the following patch was just integrated into master:
commit 871da8e580de48de41082cc80895cd84e77221ca
Author: Alexander Couzens <lynxis(a)fe80.eu>
Date: Fri Sep 9 00:05:54 2016 +0200
util/release: make release archives reproducible
tar doesn't sort by default and takes the order of the OS which is in
most cases the order of creation. Sort by name and set influencing
environment TZ and language to be reproducible.
Change-Id: I3d043952417000d12e81353677f1ea4aa2da4fc1
Signed-off-by: Alexander Couzens <lynxis(a)fe80.eu>
Reviewed-on: https://review.coreboot.org/16556
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki(a)googlemail.com>
See https://review.coreboot.org/16556 for details.
-gerrit
Alexander Couzens (lynxis(a)fe80.eu) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/16556
-gerrit
commit 104c2079eb0c336a654f7203ac7d018a97427f87
Author: Alexander Couzens <lynxis(a)fe80.eu>
Date: Fri Sep 9 00:05:54 2016 +0200
util/release: make release archives reproducible
tar doesn't sort by default and takes the order of the OS which is in
most cases the order of creation. Sort by name and set influencing
environment TZ and language to be reproducible.
Change-Id: I3d043952417000d12e81353677f1ea4aa2da4fc1
Signed-off-by: Alexander Couzens <lynxis(a)fe80.eu>
---
util/release/build-release | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/util/release/build-release b/util/release/build-release
index d13e038..11e7177 100755
--- a/util/release/build-release
+++ b/util/release/build-release
@@ -9,6 +9,13 @@ USERNAME=${3}
GPG_KEY_ID=${4}
set -e
+
+# set local + tz to be reproducible
+LC_ALL=C
+LANG=C
+TZ=UTC
+export LC_ALL LANG TZ
+
if [ -z "${VERSION_NAME}" ] || [ "${VERSION_NAME}" = "--help" ]; then
echo "usage: $0 <version> [commit id] [gpg key id] [username]"
echo "tags a new coreboot version and creates a tar archive"
@@ -32,8 +39,8 @@ fi
printf "${VERSION_NAME}-$(git log --pretty=%H|head -1)\n" > .coreboot-version
tstamp=$(git log --pretty=format:%ci -1)
cd ..
-tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz
-tar --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz
+tar --sort=name --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs --exclude=coreboot-${VERSION_NAME}/3rdparty/blobs -cvf - coreboot-${VERSION_NAME} |xz -9 > coreboot-${VERSION_NAME}.tar.xz
+tar --sort=name --mtime="$tstamp" --owner=coreboot:1000 --group=coreboot:1000 --exclude-vcs -cvf - coreboot-${VERSION_NAME}/3rdparty/blobs |xz -9 > coreboot-blobs-${VERSION_NAME}.tar.xz
if [ -n "${GPG_KEY_ID}" ]; then
gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-${VERSION_NAME}.tar.xz
gpg2 --armor --local-user ${GPG_KEY_ID} --output coreboot-blobs-${VERSION_NAME}.tar.xz.sig --detach-sig coreboot-blobs-${VERSION_NAME}.tar.xz