[rb-general] [arch-projects] [devtools] [PATCH] Support reproducible builds
Eli Schwartz
eschwartz at archlinux.org
Tue Dec 12 20:28:48 CET 2017
On 10/30/2017 01:10 PM, Eli Schwartz wrote:
> As requested by h0lger, I'm sending this on to the Reproducible Builds
> mailing list as you guys are probably interested in this too. ;)
>
> The basic idea of this patch is that:
>
> 1) makepkg will use SOURCE_DATE_EPOCH, if available, as the canonical
> release date of a pacman package, and additionally make sure that
> (assuming the underlying system environment is the same), software is
> built in a reproducible manner e.g. by unifying source file mtime,
> ensuring SOURCE_DATE_EPOCH is exported, ensuring that makepkg-created
> metadata files are reproducible e.g. the .MTREE of packaged files, the
> builddate, etc.
>
> 2) makechrootpkg passes an existing SOURCE_DATE_EPOCH through sudo and
> into our systemd-nspawn build container.
>
> 3) archbuild is used to build official repo packages, and will make
> SOURCE_DATE_EPOCH default to the date archbuild was initially run at,
> which will become the canonical package release date.
>
> See for example makepkg patches surrounding:
> https://lists.archlinux.org/pipermail/pacman-dev/2017-May/022034.html
> https://lists.archlinux.org/pipermail/pacman-dev/2017-August/022113.html
This change has now been pushed in git, see
https://git.archlinux.org/devtools.git/commit/?id=eab5aba9b027a7689acaf2382a04ff69b5b8771e
So this change will automatically take effect as soon as both devtools
and pacman get a stable release.
--
Eli Schwartz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20171212/3452345a/attachment.sig>
More information about the rb-general
mailing list