Accepting request 1146851 from Base:System

Changed this how you suggested. - Add patches to enable reproducible builds by default (bsc#1148824). For upstream versions see: https://github.com/rpm-software-management/rpm/pull/2880 0001-Add-option-to-set-mtime-of-files-in-rpms.patch 0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch 0003-Error-out-on-a-missing-changelog-date.patch (forwarded request 1146788 from jzerebecki) OBS-URL: https://build.opensuse.org/request/show/1146851 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rpm?expand=0&rev=314
2024-02-22 19:56:11 +00:00 · 2024-02-22 19:56:11 +00:00 · 0090bcb498
commit 0090bcb498
parent e4be0e8c6a 738d805716
5 changed files with 195 additions and 0 deletions
--- a/0001-Add-option-to-set-mtime-of-files-in-rpms.patch
+++ b/0001-Add-option-to-set-mtime-of-files-in-rpms.patch
@ -0,0 +1,122 @@
+From fc04a1bde1941d2c61a9e33e55c5c492327674ba Mon Sep 17 00:00:00 2001
+From: Jan Zerebecki <jan.suse@zerebecki.de>
+Date: Thu, 15 Feb 2024 09:57:35 +0100
+Subject: [PATCH 1/3] Add option to set mtime of files in rpms
+
+to SOURCE_DATE_EPOCH.
+
+For backwards compatibility the option clamp / limit the maximum mtime
+is retained.
+
+Setting it ouright avoids problems with an incorrectly older clock. It
+also avoids problems with build scrips that incorrectly change file
+mtimes when SOURCE_DATE_EPOCH_MTIME is in use.
+
+mtimes are required to increase with new versions and releases
+of an rpm with the same name, as rsync without --checksum and similar
+tools would get confused if the content changes without newer mtime.
+
+If SOURCE_DATE_EPOCH_MTIME is set use it instead for file modification time
+stamps. It is supposed to be newer. This can be used if we might want to
+compare if the file content remains the same when a build dependency
+changes while a build script embeds SOURCE_DATE_EPOCH in the file
+content.
+
+This can be used to support automatic rebuilds. Normally automatic
+rebuilds work, but together with reproducible builds an undesirable
+situation may occur. If a build e.g. embeds SOURCE_DATE_EPOCH in the
+output, then the output changes every time such a rebuild happens, which
+can be very often. This is to be avoided as updating packages without
+necessity is too expensive.
+---
+ build/files.c               | 33 ++++++++++++++++++++++++++++-----
+ docs/manual/buildprocess.md |  5 +++--
+ 2 files changed, 31 insertions(+), 7 deletions(-)
+
+diff --git a/build/files.c b/build/files.c
+index c403c806e..cec7999ca 100644
+--- a/build/files.c
+++ b/build/files.c
+@@ -1033,14 +1033,34 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+     rpm_loff_t totalFileSize = 0;
+     Header h = pkg->header; /* just a shortcut */
+     int override_date = 0;
+    int set_mtime = 0;
+     time_t source_date_epoch = 0;
+     char *srcdate = getenv("SOURCE_DATE_EPOCH");
+    char *msrcdate = getenv("SOURCE_DATE_EPOCH_MTIME");
+ 
+-    /* Limit the maximum date to SOURCE_DATE_EPOCH if defined
+-     * similar to the tar --clamp-mtime option
+    /* If SOURCE_DATE_EPOCH_MTIME is set use it for file modification time
+     * stamps, it is supposed to be newer. This can be used if we might want to
+     * compare if the file content remains the same when a build dependency
+     * changes while a build script embeds SOURCE_DATE_EPOCH in the file
+     * content. mtimes are required to increase with new versions and releases
+     * of an rpm with the same name, as rsync without --checksum and similar
+     * tools would get confused if the content changes without newer mtime. */
+    if (msrcdate != NULL) {
+	srcdate = msrcdate;
+    }
+
+    /* Set the file mtime to SOURCE_DATE_EPOCH it if requested to make the
+     * resulting rpm reproducible.
+      * https://reproducible-builds.org/specs/source-date-epoch/
+     *
+     * For backwards compatibility clamp / limit the maximum mtime if requested
+     * similar the tar --clamp-mtime option. Setting it ouright avoids problems
+     * with an incorrectly older clock. It also avoids problems with build
+     * scrips that incorrectly change file mtimes when SOURCE_DATE_EPOCH_MTIME
+     * is in use.
+      */
+-    if (srcdate && rpmExpandNumeric("%{?clamp_mtime_to_source_date_epoch}")) {
+    if (srcdate && (rpmExpandNumeric("%{?clamp_mtime_to_source_date_epoch}")
+	|| rpmExpandNumeric("%{?set_mtime_to_source_date_epoch}"))) {
+ 	char *endptr;
+ 	errno = 0;
+ 	source_date_epoch = strtol(srcdate, &endptr, 10);
+@@ -1049,6 +1069,9 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+ 	    fl->processingFailed = 1;
+ 	}
+ 	override_date = 1;
+	if (rpmExpandNumeric("%{?set_mtime_to_source_date_epoch}")) {
+	    set_mtime = 1;
+	}
+     }
+ 
+     /*
+@@ -1191,8 +1214,8 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+ 		totalFileSize += flp->fl_size;
+ 	    }
+ 	}
+-	
