[pacman-dev] [PATCH] makepkg: do not save fflags when creating packages
This breaks reproducible builds due to encoding information specific to the filesystem which was used to build the package, information which we are never interested in for packaging purposes anyway. It also means that attempting to extract a package file as root (or fakeroot) might result in angry warnings being printed to the console by bsdtar, followed by a non-zero exit code, unless the user remembers to use --no-fflags during extraction. This is unpleasant UI, even if pacman itself won't care about these. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- scripts/makepkg.sh.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index abe669de..908ce751 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -721,7 +721,7 @@ create_package() { msg2 "$(gettext "Compressing package...")" # TODO: Maybe this can be set globally for robustness shopt -s -o pipefail - list_package_files | LANG=C bsdtar -cnf - --null --files-from - | + list_package_files | LANG=C bsdtar --no-fflags -cnf - --null --files-from - | compress_as "$PKGEXT" > "${pkg_file}" || ret=$? shopt -u -o pipefail @@ -812,7 +812,7 @@ create_srcpackage() { # TODO: Maybe this can be set globally for robustness shopt -s -o pipefail - LANG=C bsdtar -cLf - ${pkgbase} | compress_as "$SRCEXT" > "${pkg_file}" || ret=$? + LANG=C bsdtar --no-fflags -cLf - ${pkgbase} | compress_as "$SRCEXT" > "${pkg_file}" || ret=$? shopt -u -o pipefail -- 2.23.0
On 8/10/19 7:18 am, Eli Schwartz wrote:
This breaks reproducible builds due to encoding information specific to the filesystem which was used to build the package, information which we are never interested in for packaging purposes anyway.
It also means that attempting to extract a package file as root (or fakeroot) might result in angry warnings being printed to the console by bsdtar, followed by a non-zero exit code, unless the user remembers to use --no-fflags during extraction. This is unpleasant UI, even if pacman itself won't care about these.
What warnings? How would I replicate those warnings? I am currently not seeing any... A
On 10/7/19 10:34 PM, Allan McRae wrote:
On 8/10/19 7:18 am, Eli Schwartz wrote:
This breaks reproducible builds due to encoding information specific to the filesystem which was used to build the package, information which we are never interested in for packaging purposes anyway.
It also means that attempting to extract a package file as root (or fakeroot) might result in angry warnings being printed to the console by bsdtar, followed by a non-zero exit code, unless the user remembers to use --no-fflags during extraction. This is unpleasant UI, even if pacman itself won't care about these.
What warnings? How would I replicate those warnings? I am currently not seeing any...
An example package is the current pacman-contrib-1.2.0-2 package in [community] -- it has the nocow attribute, because it must have been built on a CoW-supporting filesystem. Try extracting it using `sudo bsdtar` or `fakeroot bsdtar`, and if the filesystem you extract it to is NOT a CoW-supporting filesystem it will complain. For example, it worked for me originally, because my rootfs is a BTRFS filesystem and I extracted it to a subdirectory of $HOME, but, when I repeated the experiment in /tmp, I got the complaints. -- Eli Schwartz Bug Wrangler and Trusted User
On 8/10/19 12:48 pm, Eli Schwartz wrote:
On 10/7/19 10:34 PM, Allan McRae wrote:
On 8/10/19 7:18 am, Eli Schwartz wrote:
This breaks reproducible builds due to encoding information specific to the filesystem which was used to build the package, information which we are never interested in for packaging purposes anyway.
It also means that attempting to extract a package file as root (or fakeroot) might result in angry warnings being printed to the console by bsdtar, followed by a non-zero exit code, unless the user remembers to use --no-fflags during extraction. This is unpleasant UI, even if pacman itself won't care about these.
What warnings? How would I replicate those warnings? I am currently not seeing any...
An example package is the current pacman-contrib-1.2.0-2 package in [community] -- it has the nocow attribute, because it must have been built on a CoW-supporting filesystem.
Try extracting it using `sudo bsdtar` or `fakeroot bsdtar`, and if the filesystem you extract it to is NOT a CoW-supporting filesystem it will complain.
For example, it worked for me originally, because my rootfs is a BTRFS filesystem and I extracted it to a subdirectory of $HOME, but, when I repeated the experiment in /tmp, I got the complaints.
Ah - I misread your commit message. I thought adding the --no-fflags option resulted in an error when extracting the package with bsdtar. Patch is good then. Allan
On 10/7/19 10:59 PM, Allan McRae wrote:
On 8/10/19 12:48 pm, Eli Schwartz wrote:
On 10/7/19 10:34 PM, Allan McRae wrote:
On 8/10/19 7:18 am, Eli Schwartz wrote:
This breaks reproducible builds due to encoding information specific to the filesystem which was used to build the package, information which we are never interested in for packaging purposes anyway.
It also means that attempting to extract a package file as root (or fakeroot) might result in angry warnings being printed to the console by bsdtar, followed by a non-zero exit code, unless the user remembers to use --no-fflags during extraction. This is unpleasant UI, even if pacman itself won't care about these.
What warnings? How would I replicate those warnings? I am currently not seeing any...
An example package is the current pacman-contrib-1.2.0-2 package in [community] -- it has the nocow attribute, because it must have been built on a CoW-supporting filesystem.
Try extracting it using `sudo bsdtar` or `fakeroot bsdtar`, and if the filesystem you extract it to is NOT a CoW-supporting filesystem it will complain.
For example, it worked for me originally, because my rootfs is a BTRFS filesystem and I extracted it to a subdirectory of $HOME, but, when I repeated the experiment in /tmp, I got the complaints.
Ah - I misread your commit message.
s/This/fflags/
I thought adding the --no-fflags option resulted in an error when extracting the package with bsdtar.
Patch is good then.
Allan
-- Eli Schwartz Bug Wrangler and Trusted User
participants (2)
-
Allan McRae
-
Eli Schwartz