When doing test rebuilds for rpms after the Fedora 42 mass rebuild, I found a
bunch of packages which failed repro test because they didn't have
$SOURCE_DATE_EPOCH properly set during the build. When discussing the causes
with some of the maintainers, I was asked "why wasn't the build immediately
rejected", and I couldn't give a good answer. I think it makes sense for distro
builds to fail in those cases.
I saw two kinds of issues:
1. the last changelog entry is in the future when the build is made. So far,
this happens for packages where %autochangelog is *not* used, and the
maintainer inserts a changelog entry after midnight in the local time zone, but
the build actually happens before midnight UTC, so the $SOURCE_DATE_EPOCH
timestamp is in the future during the build
(https://docs.fedoraproject.org/en-US/reproducible-builds/common_problems/)
2. there is no changelog. This is caused by a forgotten or mistyped
`%autochangelog` in the `%changelog` section and other similar spec file
formatting problems.
Thus, I'd like to request a new setting like
`%require_valid_changelog_timestamps`, with a default of 0. Fedora could set it
to 1 in mock and koji. This would reject builds with:
1. no changelog
2. changelog with invalid dates or non-monotonic timestamps
3. changelog with entries in the future
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3571
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/repo-discussions/3...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
https://lists.rpm.org/mailman/listinfo/rpm-maint
