[OTR-dev] Reproducible builds of pidgin-otr for Windows
Ian Goldberg
ian at cypherpunks.ca
Sun Mar 20 17:20:08 EDT 2016
On Sun, Mar 20, 2016 at 04:51:59PM -0400, Ian Goldberg wrote:
> OK, here we go. "unzip -Zv" for the win. Here's the diff of the output
> of that for my and your zip files. So there is indeed file permission
> and uid/gid information in a zip file; the former is easy to fix with
> chmod, and the latter with fakeroot. There's also a timestamp
> difference in the "DOS time" due to timezones. Hopefully that can be
> fixed by simply setting TZ=UTC (the wiki page you pointed to says it
> should).
>
> OK, I'll try to make this zip file deteministic. We'll see whether that
> happens today or not, though.
Ah, I went ahead and made the changes. It's actually better than I
thought. We don't need to run zip under faketime if we use the -o
option (which sets the timestamp for the archive itself to equal the
oldest timestamp of a file in the archive). We also add the -X option,
which removes Unix uid/gids and extended timestamps from the zip file
entirely. We also use chmod -R u=rwX,go=rX to canonicalize the
permissions on the files.
I've updated the source tarball in place:
https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.tar.gz
Unpack it, and just run INSTALL.mingw against a clean Ubuntu 14.04. (It
now installs all the packages you suggested.)
I'm building it now myself. Let's compare hashes in a few minutes. ;-)
Thanks,
- Ian
More information about the OTR-dev
mailing list