We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
According to Wikipedia,
The ZIP format has no notion of time zone, so timestamps are only meaningful if it is known what time zone they were created in.
rpm-uncompress uses the current (local) time zone, leading to irreproducibility in builds.
$ fedpkg clone xz-java && cd xz-java ... $ fedpkg prep ... $ stat xz-java-1.9/NEWS File: xz-java-1.9/NEWS Size: 4344 Blocks: 16 IO Block: 4096 regular file Device: 253,0 Inode: 6611079 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 1000/ zbyszek) Gid: ( 1000/ zbyszek) Access: 2021-03-12 18:32:16.000000000 +0100 Modify: 2021-03-12 18:32:16.000000000 +0100 <--------------------------------------------------------------- Change: 2024-03-10 12:37:51.690998815 +0100 Birth: 2024-03-10 12:37:51.668998547 +0100 $ TZ=UTC fedpkg prep ... /usr/lib/rpm/rpmuncompress -x /home/zbyszek/fedora/xz-java/xz-java-1.9.zip ... $ stat xz-java-1.9/NEWS File: xz-java-1.9/NEWS Size: 4344 Blocks: 16 IO Block: 4096 regular file Device: 253,0 Inode: 6611079 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 1000/ zbyszek) Gid: ( 1000/ zbyszek) Access: 2021-03-12 19:32:16.000000000 +0100 Modify: 2021-03-12 19:32:16.000000000 +0100 <--------------------------------------------------------------- Change: 2024-03-10 12:38:31.137479784 +0100 Birth: 2024-03-10 12:38:31.116479528 +0100
Please always use the UTC timezone. RPM builds are not supposed to depend on the local TZ setting.
(I noticed because THANKS and COPYING gets copied into the binary rpms, and the mtime is preserved, leading to irreproducibility.)
THANKS
COPYING
The text was updated successfully, but these errors were encountered:
No branches or pull requests
According to Wikipedia,
rpm-uncompress uses the current (local) time zone, leading to irreproducibility in builds.
Please always use the UTC timezone. RPM builds are not supposed to depend on the local TZ setting.
(I noticed because
THANKSandCOPYINGgets copied into the binary rpms, and the mtime is preserved, leading to irreproducibility.)The text was updated successfully, but these errors were encountered: