-
-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nfpm
does not ensure reproducible builds
#744
Comments
seems to be related to the gzip compression... |
yup, its the gz compression, changing to xz fixes it: # ...
contents:
- src: ./foo111.sh
dst: /usr/bin/foo111.sh
deb:
compression: xz # <---- add this
overrides:
rpm:
scripts:
# ... and I don't know if there's much we can do about it. FWIW, I can kinda repro it with for i in $(seq 1 10); do
echo 'hello world'>test$i.txt
gzip test$i.txt
md5sum test$i.txt.gz
done I don't know enough of how gzip works though, maybe I'm still missing something |
But this is consistent:
|
In this PR #747 I have solution how to make target
Please review it. Probably need some kind the control of |
BTW, proposed option:
Does not solve the problem, as it is only for |
ahh, good find, I totally missed that |
defaults to $SOURCE_DATE_EPOCH closes #744 closes #734 Signed-off-by: Carlos Alexandro Becker <[email protected]>
check #748 |
* feat: allow to set a build date defaults to $SOURCE_DATE_EPOCH closes #744 closes #734 Signed-off-by: Carlos Alexandro Becker <[email protected]> * fix: rename to mtime * docs: fix systemd note closes #739 * fix: improve arch packager * fix: arch test Signed-off-by: Carlos Alexandro Becker <[email protected]> * fix: improve apk packager * fix: improve deb special files * fix: reuse keys func * fix: deps Signed-off-by: Carlos Alexandro Becker <[email protected]> --------- Signed-off-by: Carlos Alexandro Becker <[email protected]>
What happened?
Implemented sample
nfpm
template to createdeb
package (as a bash script to create deb package).Executed above mentioned script in a loop of 9 iterations: create package, check size, remove package.
Getting stable results: at least 2 times out of 9
deb
size differs from previous iteration.How can we reproduce this?
Here is the public
github
repo with scripts to reproduce this problem: https://github.com/keliramu/nfpm-consistent-results-notnfpm version
Search
Code of Conduct
Additional context
No response
The text was updated successfully, but these errors were encountered: