From eab5aba9b027a7689acaf2382a04ff69b5b8771e Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Mon, 30 Oct 2017 11:17:56 -0400 Subject: Support reproducible builds Recent development versions of makepkg support reproducible builds through the environment variable SOURCE_DATE_EPOCH. Pass this variable through makechrootpkg to makepkg when available. Also initialize SOURCE_DATE_EPOCH whenever running archbuild to enforce reproducible builds for repository packages. Signed-off-by: Eli Schwartz Signed-off-by: Levente Polyak --- makechrootpkg.in | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index d4c293f..9253544 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -205,6 +205,7 @@ EOF { printf '#!/bin/bash\n' declare -f _chrootbuild + declare -p SOURCE_DATE_EPOCH 2>/dev/null printf '_chrootbuild "$@" || exit\n' if $run_namcap; then @@ -231,7 +232,7 @@ _chrootbuild() { # use "$" in arguments to commands with "sudo -i". ${foo} or # ${1} is OK, but $foo or $1 isn't. # https://bugzilla.sudo.ws/show_bug.cgi?id=765 - sudo -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@" + sudo --preserve-env=SOURCE_DATE_EPOCH -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@" } _chrootnamcap() { @@ -343,7 +344,7 @@ main() { [[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.' makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}} - check_root + check_root SOURCE_DATE_EPOCH # Canonicalize chrootdir, getting rid of trailing / chrootdir=$(readlink -e "$passeddir") -- cgit v1.2.3-54-g00ecf