[pacman-dev] [PATCH] makepkg: introduce SOURCE_DATE_EPOCH

[Allan McRae]

On 17/04/17 23:34, Andrew Gregory wrote:
> On 04/17/17 at 08:41pm, Allan McRae wrote:
>> This patch introduces the SOURCE_DATE_EPOCH environmental variable.  All files
>> in a package are adjusted to have their modification dates set to the value
>> of SOURCE_DATE_EPOCH, which defaults to "date +%s".
>>
>> Setting this variable allows a package that is built twice in the same
>> environment to be (potentially) reproducible in that the checksum of the
>> generated package file will be the same.
>>
>> Signed-off-by: Allan McRae <allan at archlinux.org>
> 
> I'm of the opinion that makepkg is the wrong place to work on
> reproducible builds.  We could probably take care of the low-hanging
> fruit directly in makepkg, but a number of packages are going to
> require more find-grained control over the environment then I think we
> should be putting in makepkg.  If you look at `perl -V`, for instance,
> it embeds the output of `uname -a` and a timestamp directly in the
> executable.  I suspect that any effort we put into reproducible builds
> with makepkg would eventually have to be duplicated with a more
> powerful wrapper script in order to handle packages like perl that
> record more of their environment than we should be manipulating in
> makepkg.

I agree that makepkg is not the place for much of this.  However, the
SOURCE_DATE_EPOCH variable is a standard and we require makepkg to
understand it and make a few other minor changes for any tool to have a
chance of recreating a package from its PKGBUILD and .BUILDINFO file.  I
am not looking to extend the changes beyond this initial patchset.

Allan