diff options
author | Allan McRae <allan@archlinux.org> | 2017-05-12 12:41:20 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2017-05-16 04:54:01 +0200 |
commit | d30878763ce1b5be453b563f2729d7333242e79b (patch) | |
tree | 453e67a0e740d25cad64a553eb6aa8fcfb6898ce /scripts | |
parent | 5f3812868600488de585771273e12a3e68a4d366 (diff) | |
download | pacman-d30878763ce1b5be453b563f2729d7333242e79b.tar.gz pacman-d30878763ce1b5be453b563f2729d7333242e79b.tar.xz |
makepkg: introduce SOURCE_DATE_EPOCH
This patch introduces the SOURCE_DATE_EPOCH environmental variable. All files
in a package are adjusted to have their modification dates set to the value
of SOURCE_DATE_EPOCH, which defaults to "date +%s".
Setting this variable allows a package that is built twice in the same
environment to be (potentially) reproducible in that the checksum of the
generated package file will be the same.
Also adjust the compression of the mtree file to avoid gzip embedding a
timestamp.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/makepkg.sh.in | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index c019ae3b..1f1217f4 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -87,6 +87,8 @@ SPLITPKG=0 SOURCEONLY=0 VERIFYSOURCE=0 +export SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-$(date +%s)} + PACMAN_OPTS=() shopt -s extglob @@ -620,7 +622,6 @@ write_kv_pair() { } write_pkginfo() { - local builddate=$(date -u "+%s") if [[ -n $PACKAGER ]]; then local packager="$PACKAGER" else @@ -654,7 +655,7 @@ write_pkginfo() { write_kv_pair "pkgdesc" "$spd" write_kv_pair "url" "$url" - write_kv_pair "builddate" "$builddate" + write_kv_pair "builddate" "$SOURCE_DATE_EPOCH" write_kv_pair "packager" "$packager" write_kv_pair "size" "$size" write_kv_pair "arch" "$pkgarch" @@ -738,10 +739,14 @@ create_package() { [[ -f $pkg_file ]] && rm -f "$pkg_file" [[ -f $pkg_file.sig ]] && rm -f "$pkg_file.sig" + # ensure all elements of the package have the same mtime + find . -exec touch -h -d @$SOURCE_DATE_EPOCH {} + + msg2 "$(gettext "Generating .MTREE file...")" - list_package_files | LANG=C bsdtar -cnzf .MTREE --format=mtree \ + list_package_files | LANG=C bsdtar -cnf - --format=mtree \ --options='!all,use-set,type,uid,gid,mode,time,size,md5,sha256,link' \ - --null --files-from - --exclude .MTREE + --null --files-from - --exclude .MTREE | gzip -c -f -n > .MTREE + touch -d @$SOURCE_DATE_EPOCH .MTREE msg2 "$(gettext "Compressing package...")" # TODO: Maybe this can be set globally for robustness |