Continuous integration: SOURCE_DATE_EPOCH and testing
Simon Josefsson
simon at josefsson.org
Mon Jan 13 09:34:19 UTC 2025
James Addison via rb-general <rb-general at lists.reproducible-builds.org>
writes:
> Hi folks,
>
> A recent change that I made in the Sphinx codebase, related to
> copyright notices and SOURCE_DATE_EPOCH, has caused unit test failures
> during package builds for a couple of Linux distributions. Although
> the precise details aren't germane to my posting this thread, please
> let me know if you'd like more information and I'll be glad to
> explain.
>
> The test failures raised a question in my mind: are there any
> recommendations about whether SOURCE_DATE_EPOCH must-not / can /
> should / must be configured during (immediate and/or later) testing of
> software that has been built reproducibly? And if so, for what
> reason(s)?
I'll go out on a limb a bit: I believe having references to the
SOURCE_DATE_EPOCH variable in upstream projects is a bad idea.
The documentation says it is intended for distribution build tools:
https://reproducible-builds.org/docs/source-date-epoch/
Let's keep it that way.
Upstream projects should instead be reproducible on its, without having
to resort to external parameters like SOURCE_DATE_EPOCH that may or not
be under the control of the upstream project itself.
I suppose SOURCE_DATE_EPOCH was a simple and reliable mechanism
available to solve reproducible problems in projects, but that doesn't
mean it is the right solution. Using it hides that you have some
reproducibility problem.
It is better for upstream to make careful decisions which time or date
is applicable for each situation where use of SOURCE_DATE_EPOCH may have
been warranted.
I've evaluated this for several of my upstream projects, and has
realized that SOURCE_DATE_EPOCH has rarely been the only or most
appropriate time source.
Ironically, use of SOURCE_DATE_EPOCH inside some upstream tools (I don't
remember details, but recall help2man was involved) caused me
reproducible differences during upstream CI/CD before working around it.
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1251 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20250113/6cea4106/attachment.sig>
More information about the rb-general
mailing list