On Mon, Mar 09, 2009 at 01:09:34AM -0700, Russ Allbery wrote: > If you're trying to recreate the tarball from a set of files, this doesn't > work as well, but that also has other problems (it doesn't give you a > reproducible tarball). I suspect that if you're storing enough additional > metadata to know how to generate a reproducible tarball, you'll have > metadata to know how to build it. For pristine-tar, for example, I'd put > each upstream tarball on a separate branch and merge them together, so > that pristine-tar has a branch tag to use for commit and checkout.
I might be wrong here but recreating an orig tarball from the data in a VCS can always lead to a different tarball than the actually original tarball when you unpacked (and commited) it via 'dpkg-source -x' just due to the ignore regex for files. If upstream had files in his/her tarball that got ignored by dpkg-source then those are not unpacked and not commited and thus not repacked in a recreated orig tarball (leading at least to different checksums). Or am I wrong with that? Hauke
signature.asc
Description: Digital signature
