steve-mcintyre
commented
1 year ago LGTM, but as you suggest let's take the mtime from tag time
Closed julian-klode closed 1 year ago
steve-mcintyre
commented
1 year ago LGTM, but as you suggest let's take the mtime from tag time
julian-klode
commented
1 year ago Updated. So right now the tar logic above actually extracts the right timestamps based on the git tags, by extracting the git-archive archives, so shim and gnu-efi have different timestamps - which is nice to have, but not doable by setting the time on the command-line, so this uses the shim tag timestamp - if it exists, for everything.
steve-mcintyre
commented
1 year ago looks better, cool!
frozencemetery
commented
1 year ago Hmm, I thought bzip2 was reproducible, but your commit suggests otherwise - am I misremembering?
julian-klode
commented
1 year ago Just expressing concerns about reproducibility across different, future versions. Which can always happen
Currently the one version seems reproducible.
Remove timestamps, user names, etc. from the tarball so that it can be built reproducibly by multiple people, on different machines.
The outer bzip2 layer might still be different, no reproducible bzip2 known.
This sets the time to 0, it would also be possible to set it to the git tag time.