diff mbox series

libubootenv: generate reproducible source tarball

Message ID 20260108054650.62014-1-srinuvasan.a@siemens.com
State Under Review
Headers show
Series libubootenv: generate reproducible source tarball | expand

Commit Message

srinuvasan.a Jan. 8, 2026, 5:46 a.m. UTC 
From: srinuvasan <srinuvasan.a@siemens.com>

Apply additional options to the tar command used to generate
reproducible source tarball: (1) use numeric and null [GU]IDs,
-clamp-mtime for file modification times to never be later than
SOURCE_DATE_EPOCH (preserving mtimes for files not modified by
the recipe) and --sort=name for consistent ordering within the
archive.

Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com>
Signed-off-by: srinuvasan <srinuvasan.a@siemens.com>
---
 meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

MOESSBAUER, Felix Jan. 8, 2026, 8:29 a.m. UTC | #1 
On Thu, 2026-01-08 at 11:16 +0530, srinuvasan.a via isar-users wrote:
> From: srinuvasan <srinuvasan.a@siemens.com>
> 
> Apply additional options to the tar command used to generate
> reproducible source tarball: (1) use numeric and null [GU]IDs,
> -clamp-mtime for file modification times to never be later than
> SOURCE_DATE_EPOCH (preserving mtimes for files not modified by
> the recipe) and --sort=name for consistent ordering within the
> archive.

Hi, the change itself is fine. I'm just wondering if we have the same
issue in other places as well. It probably makes sense to either create
a variable $TAR_REPRO_OPTS or create a deb_create_src_tar command to
completely handle the tar creation.

Best regards,
Felix

> 
> Signed-off-by: Cedric Hombourger <cedric.hombourger@siemens.com>
> Signed-off-by: srinuvasan <srinuvasan.a@siemens.com>
> ---
>  meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb b/meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb
> index 4d64ff8e..74409431 100644
> --- a/meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb
> +++ b/meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb
> @@ -25,5 +25,9 @@ CHANGELOG_V ?= "${PV}+isar-${SRCREV}"
>  do_prepare_build() {
>      deb_add_changelog
>      cd ${WORKDIR}
> -    tar cJf ${BPN}_${PV}+isar.orig.tar.xz --exclude=.git --exclude=debian ${P}
> +    tar cJf ${BPN}_${PV}+isar.orig.tar.xz \
> +        --exclude=.git --exclude=debian \
> +        --mtime=@${SOURCE_DATE_EPOCH} --clamp-mtime \
> +        --owner=0 --group=0 --numeric-owner \
> +        --sort=name ${P}
>  }
> -- 
> 2.39.5
> 
> -- 
> You received this message because you are subscribed to the Google Groups "isar-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/isar-users/20260108054650.62014-1-srinuvasan.a%40siemens.com.
diff mbox series

Patch

diff --git a/meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb b/meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb
index 4d64ff8e..74409431 100644
--- a/meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb
+++ b/meta/recipes-bsp/libubootenv/libubootenv_0.3.5-0.1.bb
@@ -25,5 +25,9 @@  CHANGELOG_V ?= "${PV}+isar-${SRCREV}"
 do_prepare_build() {
     deb_add_changelog
     cd ${WORKDIR}
-    tar cJf ${BPN}_${PV}+isar.orig.tar.xz --exclude=.git --exclude=debian ${P}
+    tar cJf ${BPN}_${PV}+isar.orig.tar.xz \
+        --exclude=.git --exclude=debian \
+        --mtime=@${SOURCE_DATE_EPOCH} --clamp-mtime \
+        --owner=0 --group=0 --numeric-owner \
+        --sort=name ${P}
 }