[tor-bugs] #31264 [Applications/rbm]: tar.gz output files contain nonreproducible timestamps

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 30 08:52:13 UTC 2019


#31264: tar.gz output files contain nonreproducible timestamps
------------------------------+-----------------------
 Reporter:  JeremyRand        |          Owner:  boklm
     Type:  defect            |         Status:  new
 Priority:  Medium            |      Milestone:
Component:  Applications/rbm  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+-----------------------

Comment (by JeremyRand):

 > The reason to use gzip to compress source tarballs is that xz is a lot
 slower than gzip. So switching to xz would save some space on disk, but
 would probably slow down the build. Especially for components like firefox
 where we might spend several minutes just to compress it with xz.

 Ah, that makes sense, thanks for the explanation.

 > However it looks like we could easily fix the gzip reproducibility issue
 by using the -n or --no-name option:
 > https://wiki.debian.org/ReproducibleBuilds/TimestampsInGzipHeaders

 Nice, I wasn't aware of that trick.

 So, would a good solution be to patch
 http://jqs44zhtxl2uo6gk.onion/builders/rbm.git/tree/lib/RBM/DefaultConfig.pm?id=e04f03f9626e993bb66d7784d258f95ca07bc769#n578
 , replacing this:

 tar --no-recursion [% IF c('gnu_utils') -%]

 With this:

 GZIP="--no-name" tar --no-recursion [% IF c('gnu_utils') -%]

 Or is there a better place to put that flag?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31264#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list