[Rpm-maint] [rpm-software-management/rpm] rfe: allow rejecting packages with invalid timestamp on last changelog entry (Issue #3601)
Panu Matilainen
notifications at github.com
Wed Feb 26 09:22:55 UTC 2025
pmatilai created an issue (rpm-software-management/rpm#3601)
### Discussed in https://github.com/rpm-software-management/rpm/discussions/3571
<div type='discussions-op-text'>
<sup>Originally posted by **keszybz** February 12, 2025</sup>
When doing test rebuilds for rpms after the Fedora 42 mass rebuild, I found a bunch of packages which failed repro test because they didn't have $SOURCE_DATE_EPOCH properly set during the build. When discussing the causes with some of the maintainers, I was asked "why wasn't the build immediately rejected", and I couldn't give a good answer. I think it makes sense for distro builds to fail in those cases.
I saw two kinds of issues:
1. the last changelog entry is in the future when the build is made. So far, this happens for packages where %autochangelog is *not* used, and the maintainer inserts a changelog entry after midnight in the local time zone, but the build actually happens before midnight UTC, so the $SOURCE_DATE_EPOCH timestamp is in the future during the build (https://docs.fedoraproject.org/en-US/reproducible-builds/common_problems/)
2. there is no changelog. This is caused by a forgotten or mistyped `%autochangelog` in the `%changelog` section and other similar spec file formatting problems.
Thus, I'd like to request a new setting like `%require_valid_changelog_timestamps`, with a default of 0. Fedora could set it to 1 in mock and koji. This would reject builds with:
1. no changelog
2. changelog with invalid dates or non-monotonic timestamps
3. changelog with entries in the future
</div>
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3601
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3601 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20250226/27b0b2a5/attachment.htm>
More information about the Rpm-maint
mailing list