makepkg: respect $SOURCE_DATE_EPOCH to activate reproducible builds
If SOURCE_DATE_EPOCH is set, `touch` all source files between the (optional) prepare() and build() functions to unify the modification times. This works around build systems and compilers that embed the file modification times into the file contents of release artifacts. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
This commit is contained in:
Eli Schwartz
Allan McRae
parent
39319c1860
commit
4dae3fde17
2 changed files with 28 additions and 1 deletions
|
|
@ -206,6 +206,7 @@ Options
|
||||||
*\--printsrcinfo*::
|
*\--printsrcinfo*::
|
||||||
Generate and print the SRCINFO file to stdout.
|
Generate and print the SRCINFO file to stdout.
|
||||||
|
|
||||||
|
|
||||||
Additional Features
|
Additional Features
|
||||||
-------------------
|
-------------------
|
||||||
makepkg supports building development versions of packages without having to
|
makepkg supports building development versions of packages without having to
|
||||||
|
|
@ -214,6 +215,19 @@ separate utility 'versionpkg'. See linkman:PKGBUILD[5] for details on how to
|
||||||
set up a development PKGBUILD.
|
set up a development PKGBUILD.
|
||||||
|
|
||||||
|
|
||||||
|
Reproducibility
|
||||||
|
---------------
|
||||||
|
makepkg is designed to be compatible with
|
||||||
|
link:https://reproducible-builds.org/docs/[Reproducible Builds]. If the
|
||||||
|
**SOURCE_DATE_EPOCH** environment variable is set, it will be exported to
|
||||||
|
subprocesses, and source and package file modification times and package
|
||||||
|
metadata will be unified based on the timestamp specified.
|
||||||
|
|
||||||
|
If the **SOURCE_DATE_EPOCH** environment variable is not set, makepkg will use
|
||||||
|
its own start date for internal use, but will not unify source file timestamps
|
||||||
|
before building.
|
||||||
|
|
||||||
|
|
||||||
Environment Variables
|
Environment Variables
|
||||||
---------------------
|
---------------------
|
||||||
**PACMAN**::
|
**PACMAN**::
|
||||||
|
|
@ -265,6 +279,8 @@ Environment Variables
|
||||||
Specify a key to use when signing packages, overriding the GPGKEY setting
|
Specify a key to use when signing packages, overriding the GPGKEY setting
|
||||||
in linkman:makepkg.conf[5]
|
in linkman:makepkg.conf[5]
|
||||||
|
|
||||||
|
**SOURCE_DATE_EPOCH=**"<date>"::
|
||||||
|
Used for link:https://reproducible-builds.org/docs/[Reproducible Builds].
|
||||||
|
|
||||||
Configuration
|
Configuration
|
||||||
-------------
|
-------------
|
||||||
|
|
|
||||||
|
|
@ -79,6 +79,7 @@ PKGFUNC=0
|
||||||
PKGVERFUNC=0
|
PKGVERFUNC=0
|
||||||
PREPAREFUNC=0
|
PREPAREFUNC=0
|
||||||
REPKG=0
|
REPKG=0
|
||||||
|
REPRODUCIBLE=0
|
||||||
RMDEPS=0
|
RMDEPS=0
|
||||||
SKIPCHECKSUMS=0
|
SKIPCHECKSUMS=0
|
||||||
SKIPPGPCHECK=0
|
SKIPPGPCHECK=0
|
||||||
|
|
@ -87,7 +88,12 @@ SPLITPKG=0
|
||||||
SOURCEONLY=0
|
SOURCEONLY=0
|
||||||
VERIFYSOURCE=0
|
VERIFYSOURCE=0
|
||||||
|
|
||||||
export SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-$(date +%s)}
|
if [[ -n $SOURCE_DATE_EPOCH ]]; then
|
||||||
|
REPRODUCIBLE=1
|
||||||
|
else
|
||||||
|
SOURCE_DATE_EPOCH=$(date +%s)
|
||||||
|
fi
|
||||||
|
export SOURCE_DATE_EPOCH
|
||||||
|
|
||||||
PACMAN_OPTS=()
|
PACMAN_OPTS=()
|
||||||
|
|
||||||
|
|
@ -1686,6 +1692,11 @@ if (( !REPKG )); then
|
||||||
if (( PREPAREFUNC )); then
|
if (( PREPAREFUNC )); then
|
||||||
run_prepare
|
run_prepare
|
||||||
fi
|
fi
|
||||||
|
if (( REPRODUCIBLE )); then
|
||||||
|
# We have activated reproducible builds, so unify source times before
|
||||||
|
# building
|
||||||
|
find "$srcdir" -exec touch -h -d @$SOURCE_DATE_EPOCH {} +
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if (( PKGVERFUNC )); then
|
if (( PKGVERFUNC )); then
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue