[arch-dev-public] [RFC] Remove svn propset id's
Jelle van der Waa
jelle at vdwaa.nl
Wed Aug 29 20:23:07 UTC 2018
Most of our PKGBUILDs svn propset's break reproducible builds and the
pkgbuild_sha256sum in the BUILDINFO file. When building a package before
commiting the PKGBUILD the propset $Id will differ since the $Id is set on
commit.
This has a few implications, pkgbuild_sha256sum is useless and we can't
reproduce packages due to the BUILDINFO not matching. Also the reproduce tool
uses ASP to retrieve the PKGBUILD and therefore can't verify that it got the
correct PKGBUILD (it relies on pkgbuild_sha256sum).
To resolve this issue we could simply remove the propset id's, since for
me, although not sure about others they don't seem particulary useful.
The proof that the sha256sums's don't match:
$ extra-x86_64-build
$ grep sha256 .BUILDINFO
pkgbuild_sha256sum = 8748d60d2c782f477cb7e692a3dad30be90491cdc13fe8951340da4c0bc7f19e
$ $repopkg
$ sha256sum PKGBUILD
d8ab51a983026dd4a6e2f48e9dc66177eca8cf6c1c0ffefb950b093db299e304 PKGBUILD
# The git checkout
[jelle at helium][/tmp/bar/community/python-psutil/trunk]%sha256sum PKGBUILD
ce7f1e68a3b426412a24f46016817d30721860c8ef6b3d0a2dddac8ff2448b84 PKGBUILD
[jelle at helium][/tmp/bar/community/python-psutil/trunk]%diff PKGBUILD /tmp/python-psutil/trunk/PKGBUILD
1c1
< # $Id$
---
> # $Id: PKGBUILD 375007 2018-08-28 17:24:26Z jelle $
--
Jelle van der Waa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20180829/080aa6c0/attachment.asc>
More information about the arch-dev-public
mailing list