[Reproducible-commits] [dpkg] 45/74: dpkg-deb: Set ar timestamp and tar mtime clamping to SOURCE_DATE_EPOCH
Mattia Rizzolo
mattia at debian.org
Sun Jul 3 22:22:56 UTC 2016
This is an automated email from the git hooks/post-receive script.
mattia pushed a commit to annotated tag 1.18.8
in repository dpkg.
commit f6f2371a5dfb7c4d5b2b096a063e2a54db455edb
Author: Guillem Jover <guillem at debian.org>
Date: Mon Jul 13 04:09:09 2015 +0200
dpkg-deb: Set ar timestamp and tar mtime clamping to SOURCE_DATE_EPOCH
The ar and tar file entries contain a timestamp which is usually filled
with the current build time and the file mtime respectively. This causes
the generated deb(5) packages to not be reproducible for the same source
package and same build environment.
We now check if the environment variable SOURCE_DATE_EPOCH is defined,
parse that and use it as the timestamp for ar and to clamp the mtime in
the tar file entries.
This variable is specified to contain the timestamp of the source
release date in seconds since the epoch.
Closes: #759999
Base-on-patch-by: Jérémy Bobbio <lunar at debian.org>
---
debian/changelog | 3 +++
dpkg-deb/build.c | 21 ++++++++++++++++++++-
man/dpkg-deb.1 | 5 +++++
3 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 4f612f9..464a29a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -31,6 +31,9 @@ dpkg (1.18.8) UNRELEASED; urgency=medium
binary packages has an mtime later than the given time. Closes: #759886
* Use the same timestamp for the ar container as for tarball mtime clamping
in dpkg-deb.
+ * Set ar timestamp and tar mtime clamping to SOURCE_DATE_EPOCH if defined
+ in dpkg-deb. Base on a patch by Jérémy Bobbio <lunar at debian.org>.
+ Closes: #759999
* Perl modules:
- Use warnings::warnif() instead of carp() for deprecated warnings.
- Add new format_range() method and deprecate dpkg() and rfc822() methods
diff --git a/dpkg-deb/build.c b/dpkg-deb/build.c
index 5cb6096..2dfbf85 100644
--- a/dpkg-deb/build.c
+++ b/dpkg-deb/build.c
@@ -474,6 +474,20 @@ tarball_pack(const char *dir, filenames_feed_func *tar_filenames_feeder,
subproc_reap(pid_tar, "tar -cf", 0);
}
+static time_t
+parse_timestamp(const char *value)
+{
+ time_t timestamp;
+ char *end;
+
+ errno = 0;
+ timestamp = strtol(value, &end, 10);
+ if (value == end || *end || errno != 0)
+ ohshite(_("unable to parse timestamp '%.255s'"), value);
+
+ return timestamp;
+}
+
/**
* Overly complex function that builds a .deb file.
*/
@@ -484,6 +498,7 @@ do_build(const char *const *argv)
struct dpkg_error err;
struct dpkg_ar *ar;
time_t timestamp;
+ const char *timestamp_str;
const char *dir, *dest;
char *ctrldir;
char *debar;
@@ -518,7 +533,11 @@ do_build(const char *const *argv)
}
m_output(stdout, _("<standard output>"));
- timestamp = time(NULL);
+ timestamp_str = getenv("SOURCE_DATE_EPOCH");
+ if (timestamp_str)
+ timestamp = parse_timestamp(timestamp_str);
+ else
+ timestamp = time(NULL);
/* Now that we have verified everything its time to actually
* build something. Let's start by making the ar-wrapper. */
diff --git a/man/dpkg-deb.1 b/man/dpkg-deb.1
index 48421ef..11c63e6 100644
--- a/man/dpkg-deb.1
+++ b/man/dpkg-deb.1
@@ -304,6 +304,11 @@ memory allocations, etc.
.B TMPDIR
If set, \fBdpkg\-deb\fP will use it as the directory in which to create
temporary files and directories.
+.TP
+.B SOURCE_DATE_EPOCH
+If set, it will be used as the timestamp (as seconds since the epoch) in
+the \fBdeb\fP(5)'s \fBar\fB(5) container and used to clamp the mtime in
+the \fBtar\fB(5) file entries.
.
.SH NOTES
Do not attempt to use just
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list