Sync from SUSE:SLFO:Main rpm revision e071ed4e1c98ea104a3dfec969a5f630

0001-Add-option-to-set-mtime-of-files-in-rpms.patch

@@ -0,0 +1,100 @@
+From e825566a0c22b5e26af2f7f5eb3541b95ae41040 Mon Sep 17 00:00:00 2001
+From: Jan Zerebecki <jan.suse@zerebecki.de>
+Date: Thu, 15 Feb 2024 09:57:35 +0100
+Subject: [PATCH 1/3] Add option to set mtime of files in rpms
+
+to SOURCE_DATE_EPOCH.
+
+For backwards compatibility the option clamp / limit the maximum mtime
+is retained.
+
+Setting it ouright avoids problems with an incorrectly older clock. It
+also avoids problems with build scrips that incorrectly change file
+mtimes when SOURCE_DATE_EPOCH_MTIME is in use.
+
+mtimes are required to increase with new versions and releases
+of an rpm with the same name, as rsync without --checksum and similar
+tools would get confused if the content changes without newer mtime.
+
+If SOURCE_DATE_EPOCH_MTIME is set use it instead for file modification time
+stamps. It is supposed to be newer. This can be used if we might want to
+compare if the file content remains the same when a build dependency
+changes while a build script embeds SOURCE_DATE_EPOCH in the file
+content.
+
+This can be used to support automatic rebuilds. Normally automatic
+rebuilds work, but together with reproducible builds an undesirable
+situation may occur. If a build e.g. embeds SOURCE_DATE_EPOCH in the
+output, then the output changes every time such a rebuild happens, which
+can be very often. This is to be avoided as updating packages without
+necessity is too expensive.
+---
+ build/files.c | 33 ++++++++++++++++++++++++++++-----
+ 1 file changed, 28 insertions(+), 5 deletions(-)
+
+diff --git a/build/files.c b/build/files.c
+index 5ae20c689..ebb2aa0cd 100644
+--- a/build/files.c
++++ b/build/files.c
+@@ -1001,14 +1001,34 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+     uint32_t defaultalgo = RPM_HASH_MD5, digestalgo;
+     rpm_loff_t totalFileSize = 0;
+     Header h = pkg->header; /* just a shortcut */
++    int set_mtime = 0;
+     time_t source_date_epoch = 0;
+     char *srcdate = getenv("SOURCE_DATE_EPOCH");
++    char *msrcdate = getenv("SOURCE_DATE_EPOCH_MTIME");
+ 
+-    /* Limit the maximum date to SOURCE_DATE_EPOCH if defined
+-     * similar to the tar --clamp-mtime option
++    /* If SOURCE_DATE_EPOCH_MTIME is set use it for file modification time
++     * stamps, it is supposed to be newer. This can be used if we might want to
++     * compare if the file content remains the same when a build dependency
++     * changes while a build script embeds SOURCE_DATE_EPOCH in the file
++     * content. mtimes are required to increase with new versions and releases
++     * of an rpm with the same name, as rsync without --checksum and similar
++     * tools would get confused if the content changes without newer mtime. */
++    if (msrcdate != NULL) {
++	srcdate = msrcdate;
++    }
++
++    /* Set the file mtime to SOURCE_DATE_EPOCH it if requested to make the
++     * resulting rpm reproducible.
+      * https://reproducible-builds.org/specs/source-date-epoch/
++     *
++     * For backwards compatibility clamp / limit the maximum mtime if requested
++     * similar the tar --clamp-mtime option. Setting it ouright avoids problems
++     * with an incorrectly older clock. It also avoids problems with build
++     * scrips that incorrectly change file mtimes when SOURCE_DATE_EPOCH_MTIME
++     * is in use.
+      */
+-    if (srcdate && rpmExpandNumeric("%{?clamp_mtime_to_source_date_epoch}")) {
++    if (srcdate && (rpmExpandNumeric("%{?clamp_mtime_to_source_date_epoch}")
++	|| rpmExpandNumeric("%{?set_mtime_to_source_date_epoch}"))) {
+ 	char *endptr;
+ 	errno = 0;
+ 	source_date_epoch = strtol(srcdate, &endptr, 10);
+@@ -1016,6 +1036,9 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+ 	    rpmlog(RPMLOG_ERR, _("unable to parse %s=%s\n"), "SOURCE_DATE_EPOCH", srcdate);
+ 	    fl->processingFailed = 1;
+ 	}
++	if (rpmExpandNumeric("%{?set_mtime_to_source_date_epoch}")) {
++	    set_mtime = 1;
++	}
+     }
+ 
+     /*
+@@ -1160,8 +1183,8 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+ 		totalFileSize += flp->fl_size;
+ 	    }
+ 	}
+-	
+-	if (source_date_epoch && flp->fl_mtime > source_date_epoch) {
++
++	if (source_date_epoch && (flp->fl_mtime > source_date_epoch || set_mtime)) {
+ 	    flp->fl_mtime = source_date_epoch;
+ 	}
+ 	/*
+-- 
+2.45.2
+

