If SOURCE_DATE_EPOCH is set, `touch` all source files before running build() to fix the modification times. This works around build systems and compilers that embed the file modification times into the file contents of release artifacts. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> --- Guarded by checking for the variable, because this stomps all over incremental builds. I prefer looking for SOURCE_DATE_EPOCH in the environment because less bloat IMHO, but perhaps this would be preferable as a makepkg flag or makepkg.conf option? Is there anything else that needs to be done to force reproducible builds, other than merely setting SOURCE_DATE_EPOCH which should be harmless as a global thing? scripts/makepkg.sh.in | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 20e9dd7e..fb1d40a9 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -79,15 +79,22 @@ PKGFUNC=0 PKGVERFUNC=0 PREPAREFUNC=0 REPKG=0 +REPRODUCIBLE=0 RMDEPS=0 SKIPCHECKSUMS=0 SKIPPGPCHECK=0 SIGNPKG='' SPLITPKG=0 SOURCEONLY=0 + VERIFYSOURCE=0 -export SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-$(date +%s)} +if [[ -n $SOURCE_DATE_EPOCH ]]; then + REPRODUCIBLE=1 +else + SOURCE_DATE_EPOCH=$(date +%s) +fi +export SOURCE_DATE_EPOCH PACMAN_OPTS=() @@ -475,6 +482,12 @@ run_prepare() { } run_build() { + if (( REPRODUCIBLE )); then + # We have activated reproducible builds, so unify source times before + # building + find "$srcdir" -exec touch -h -d @$SOURCE_DATE_EPOCH {} + + fi + run_function_safe "build" } -- 2.13.2