[gentoo-commits] proj/linux-patches:genpatches-misc commit in: scripts/

[Mike Pagano]

commit:     36625fc3f265bc98a0b99ef8503b025e6bca2772
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 14 23:12:36 2018 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Fri Dec 14 23:12:36 2018 +0000
URL:        https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=36625fc3

Try to generate reproducible tarballs by excluding anything that might
be an artifact of the checkout:
- local ownership of files
- local mtime of files
- file ordering in tarball

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 scripts/gpdorelease | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/scripts/gpdorelease b/scripts/gpdorelease
index bec5650..f8eb374 100755
--- a/scripts/gpdorelease
+++ b/scripts/gpdorelease
@@ -84,25 +84,44 @@ file_base="/tmp/${TARBALL_BASENAME}-$newfullver.base.tar.xz"
 file_extras="/tmp/${TARBALL_BASENAME}-$newfullver.extras.tar.xz"
 file_experimental="/tmp/${TARBALL_BASENAME}-$newfullver.experimental.tar.xz"
 
+#tag release
+echo "Tagging with ${newfullver}"
+git -C ${LOCAL_PATCHES_TRUNK} tag ${newfullver} || exit 1
+
 # build tarballs
 echo "Creating tarballs in /tmp..."
 
+# Try very hard to ensure repeated generated of tarballs on different systems
+# produces the same results.
+# - the order of files inside the tarball should be alphabetic (rather than
+#   disk or inode)
+# - the owner/group of files inside the tarball should be root/root
+# - the mtime of files inside the tarball should match the mtime of the commit
+#   at HEAD of the tag.
+# -- this might NOT be the mtime of the tag!
+_mtime=$(git -C "${LOCAL_PATCHES_TRUNK}" log -1  --format=@%ct "${newfullver}")
+TAR_CMD=(
+       tar
+       --group=root:0
+       --owner=root:0
+       --sort=name
+       --mtime="$_mtime"
+       --xz
+       -cvf
+)
+
 if [[ "${WE_WANT}" == *"base"* ]] ; then
-       [ -n "$(find ./[012]* 2>/dev/null)" ] && tar -cvJf ${file_base} ./[012]*
+       [ -n "$(find ./[012]* 2>/dev/null)" ] && "${TAR_CMD[@]}" ${file_base} 
./[012]*
 fi
 
 if [[ "${WE_WANT}" == *"extras"* ]] ; then
-       [ -n "$(find ./[34]* 2>/dev/null)" ] && tar -cvJf ${file_extras} ./[34]*
+       [ -n "$(find ./[34]* 2>/dev/null)" ] && "${TAR_CMD[@]}" ${file_extras} 
./[34]*
 fi
 
 if [[ "${WE_WANT}" == *"experimental"* ]] ; then
-       [ -n "$(find ./50* 2>/dev/null)" ] && tar -cvJf ${file_experimental} 
./50*
+       [ -n "$(find ./50* 2>/dev/null)" ] && "${TAR_CMD[@]}" 
${file_experimental} ./50*
 fi
 
-#tag release
-echo "Tagging with ${newfullver}"
-git -C ${LOCAL_PATCHES_TRUNK} tag ${newfullver}
-
 #push tag
 echo "Pushing tag ${newfullver}"
 git push --tags -u origin ${BRANCH}