make-archive: Build reproducible tarball #527
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
LGTM, but as you suggest let's take the mtime from tag time |
julian-klode
force-pushed
the
reproducible-archive
branch
from
79453a7
to
c342b06
Compare
|
Updated. So right now the tar logic above actually extracts the right timestamps based on the git tags, by extracting the git-archive archives, so shim and gnu-efi have different timestamps - which is nice to have, but not doable by setting the time on the command-line, so this uses the shim tag timestamp - if it exists, for everything. |
|
looks better, cool! |
Remove timestamps, user names, etc. from the tarball so that it can be built reproducibly by multiple people, on different machines. The outer bzip2 layer might still be different, no reproducible bzip2 known. Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
julian-klode
force-pushed
the
reproducible-archive
branch
from
c342b06
to
e29b971
Compare
|
Hmm, I thought bzip2 was reproducible, but your commit suggests otherwise - am I misremembering? |
|
Just expressing concerns about reproducibility across different, future versions. Which can always happen Currently the one version seems reproducible. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Remove timestamps, user names, etc. from the tarball so that it can be built reproducibly by multiple people, on different machines.
The outer bzip2 layer might still be different, no reproducible bzip2 known.
This sets the time to 0, it would also be possible to set it to the git tag time.