Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reproducible builds #82

Closed
newpavlov opened this issue May 29, 2023 · 5 comments · Fixed by #83
Closed

Reproducible builds #82

newpavlov opened this issue May 29, 2023 · 5 comments · Fixed by #83

Comments

@newpavlov
Copy link
Contributor

newpavlov commented May 29, 2023
edited
Loading

Right now by default generate-rpm crates non-reproducible RPMs. It can be worked around by using --payload-compress none and manually setting modification time of included artifacts right before RPM generation. Ideally, it should be handled by a simple flag.

Also I don't quite understand why enabling compression makes builds non-reproducible.

Relevant issue: rpm-rs/rpm#117
@cat-in-136
Copy link
Owner

I am against "it should be handled by a simple flag" but reproducability of rpm file is acceptable.

As you know it is depending on timestamp and other time-related conditions. I believe that these parameter should be manually set by the user who wanna get reproducable builds.

Of cause currently compression issue and some missing fields needed to be added to the purpose. Simply speaking, it is just depending on rpm-rs/rpm#117.

@newpavlov
Copy link
Contributor Author

I think a SOURCE_DATE_EPOCH-like flag should be sufficient for time-related conditions. As a convenience it would be nice to have additional flags which set it to the beginning of the UNIX epoch and to date of last commit in current repository.

@cat-in-136
Copy link
Owner

Again, simply speaking, this issue is just depending on rpm-rs/rpm#117 and need to clarify on requirements on rpm-rs/rpm. It is impossible to clarify single flag is suitable or not.

BTW, the original rpmbuild have such a "simple flag"?

@newpavlov
Copy link
Contributor Author

this issue is just depending on rpm-rs/rpm#117 and need to clarify on requirements on rpm-rs/rpm.

Yes, I understand. This is why I linked the issue. I created this issue to make it easier to find for users of generate-rpm who are interested in reproducibility and to discuss potential shape of CLI API.

BTW, the original rpmbuild have such a "simple flag"?

IIUC it's done by setting %source_date_epoch_from_changelog, but I haven't used it myself.

@cat-in-136
Copy link
Owner

So, the feasibility of a fully working simple flag is not clear. Such a simple flag need to be careful about because users expect complete behavior.

I will leave this ticket open. Please create other tickets or PRs to introduce each respective settings (mtime, build time, etc.).

@newpavlov newpavlov mentioned this issue Jun 2, 2023
Merged
@cat-in-136 cat-in-136 mentioned this issue Feb 17, 2024
Closed
@Will-Shanks Will-Shanks mentioned this issue Feb 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update rpm, migrate to clap and add source_date_epoch flag newpavlov/cargo-generate-rpm
2 participants
@newpavlov @cat-in-136