On 05/29/2015 11:04 AM, Matthew Vernon wrote: > tags -1 moreinfo > quit > > On 28/05/15 22:01, Dhole wrote: > >> While working on the “reproducible builds” effort [1], we have noticed >> that xtrlock could not be built reproducibly. >> >> The attached patch fixes the files mtime before building the binary >> packages. Once applied, xtrlockcan be built reproducibly in our current >> experimental framework. > > This seems a bizarre thing to be doing in the middle of a build. Surely > reproducibility of builds shouldn't care about the timestamps of files?
Hi Matthew, The reproducible builds project aims at patching all the Debian packages in order to get a building process that generates byte by byte identical binary packages regardless of the machine, locale, timezone, building time, etc. Timestamps of files is one of the causes that make the building process to generate different packages if the builds are performed at different times, so we try to either remove them, or fix them to a known value (such as the last date from the changelog). The idea behind reproducible builds is to make it easy for anyone to check that a given package effectively comes from the publicly available source code (without any modifications) by means of comparing hashes of the builds for instances. The provided patch only affects the very last step before building the .deb. Also, in the reproducible builds project we are proposing to do exactly the same thing in dh_builddeb, which will hidde this from the maintainer. Regards, Dhole -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
