[Rpm-maint] [rpm-software-management/rpm] Reproducible builds improvements (Issue #2894)
Neal Gompa (ニール・ゴンパ)
notifications at github.com
Wed Feb 21 12:20:26 UTC 2024
One of the reasons for the knobs is that not all of these settings are fully useful for "reproducibility" and some of these harm traceability and debugging.
For example, forcing the build host to `reproducible` does not provide much value if you are able to do comparisons while stripping/ignoring specific RPM header values and makes it harder to determine when something weird is happening as a result of a build host in real-world debugging efforts. This is similarly true for clamping build times, and has the negative consequence of making it difficult for tools to sort packages when they were built with the same NVR.
Setting `SOURCE_DATE_EPOCH` from the changelog provides value because it influences how the build itself records timestamps. Clamping mtimes provides value because it eliminates variability from the payload.
Everything we do around "reproducible builds" needs to be viewed with the lens of handling this balance.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2894#issuecomment-1956531794
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2894/1956531794 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240221/424fea2c/attachment-0001.html>
More information about the Rpm-maint
mailing list