search

redguardtoo / elpa-mirror

Create local emacs package repository. 15 seconds to install 115 packages.
315 stars 55 forks source link

Improve reproducibility #30

Closed pkkm closed 3 years ago

pkkm commented 3 years ago

The aim of this pull request is to improve the reproducibility of directories generated by elpa-mirror. This means that directories generated from the same packages at the same versions should be identical even if the packages were installed at different times, by different users, or on different computers.

This will make it easier to compare generated directories. Depending on how the users synchronizes their repository, it will also reduce Dropbox/Syncthing network churn or git repo size.

The way this is done is by sorting the list of packages, and by passing additional options to tar to force the stored user to root and the mtime to 0. This is for GNU tar only, as BSD tar doesn't support all the necessary features.

redguardtoo commented 3 years ago

sure. Does bsd tar support those options?

pkkm commented 3 years ago

No, we could set the user and group, but BSD tar won't let us set the mtime, which is the most important thing for reproducibility. They even have an open issue about this: https://github.com/libarchive/libarchive/issues/971.

redguardtoo commented 3 years ago

Thanks