Daniel Milde <dan...@milde.cz> (2021-02-12): > how do you make reproducible builds when the software is using build > variables linked via -X? > > E.g. > https://salsa.debian.org/go-team/packages/gdu/-/blob/debian/sid/debian/rules
It's fun for you to ask today while I've toyed with that just yesterday: https://salsa.debian.org/go-team/packages/crowdsec/-/commit/ddebb3b0fc576a65636fb167912efca5c4dd6fa9 > Is it bad practice to have these build variables at all (maybe except > version)? More information about the SOURCE_DATE_EPOCH concept “upstream”: https://reproducible-builds.org/specs/source-date-epoch/ On the dpkg side that seems to date back to: dpkg (1.18.19) unstable; urgency=medium … * Always set SOURCE_DATE_EPOCH in dpkg-buildpackage and dpkg-source. * Use the current date if the changelog does not have one. Closes: #849081 … -- Guillem Jover <guil...@debian.org> Fri, 27 Jan 2017 05:43:36 +0100 I don't know what your upstream could do with the build user information, I think I'd probably strip it. (That is not to say that you should add the variables you can see above in the crowdsec case, that's merely a proof of concept at this stage, to retain all metadata that upstream is currently setting in their Makefile.) Cheers, -- Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
signature.asc
Description: PGP signature
