On Thursday 12 of March 2020 03:22:10 Michele Calgaro via trinity-devel wrote: > On 2020/03/12 01:50 AM, Slávek Banko wrote: > > Hi all, > > > > as you probably know, if tdelibs are compiled with elf editor support > > (WITH_ELFICON), the application icon, TDE information and git > > repository information are embedded into libraries and binaries during > > CMake build. > > > > This data, on the one hand, provides user convenience - better to see > > the application icon than the general binaries icon. On the other > > hand, they provide information to developers - for example, when > > reporting creashes. > > > > > > It is possible that you have also heard about the activity > > Reproducible builds, which seems to us as a very good idea. See: > > > > https://reproducible-builds.org/ > > https://wiki.debian.org/ReproducibleBuilds > > > > > > Currently, the metadata that are embedded has a Compilation Date/Time > > entry. This is set to the current date and time at the time of > > building the binary package. And this is a problem because it makes it > > impossible to achieve reproducible builds. > > > > My suggestion is that next to the ".tdescmmodule" and > > ".tdescmrevision" files we could have a ".tdescmdatetime" file > > containing the git commit date and/or a ".tdepackagedatetime" file > > containing the date the source package was created for distribution. > > For embedded metadata, this fixed time would be used instead of > > variable time. > > > > What is your opinion? > > > > Cheers > > Hi Slavek, > glad that you have brought up this issue, since it is something I have > experienced several times when checking the "drop automake" PR in the > last few months. > I also feel it is good to have reproducible builds. We already have the > ".tdescmmodule" and ".tdescmrevision" which contains the git commit hash > the package was build from. Nevertheless we are missing the > tde-packaging hash in those files. > Rather than having too many .tdescmXXXXX files, I propose we use a > single .tdegitinfo file which includes module name, repo git hash and > packaging repo hash. > I don't see any need for any date in the package once we have the git > hash info. > > Cheers > Michele > Thank Michele, it is a good idea that instead of many files we can consolidate git repository information into one file. I will prepare patches / pull-requests in this sense. Since the tde-packaging repository information and package information for each distribution are independent, a separate package information file will be required. At the same time, git hash for tde-packaging is not enough for us, because there is also interesting information about the distribution. In addition, here can be forced rebuild without any changes in the git repositories - as an example here is the 'libr' with dependency on binutils. Therefore, it is still useful for us information about date+time and/or the version of the package for a specific distribution. Cheers -- Slávek
Attachment:
signature.asc
Description: This is a digitally signed message part.
