On Fri, Jun 25, 2021 at 02:40:22PM +0200, Miroslav Suchý wrote: > Dne 24. 06. 21 v 23:22 Miro Hrončok napsal(a): > > AFAIK git does not grantee to produce byte2byte identical archives > > across different versions of git, zlib, gzip etc. So even if upstream > > signs the git generated archive, generating a byte2byte identical one > > might be tricky. > > Neither git nor tar can do that. But it is not impossible. E.g. Tito [1] has > some hacks on top of git-archive which produces identical tar-balls. > > [1] https://github.com/rpm-software-management/tito/
FWIW, pristine-tar (http://joeyh.name/code/pristine-tar/) can handle almost all upstream tarballs, and it also has support for storing detached signatures alongside its metadata. I keep hearing people say that there are cases when it fails, but it has worked for me for dozens of packages. Of course, it does have its own expectations about the structure of the Git repository, but those are mostly limited to "give me a branch to play in, I'll take care of the rest". G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@debian.org p...@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
