diff --git a/0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch b/0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch new file mode 100644 index 0000000..05384e1 --- /dev/null +++ b/0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch @@ -0,0 +1,49 @@ +From 495b79d8e9a44ad0ada965add3a046120646e7e0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stefan=20Br=C3=83=C2=BCns?= +Date: Thu, 12 Jan 2017 18:04:57 +0100 +Subject: [PATCH 1/2] mkromfs: make build reproducible, use buildtime from + SOURCE_DATE_EPOCH +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The environment variable SOURCE_DATE_EPOCH is the common approach for +getting reproducible timestamps and thus builds. In case the variable +is not set, keep using the current time of the mkromfs run. + +Signed-off-by: Stefan Brüns +--- + base/mkromfs.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/base/mkromfs.c b/base/mkromfs.c +index b7bc6bf..9b81c46 100644 +--- a/base/mkromfs.c ++++ b/base/mkromfs.c +@@ -2280,6 +2280,8 @@ main(int argc, char *argv[]) + int compaction = 0; + Xlist_element *Xlist_scan = NULL, *Xlist_head = NULL; + char pa[PATH_STR_LEN]; ++ time_t buildtime = 0; ++ char* env_source_date_epoch; + + memset(pa, 0x00, PATH_STR_LEN); + +@@ -2336,7 +2338,13 @@ main(int argc, char *argv[]) + #endif + fprintf(out,"\n#include \"stdint_.h\"\n"); + fprintf(out,"\n#include \"time_.h\"\n\n"); +- fprintf(out," time_t gs_romfs_buildtime = %ld;\n\n", time(NULL)); ++ ++ if ((env_source_date_epoch = getenv("SOURCE_DATE_EPOCH"))) { ++ buildtime = strtoul(env_source_date_epoch, NULL, 10); ++ } ++ if (!buildtime) ++ buildtime = time(NULL); ++ fprintf(out," time_t gs_romfs_buildtime = %ld;\n\n", buildtime); + + /* process the remaining arguments (options interspersed with paths) */ + for (; atarg < argc; atarg++) { +-- +2.11.0 + diff --git a/0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch b/0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch new file mode 100644 index 0000000..7cb1f71 --- /dev/null +++ b/0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch @@ -0,0 +1,75 @@ +From ec602a6eadfe7680e0a1008a67afa18903a07ad9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stefan=20Br=C3=BCns?= +Date: Thu, 12 Jan 2017 20:55:11 +0100 +Subject: [PATCH 2/2] mkromfs: sort gp_enumerate_files output for deterministic + ROM contents +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +gp_enumerate_files_next returns dir entries in the same order as returned +by readdir. Sort by name to generate deterministic output. + +Signed-off-by: Stefan Brüns +--- + base/mkromfs.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/base/mkromfs.c b/base/mkromfs.c +index 9b81c46..b7799ae 100644 +--- a/base/mkromfs.c ++++ b/base/mkromfs.c +@@ -344,6 +344,7 @@ const gs_malloc_memory_t minimal_memory = { + 0 /* max used */ + }; + ++int cmpstringp(const void *p1, const void *p2); + void put_uint32(FILE *out, const unsigned int q); + void put_bytes_padded(FILE *out, unsigned char *p, unsigned int len); + void inode_clear(romfs_inode* node); +@@ -1542,6 +1543,15 @@ static unsigned long pscompact_getcompactedblock(pscompstate *psc, unsigned char + return out-ubuf; + } + ++int cmpstringp(const void *p1, const void *p2) ++{ ++ /* The actual arguments to this function are "pointers to ++ pointers to char", but strcmp(3) arguments are "pointers ++ to char", hence the following cast plus dereference */ ++ ++ return strcmp(* (char * const *) p1, * (char * const *) p2); ++} ++ + /* This relies on the gp_enumerate_* which should not return directories, nor */ + /* should it recurse into directories (unlike Adobe's implementation) */ + /* paths are checked to see if they are an ordinary file or a path */ +@@ -1561,6 +1571,8 @@ void process_path(char *path, const char *os_prefix, const char *rom_prefix, + FILE *in; + unsigned long psc_len; + pscompstate psc = { 0 }; ++ unsigned long numfiles = 0; ++ char **foundfiles = NULL; + + prefixed_path = malloc(PATH_STR_LEN); + found_path = malloc(PATH_STR_LEN); +@@ -1598,6 +1610,17 @@ void process_path(char *path, const char *os_prefix, const char *rom_prefix, + if (excluded) + continue; + ++ numfiles++; ++ foundfiles = realloc(foundfiles, sizeof(char *) * numfiles); ++ foundfiles[numfiles - 1] = strdup(found_path); ++ } ++ ++ qsort(foundfiles, numfiles, sizeof(char *), cmpstringp); ++ ++ while (numfiles--) { ++ found_path = *foundfiles; ++ foundfiles++; ++ + /* process a file */ + node = calloc(1, sizeof(romfs_inode)); + /* get info for this file */ +-- +2.11.0 + diff --git a/ghostscript-mini.changes b/ghostscript-mini.changes index 4c30e39..7174d74 100644 --- a/ghostscript-mini.changes +++ b/ghostscript-mini.