Bug#807270: mk-origtargz: create reproducible tarballs and --mtime option
Hans-Christoph Steiner
hans at eds.org
Sun Dec 6 21:21:04 UTC 2015
Package: devscripts
Version: 2.14.2
Severity: wishlist
User: devscripts at packages.debian.org
Usertags: mk-origtargz
Whenever mk-origtargz is repacking a zipball, it should zero out the
timestamps in the tar format so that the process produces the same
tarball every time it runs. This can be done using tar's --mtime= flag.
Additionally, it would be very useful if mk-origtargz also had a --mtime
option which forced the tarball to be repacked using the date given to
the --mtime="Wed Oct 28 10:12:27 2015 -0700" flag. Here's an example of
how to do that in perl:
https://stackoverflow.com/a/16728218
This gets us ever closer to the goals of reproducible builds, where we
can guarantee that a given original source code, the resulting binaries
are always the same. For more on that topic:
https://reproducible-builds.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20151206/2976f036/attachment.sig>
More information about the devscripts-devel
mailing list