[dpkg] 85/187: dpkg-source: Make the program reproducible when run standalone

Sun Nov 6 12:46:27 UTC 2016

This is an automated email from the git hooks/post-receive script.

deki-guest pushed a commit to branch master
in repository dpkg.

commit 6c32c76ba20b641e14fc1533cecb3ca674850a90
Author: Guillem Jover <guillem at debian.org>
Date:   Sat Aug 20 18:47:41 2016 +0200

    dpkg-source: Make the program reproducible when run standalone
    
    Running dpkg-source directly is more common than running dpkg-deb
    directly. In addition dpkg-source needs to parse the changelog anyway,
    something that dpkg-deb does not need nor, in any case, has an easy way
    to do currently.
    
    So let's make it generate reproducible source by default.
---
 debian/changelog       | 2 ++
 man/dpkg-source.man    | 7 +++++++
 scripts/dpkg-source.pl | 3 +++
 3 files changed, 12 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1e0be4b..f38f86b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,6 +28,8 @@ dpkg (1.18.11) UNRELEASED; urgency=medium
   * Implement source stanza substvars prefixed with S: in dpkg-gencontrol.
     These auto-generated variables map each source stanza field into an
     output substvar prefixed with “S:”.
+  * Make dpkg-source generate reproducible source packages when run
+    standalone, by honoring SOURCE_DATE_EPOCH.
   * Perl modules:
     - Obsolete Source-Version substvar in Dpkg::Substvars by emitting errors.
     - Rework keyring hooks in Dpkg::Vendor. Deprecate the keyrings hook, and
diff --git a/man/dpkg-source.man b/man/dpkg-source.man
index b06ac46..8529e3f 100644
--- a/man/dpkg-source.man
+++ b/man/dpkg-source.man
@@ -771,6 +771,13 @@ of that fact.
 Patch files do not record permissions of files and thus modified
 permissions are not stored in the source package. This warning reminds you
 of that fact.
+.
+.SH ENVIRONMENT
+.TP
+.B SOURCE_DATE_EPOCH
+If set, it will be used as the timestamp (as seconds since the epoch) to
+clamp the mtime in the \fBtar\fP(5) file entries.
+.
 .SH FILE FORMATS
 .SS debian/source/format
 This file contains on a single line the format that should be used to
diff --git a/scripts/dpkg-source.pl b/scripts/dpkg-source.pl
index 40a70fd..bf2c5be 100755
--- a/scripts/dpkg-source.pl
+++ b/scripts/dpkg-source.pl
@@ -236,6 +236,9 @@ if ($options{opmode} =~ /^(build|print-format|(before|after)-build|commit)$/) {
     my $changelog = changelog_parse(%ch_options);
     my $control = Dpkg::Control::Info->new($controlfile);
 
+    # <https://reproducible-builds.org/specs/source-date-epoch/>
+    $ENV{SOURCE_DATE_EPOCH} ||= $changelog->{timestamp};
+
     my $srcpkg = Dpkg::Source::Package->new(options => \%options);
     my $fields = $srcpkg->{fields};
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