+-	if (override_date && flp->fl_mtime > source_date_epoch) {
+
+	if (override_date && (flp->fl_mtime > source_date_epoch || set_mtime)) {
+ 	    flp->fl_mtime = source_date_epoch;
+ 	}
+ 	/*
+diff --git a/docs/manual/buildprocess.md b/docs/manual/buildprocess.md
+index 1ceb47a7e..64cd35626 100644
+--- a/docs/manual/buildprocess.md
+++ b/docs/manual/buildprocess.md
+@@ -94,13 +94,14 @@ Macro name                                      | Description
+ `%_build_pkgcheck`                              | Progam to run on each generated binary package
+ `%_build_pkcheck_set`                           | Program to run on the generated binary package set
+ 
+-### Reproducability
+### Reproducibility
+ 
+ Macro name                            | Description
+ --------------------------------------|-----------
+ `%source_date_epoch_from_changelog`   | Set `SOURCE_DATE_EPOCH` from latest `%changelog` entry
+ `%use_source_date_epoch_as_buildtime` | Set package BuildTime to `SOURCE_DATE_EPOCH`
+-`%clamp_mtime_to_source_date_epoch`   | Ensure file timestamps are not newer than `SOURCE_DATE_EPOCH`
+`%set_mtime_to_source_date_epoch`     | Set file modification timestamps to `SOURCE_DATE_EPOCH_MTIME` or as fallback to `SOURCE_DATE_EPOCH`
+`%clamp_mtime_to_source_date_epoch`   | You should use the above instead, it is for backwards compatibility only. Ensure file timestamps are not newer than `SOURCE_DATE_EPOCH`
+ 
+ ### Vendor defaults
+ 
+-- 
+2.30.2
+
--- a/0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch
+++ b/0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch
@ -0,0 +1,29 @@
+From e0a8b84f68993fccbe70c4fb1cd8402fa7371147 Mon Sep 17 00:00:00 2001
+From: Jan Zerebecki <jan.suse@zerebecki.de>
+Date: Thu, 15 Feb 2024 07:58:44 +0100
+Subject: [PATCH 2/3] log build time if it is set from SOURCE_DATE_EPOCH
+
+---
+ build/build.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/build/build.c b/build/build.c
+index f2cf98c8b..2693d80b3 100644
+--- a/build/build.c
+++ b/build/build.c
+@@ -35,8 +35,11 @@ static rpm_time_t getBuildTime(void)
+         epoch = strtol(srcdate, &endptr, 10);
+         if (srcdate == endptr || *endptr || errno != 0)
+             rpmlog(RPMLOG_ERR, _("unable to parse SOURCE_DATE_EPOCH\n"));
+-        else
+        else {
+             buildTime = (uint32_t) epoch;
+	    rpmlog(RPMLOG_NOTICE, _("using %s with value %ld as build time\n"),
+		"SOURCE_DATE_EPOCH", buildTime);
+	}
+     } else
+         buildTime = (uint32_t) time(NULL);
+ 
+-- 
+2.30.2
+
--- a/0003-Error-out-on-a-missing-changelog-date.patch
+++ b/0003-Error-out-on-a-missing-changelog-date.patch
@ -0,0 +1,30 @@
+From 973f94bafea8e641ed747d3c420ea1bc2e1cb37f Mon Sep 17 00:00:00 2001
+From: Jan Zerebecki <jan.suse@zerebecki.de>
+Date: Thu, 15 Feb 2024 08:03:05 +0100
+Subject: [PATCH 3/3] Error out on a missing changelog date
+
+if it is needed as the source for SOURCE_DATE_EPOCH, instead of only
+logging a warning.
+---
+ build/build.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/build/build.c b/build/build.c
+index 2693d80b3..ce7bc8b88 100644
+--- a/build/build.c
+++ b/build/build.c
+@@ -344,8 +344,10 @@ static rpmRC buildSpec(rpmts ts, BTA_t buildArgs, rpmSpec spec, int what)
+ 	    setenv("SOURCE_DATE_EPOCH", sdestr, 0);
+ 	    rpmtdFreeData(&td);
+ 	} else {
+-	    rpmlog(RPMLOG_WARNING, _("source_date_epoch_from_changelog set but "
+	    rpmlog(RPMLOG_ERR, _("source_date_epoch_from_changelog set but "
+ 	        "%%changelog is missing\n"));
+	    rc = RPMRC_FAIL;
+	    goto exit;
+ 	}
+     }
+ 
+-- 
+2.30.2
+
--- a/rpm.changes
+++ b/rpm.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Feb 15 10:14:07 UTC 2024 - Jan Zerebecki <jan.suse@zerebecki.de>
+
+- Add patches to enable reproducible builds by default (bsc#1148824). For
+  upstream versions see:
+  https://github.com/rpm-software-management/rpm/pull/2880
+  0001-Add-option-to-set-mtime-of-files-in-rpms.patch
+  0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch
+  0003-Error-out-on-a-missing-changelog-date.patch
+
 -------------------------------------------------------------------
 Fri Feb  9 11:34:31 CET 2024 - mls@suse.de

--- a/rpm.spec
+++ b/rpm.spec
@ -113,6 +113,9 @@ Patch135:       selinux_transactional_update.patch
 Patch136:       rpmsort_reverse.diff
 Patch138:       canongnu.diff
 Patch139:       cmake_python_version.diff
+Patch140:       0001-Add-option-to-set-mtime-of-files-in-rpms.patch
+Patch141:       0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch
+Patch142:       0003-Error-out-on-a-missing-changelog-date.patch
 Patch6464:      auto-config-update-aarch64-ppc64le.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #
@ -227,6 +230,7 @@ rm -rf sqlite
 %patch -P 122 -P 123
 %patch -P 131          -P 133 -P 134 -P 135 -P 136        -P 138
 %patch -P 139
+%patch -P 140 -P 141 -P 142 -p1

 %ifarch aarch64 ppc64le riscv64
 %patch6464