Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support SOURCE_DATE_EPOCH to make gem tar reproducible #2289

Merged
merged 1 commit into from May 14, 2018
Merged

support SOURCE_DATE_EPOCH to make gem tar reproducible #2289

merged 1 commit into from May 14, 2018

Conversation

anthraxx
Copy link
Contributor

Optionally respect the SOURCE_DATE_EPOCH environment variable to be used
instead of Time.now to allow reproducible builds of created gem tarballs.

In case none is specified, fall back to the current time.

Description:

The problem is that using Time.now will change during time which makes created gem tarballs not reproducible (bit by bit identical).

This is related to making the .gemspec file's itself reproducible: #2278

Spec:
https://reproducible-builds.org/specs/source-date-epoch/

Buy-in:
https://reproducible-builds.org/docs/buy-in/

Tasks:

  • Describe the problem / feature
  • Write tests
  • Write code to solve the problem
  • Get code review from coworkers / friends

I will abide by the code of conduct.

@anthraxx
Copy link
Contributor Author

anthraxx commented May 13, 2018
edited

Files compared using freshly created gem's and 10seconds sleep inbetween

gem build gemtest.gemspec
sleep 10
mv gemtest-1.0.0.gem gemtest-1.0.0.old.gem
gem build gemtest.gemspec

[builduser@buildbox gemtest]$ sha512sum /tmp/*.gem

fdf1e2390c5ac0ab3c3a8750e6fc7eef0795a758e1a092d310f97c470f09209731ea6d03dd9aed7892a5923cefb02cd2ae17ef77de66a761e00d66018bd0aba9  /tmp/gemtest-1.0.0.gem
fdf1e2390c5ac0ab3c3a8750e6fc7eef0795a758e1a092d310f97c470f09209731ea6d03dd9aed7892a5923cefb02cd2ae17ef77de66a761e00d66018bd0aba9  /tmp/gemtest-1.0.0.old.gem

CC @hsbt @segiddins @duckinator @lamby

@anthraxx
support SOURCE_DATE_EPOCH to make gem tar reproducible
c43084c 
Optionally respect the SOURCE_DATE_EPOCH environment variable to be used
instead of Time.now to allow reproducible builds of created gem tarballs.

In case none is specified, fall back to the current time.
@hsbt
Copy link
Member

hsbt commented May 14, 2018

@bundlerbot r+

@bundlerbot
Copy link
Collaborator

📌 Commit c43084c has been approved by hsbt

@bundlerbot
Copy link
Collaborator

Testing commit c43084c with merge 97e6075...

bundlerbot added a commit that referenced this pull request May 14, 2018
@bundlerbot
Auto merge of #2289 - anthraxx:fix/reproducible-build-gem-tarball, r=…
97e6075 
…hsbt

support SOURCE_DATE_EPOCH to make gem tar reproducible

Optionally respect the SOURCE_DATE_EPOCH environment variable to be used
instead of Time.now to allow reproducible builds of created gem tarballs.

In case none is specified, fall back to the current time.

# Description:

The problem is that using Time.now will change during time which makes created gem tarballs not reproducible (bit by bit identical).

This is related to making the .gemspec file's itself reproducible: #2278

Spec:
https://reproducible-builds.org/specs/source-date-epoch/

Buy-in:
https://reproducible-builds.org/docs/buy-in/
______________

# Tasks:

- [x] Describe the problem / feature
- [x] Write tests
- [x] Write code to solve the problem
- [x] Get code review from coworkers / friends

I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
@bundlerbot
Copy link
Collaborator

☀️ Test successful - status-travis
Approved by: hsbt
Pushing 97e6075 to master...

@bundlerbot bundlerbot merged commit c43084c into rubygems:master May 14, 2018
@anthraxx anthraxx mentioned this pull request May 14, 2018
Closed
5 tasks
@colby-swandale colby-swandale added this to the 2.8.0 milestone Sep 23, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@anthraxx @hsbt @bundlerbot @colby-swandale @bronzdoc