Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#80271 - [fwupd] Remove timestamp to make package reproducible
Attached to Project:
Arch Linux
Opened by Iyan (iyanmv) - Thursday, 16 November 2023, 19:12 GMT
Last edited by freswa (frederik) - Thursday, 16 November 2023, 21:52 GMT
Opened by Iyan (iyanmv) - Thursday, 16 November 2023, 19:12 GMT
Last edited by freswa (frederik) - Thursday, 16 November 2023, 21:52 GMT
|
DetailsDescription:
I keep following the r-b rabbit hole. It turns out fwupd is not reproducible solely because of a gzip generated using a Python script. Relevant part of the diffoscope log [1]: │ ├── usr/share/fwupd/quirks.d/builtin.quirk.gz │ │ ├── filetype from file(1) │ │ │ @@ -1 +1 @@ │ │ │ -gzip compressed data, was "builtin.quirk", last modified: Tue Nov 14 17:02:03 2023, max compression │ │ │ +gzip compressed data, was "builtin.quirk", last modified: Tue Nov 14 17:10:24 2023, max compression I have proposed a patch upstream [2] (more details there), and here I propose a PKGBUILD diff to quickly test that the new package is reproducible. [1]: https://reproducible.archlinux.org/api/v0/builds/534033/diffoscope [2]: https://github.com/fwupd/fwupd/pull/6388 
PKGBUILD.diff
(1.8 KiB)
|
This task depends upon
Closed by freswa (frederik)
Thursday, 16 November 2023, 21:52 GMT
Reason for closing: Deferred
Additional comments about closing: Will be included in the next release.
Thursday, 16 November 2023, 21:52 GMT
Reason for closing: Deferred
Additional comments about closing: Will be included in the next release.
I can confirm this makes the package reproducible, but we'll wait for the next release instead of forcing an update for all users just for this patch.