Bug 1134568 - packages do not build reproducibly from zip file
Summary: packages do not build reproducibly from zip file
Status: CONFIRMED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Development (show other bugs)
Version: Current
Hardware: All openSUSE Factory
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Bernhard Wiedemann
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on: 1217973
Blocks: 1081754
  Show dependency treegraph
 
Reported: 2019-05-09 09:10 UTC by Bernhard Wiedemann
Modified: 2023-12-12 08:05 UTC (History)
0 users

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2019-05-09 09:10:45 UTC 
Background: https://reproducible-builds.org/

Some packages include zip files.
Zip files often suffer from 2 sources of non-determinism:

1) filesystem readdir order during recursion (bug 1041090)
2) embedded mtime/atime/ctime values (bug 1047218)


1) can be avoided by calling zip with `find -type f | sort`
Or by patching the code for zip file creation as in
  https://github.com/python/cpython/pull/2263
(7z already does sorted recursion, so is good)

2) can be avoided by calling zip with -X since
  https://build.opensuse.org/request/show/700402


Another approach to fixing both issues is to have+use alternative code pathes that use plain files in the rpm and no zip


Example fixes:
https://build.opensuse.org/request/show/701063 fs-uae
https://github.com/Warzone2100/warzone2100/pull/98
https://github.com/sirjuddington/SLADE/pull/892
https://gitlab.com/tista500/plata-theme/merge_requests/3
Comment 1 OBSbugzilla Bot 2020-12-09 17:50:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1134568) was mentioned in
https://build.opensuse.org/request/show/854321 Backports:SLE-15-SP3 / nulloy