[Rpm-maint] Reproducible packages
Nicolas Vigier
boklm at mars-attacks.org
Fri Oct 25 13:48:37 UTC 2013
Any opinion on those two patches ?
On Wed, 25 Sep 2013, Nicolas Vigier wrote:
> Hello,
>
> While running successive "rpmbuild -bs" commands to create a source rpm,
> I noticed that it creates different rpm files each time, although the
> spec file and sources tarball are exactly the same. The reason is that
> the package includes tags such as BUILDTIME and COOKIE (build time +
> build host).
>
> I think that in some cases, it can be useful to be able to reproduce
> exact rpm file.
>
> Here is a proposal for two patches that add an option to set the build
> time and the build host to some fixed values, so you can reproduce the
> packages :
>
> - if %{_buildtime} is defined, then it is used as the build time
> - if %{_buildhost} is defined, then it is used as the build host
>
> With those patches applied, I can reproduce a source package with a
> command like this :
>
> $ rpmbuild --define "_buildtime 1" --define "_buildhost something" -bs *.spec
>
> This is not enough to be able to reproduce binary packages, as the
> %{buildroot} files also need to have the same modification time in
> addition to same content, but I think it is a first step in that
> direction.
>
> Nicolas
>
> _______________________________________________
> Rpm-maint mailing list
> Rpm-maint at lists.rpm.org
> http://lists.rpm.org/mailman/listinfo/rpm-maint
More information about the Rpm-maint
mailing list