On 04/17/17 at 08:41pm, Allan McRae wrote:
This patch introduces the SOURCE_DATE_EPOCH environmental variable. All files in a package are adjusted to have their modification dates set to the value of SOURCE_DATE_EPOCH, which defaults to "date +%s".
Setting this variable allows a package that is built twice in the same environment to be (potentially) reproducible in that the checksum of the generated package file will be the same.
Signed-off-by: Allan McRae <allan@archlinux.org>
I'm of the opinion that makepkg is the wrong place to work on reproducible builds. We could probably take care of the low-hanging fruit directly in makepkg, but a number of packages are going to require more find-grained control over the environment then I think we should be putting in makepkg. If you look at `perl -V`, for instance, it embeds the output of `uname -a` and a timestamp directly in the executable. I suspect that any effort we put into reproducible builds with makepkg would eventually have to be duplicated with a more powerful wrapper script in order to handle packages like perl that record more of their environment than we should be manipulating in makepkg. apg