calls-to-ConstrainColormapIndex-with-IsVali.patch
0055-During-identification-of-image-do-not-fill-memory.patch
0056-Fix-correctly-the-xpm-crash-problem.patch
+0057-Reproducible-release-date.patch
signature.asc
Description: OpenPGP digital signature