0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch

@@ -0,0 +1,29 @@
+From 7ef9c24d73de4c3c2567220892f129c638fd70e7 Mon Sep 17 00:00:00 2001
+From: Jan Zerebecki <jan.suse@zerebecki.de>
+Date: Thu, 15 Feb 2024 07:58:44 +0100
+Subject: [PATCH 2/3] log build time if it is set from SOURCE_DATE_EPOCH
+
+---
+ build/build.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/build/build.c b/build/build.c
+index 44794477c..54bac2e76 100644
+--- a/build/build.c
++++ b/build/build.c
+@@ -33,8 +33,11 @@ static rpm_time_t getBuildTime(void)
+         epoch = strtol(srcdate, &endptr, 10);
+         if (srcdate == endptr || *endptr || errno != 0)
+             rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n"));
+-        else
++        else {
+             buildTime = (int32_t) epoch;
++	    rpmlog(RPMLOG_NOTICE, _("using %s with value %ld as build time\n"),
++		"SOURCE_DATE_EPOCH", buildTime);
++	}
+     } else
+         buildTime = (int32_t) time(NULL);
+ 
+-- 
+2.45.2
+

0003-Error-out-on-a-missing-changelog-date.patch

@@ -0,0 +1,30 @@
+From 487b820a2def69324f676267feef79dc3a41306d Mon Sep 17 00:00:00 2001
+From: Jan Zerebecki <jan.suse@zerebecki.de>
+Date: Thu, 15 Feb 2024 08:03:05 +0100
+Subject: [PATCH 3/3] Error out on a missing changelog date
+
+if it is needed as the source for SOURCE_DATE_EPOCH, instead of only
+logging a warning.
+---
+ build/build.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/build/build.c b/build/build.c
+index 54bac2e76..0292b9c4a 100644
+--- a/build/build.c
++++ b/build/build.c
+@@ -321,8 +321,10 @@ static rpmRC buildSpec(rpmts ts, BTA_t buildArgs, rpmSpec spec, int what)
+ 	    setenv("SOURCE_DATE_EPOCH", sdestr, 0);
+ 	    rpmtdFreeData(&td);
+ 	} else {
+-	    rpmlog(RPMLOG_WARNING, _("source_date_epoch_from_changelog set but "
++	    rpmlog(RPMLOG_ERR, _("source_date_epoch_from_changelog set but "
+ 	        "%%changelog is missing\n"));
++	    rc = RPMRC_FAIL;
++	    goto exit;
+ 	}
+     }
+ 
+-- 
+2.45.2
+

rpm.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Aug 21 23:29:42 UTC 2024 - Jan Zerebecki <jan.suse@zerebecki.de>
+
+- Add patches to enable reproducible builds by default (bsc#1148824). For
+  upstream versions see:
+  https://github.com/rpm-software-management/rpm/pull/2880
+  0001-Add-option-to-set-mtime-of-files-in-rpms.patch
+  0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch
+  0003-Error-out-on-a-missing-changelog-date.patch
+
 -------------------------------------------------------------------
 Tue Aug  8 12:39:25 UTC 2023 - Dirk Müller <dmueller@suse.com>
 

rpm.spec

@@ -112,6 +112,9 @@ Patch136:       x86_64-microarchitectures.patch
 Patch137:       cpuid_lzcnt.patch
 Patch138:       libmagic-exceptions.patch
 Patch139:       remove-awk-dependency.patch
+Patch140:       0001-Add-option-to-set-mtime-of-files-in-rpms.patch
+Patch141:       0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch
+Patch142:       0003-Error-out-on-a-missing-changelog-date.patch
 # touches a generated file
 Patch180:       whatrequires-doc.diff
 Patch6464:      auto-config-update-aarch64-ppc64le.diff
@@ -224,6 +227,7 @@ rm -rf sqlite
 %patch                                                  -P 117
 %patch -P 122 -P 123
 %patch -P 131          -P 133 -P 134 -P 135 -P 136 -P 137 -P 138 -P 139
+%patch -P 140 -P 141 -P 142 -p1
 %patch -P 180
 
 %ifarch aarch64 ppc64le riscv64