[tor-bugs] #31264 [Applications/rbm]: tar.gz output files contain nonreproducible timestamps
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 30 08:52:13 UTC 2019
#31264: tar.gz output files contain nonreproducible timestamps
------------------------------+-----------------------
Reporter: JeremyRand | Owner: boklm
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/rbm | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+-----------------------
Comment (by JeremyRand):
> The reason to use gzip to compress source tarballs is that xz is a lot
slower than gzip. So switching to xz would save some space on disk, but
would probably slow down the build. Especially for components like firefox
where we might spend several minutes just to compress it with xz.
Ah, that makes sense, thanks for the explanation.
> However it looks like we could easily fix the gzip reproducibility issue
by using the -n or --no-name option:
> https://wiki.debian.org/ReproducibleBuilds/TimestampsInGzipHeaders
Nice, I wasn't aware of that trick.
So, would a good solution be to patch
http://jqs44zhtxl2uo6gk.onion/builders/rbm.git/tree/lib/RBM/DefaultConfig.pm?id=e04f03f9626e993bb66d7784d258f95ca07bc769#n578
, replacing this:
tar --no-recursion [% IF c('gnu_utils') -%]
With this:
GZIP="--no-name" tar --no-recursion [% IF c('gnu_utils') -%]
Or is there a better place to put that flag?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31264#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list