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Jan 12 17:13:58 UTC 2017 - stefan.bruens@rwth-aachen.de + +- Set SOURCE_DATE_EPOCH based on changelog head +- Add 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch + * Use SOURCE_DATE_EPOCH for mkromfs output for reproducible build +- Add 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch + * Sort ROM contents for deterministic output + ------------------------------------------------------------------- Mon Oct 17 13:36:57 CEST 2016 - jsmeix@suse.de diff --git a/ghostscript-mini.spec b/ghostscript-mini.spec index d16cc62..57279b3 100644 --- a/ghostscript-mini.spec +++ b/ghostscript-mini.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript-mini # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -96,6 +96,11 @@ Patch5: CVE-2016-8602.patch # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed # see http://bugs.ghostscript.com/show_bug.cgi?id=695544 Patch11: ppc64le-support.patch +# Patch12 adds a reproducible timestamp to the mkromfs output, using the +# SOURCE_DATE_EPOCH environment variable +Patch12: 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch +# Patch13 sorts the ROM contents by name for deterministic contents +Patch13: 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch # Source100...Source999 is for sources from SUSE which are not intended for upstream: # Patch100...Patch999 is for patches from SUSE which are not intended for upstream: # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h @@ -199,6 +204,11 @@ This package contains the development files for Minimal Ghostscript. # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed # see http://bugs.ghostscript.com/show_bug.cgi?id=695544 %patch11 -p1 -b ppc64le-support.orig +# Patch12 adds a reproducible timestamp to the mkromfs output, using the +# SOURCE_DATE_EPOCH environment variable +%patch12 -p1 -b mkromfs-buildtime.orig +# Patch13 sorts the ROM contents by name for deterministic contents +%patch13 -p1 -b mkromfs-sort-contents.orig # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: %patch100 -p1 -b remove-zlib-h-dependency.orig @@ -210,6 +220,8 @@ This package contains the development files for Minimal Ghostscript. rm -rf freetype jpeg libpng tiff zlib %build +# Derive build timestamp from latest changelog entry +export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) # Set our preferred architecture-specific flags for the compiler and linker: export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" diff --git a/ghostscript.changes b/ghostscript.changes index b5ce665..fcf4c92 100644 --- a/ghostscript.changes +++ b/ghostscript.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Jan 12 17:13:58 UTC 2017 - stefan.bruens@rwth-aachen.de + +- Set SOURCE_DATE_EPOCH based on changelog head +- Add 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch + * Use SOURCE_DATE_EPOCH for mkromfs output for reproducible build +- Add 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch + * Sort ROM contents for deterministic output + ------------------------------------------------------------------- Mon Oct 17 13:36:57 CEST 2016 - jsmeix@suse.de diff --git a/ghostscript.spec b/ghostscript.spec index f0fa8ba..d93c89a 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,7 +1,7 @@ # # spec file for package ghostscript # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -116,6 +116,11 @@ Patch5: CVE-2016-8602.patch # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed # see http://bugs.ghostscript.com/show_bug.cgi?id=695544 Patch11: ppc64le-support.patch +# Patch12 adds a reproducible timestamp to the mkromfs output, using the +# SOURCE_DATE_EPOCH environment variable +Patch12: 0001-mkromfs-make-build-reproducible-use-buildtime-from-S.patch +# Patch13 sorts the ROM contents by name for deterministic contents +Patch13: 0002-mkromfs-sort-gp_enumerate_files-output-for-determini.patch # Source100...Source999 is for sources from SUSE which are not intended for upstream: # Patch100...Patch999 is for patches from SUSE which are not intended for upstream: # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h @@ -335,6 +340,11 @@ This package contains the development files for Ghostscript. # but the hunk for LCMS2 (lcms2/include/lcms2.h) is still needed # see http://bugs.ghostscript.com/show_bug.cgi?id=695544 %patch11 -p1 -b ppc64le-support.orig +# Patch12 adds a reproducible timestamp to the mkromfs output, using the +# SOURCE_DATE_EPOCH environment variable +%patch12 -p1 -b mkromfs-buildtime.orig +# Patch13 sorts the ROM contents by name for deterministic contents +%patch13 -p1 -b mkromfs-sort-contents.orig # Patch100 remove-zlib-h-dependency.patch removes dependency on zlib/zlib.h # in makefiles as we do not use the zlib sources from the Ghostscript upstream tarball: %patch100 -p1 -b remove-zlib-h-dependency.orig @@ -346,6 +356,8 @@ This package contains the development files for Ghostscript. rm -rf freetype jpeg libpng tiff zlib %build +# Derive build timestamp from latest changelog entry +export SOURCE_DATE_EPOCH=$(date -d "$(head -n 2 %{_sourcedir}/%{name}.changes | tail -n 1 | cut -d- -f1 )" +%s) # Set our preferred architecture-specific flags for the compiler and linker: export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"