[OTR-dev] Reproducible builds of pidgin-otr for Windows

Ian Goldberg ian at cypherpunks.ca
Sun Mar 20 17:20:08 EDT 2016


On Sun, Mar 20, 2016 at 04:51:59PM -0400, Ian Goldberg wrote:
> OK, here we go.  "unzip -Zv" for the win.  Here's the diff of the output
> of that for my and your zip files.  So there is indeed file permission
> and uid/gid information in a zip file; the former is easy to fix with
> chmod, and the latter with fakeroot.  There's also a timestamp
> difference in the "DOS time" due to timezones.  Hopefully that can be
> fixed by simply setting TZ=UTC (the wiki page you pointed to says it
> should).
> 
> OK, I'll try to make this zip file deteministic.  We'll see whether that
> happens today or not, though.

Ah, I went ahead and made the changes.  It's actually better than I
thought.  We don't need to run zip under faketime if we use the -o
option (which sets the timestamp for the archive itself to equal the
oldest timestamp of a file in the archive).  We also add the -X option,
which removes Unix uid/gids and extended timestamps from the zip file
entirely.  We also use chmod -R u=rwX,go=rX to canonicalize the
permissions on the files.

I've updated the source tarball in place:

https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.tar.gz

Unpack it, and just run INSTALL.mingw against a clean Ubuntu 14.04.  (It
now installs all the packages you suggested.)

I'm building it now myself.  Let's compare hashes in a few minutes.  ;-)

Thanks,

   - Ian


More information about the OTR-dev mailing list