Re: Reproducible builds and RPM packages

Home Messages Hashtags Subgroups

Anders Montonen #51282 On 4 Nov 2020, at 23:23, Randy MacLeod <randy.macleod@...> wrote: On 2020-11-03 6:16 a.m., Anders Montonen wrote: Hi, When going from Zeus to Dunfell, I noticed that all files on the rootfs had timestamps long in the past, which I assume is from reproducible builds now being on by default. While that is a good thing, running “rpm -V” on any installed package now reports that the mtime differs. Is this the intentional behavior? Hi Anders, I haven't played with that for a while but I'm pretty sure the answer is yes, it's intentional. You can read about reproducible builds here: https://wiki.yoctoproject.org/wiki/Reproducible_Builds and compare to the source if needed: https://git.openembedded.org/openembedded-core/tree/meta/classes/reproducible_build.bbclass?id=189630ca6cdf7ceb6cf9b8f9d86c58997f505efc&h=dunfell Just to be clear, I’m referring to the RPM metadata. If you build a package, and then run "rpm -q --qf '[%{FILENAMES} %{FILEMTIMES}\n]' -p package” on the output, the listed timestamps will not match either SOURCE_DATE_EPOCH, or REPRODUCIBLE_TIMESTAMP_ROOTFS. When you build an image, the timestamps in the filesystem will not be consistent with the timestamps in the RPM database, leading to errors if you try to verify an installed package. I would consider this a bug or an oversight. Regards, Anders Montonen
More All Messages By This Member

Join yocto@lists.yoctoproject.org to automatically receive all group messages.