diff options
Diffstat (limited to 'libre/icedove-extension-enigmail/0001-genxpi-make-XPI-files-reproducible.patch')
-rw-r--r-- | libre/icedove-extension-enigmail/0001-genxpi-make-XPI-files-reproducible.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/libre/icedove-extension-enigmail/0001-genxpi-make-XPI-files-reproducible.patch b/libre/icedove-extension-enigmail/0001-genxpi-make-XPI-files-reproducible.patch new file mode 100644 index 000000000..a6eb62a7f --- /dev/null +++ b/libre/icedove-extension-enigmail/0001-genxpi-make-XPI-files-reproducible.patch @@ -0,0 +1,65 @@ +From a68b0efbd2002aeb6aa1240b8611cbb97b84d7a7 Mon Sep 17 00:00:00 2001 +From: Jonas Witschel <diabonas@gmx.de> +Date: Fri, 10 Jul 2020 19:02:43 +0200 +Subject: [PATCH] genxpi: make XPI files reproducible + +zip records the mtime of packed files, making it harder to reproduce the +generated file bit for bit. Use the SOURCE_DATE_EPOCH specification that is +already respected in other places of this project (package/Makefile) to set the +modification time to a known, reproducible value. + +To avoid embedding time zone information and Unix UIDs/GIDs as further sources +of unreproducibilty use "export TZ=UTC" and "zip -X", resp. Also make the mtime +of the generated XPI file reproducible using "zip -o" for good measure. +--- + util/genxpi | 23 +++++++++++++++++------ + 1 file changed, 17 insertions(+), 6 deletions(-) + +diff --git a/util/genxpi b/util/genxpi +index 9d7c39e5..36110e02 100755 +--- a/util/genxpi ++++ b/util/genxpi +@@ -60,9 +60,10 @@ find chrome/content/modules -name "*.js*" | LC_ALL=C sort > chrome/content/modul + + echo "Creating ${xpiFile} file" + +-zip -9 --must-match\ +- ../${xpiFile} \ +- chrome/content/preferences/defaultPrefs.js \ ++# Avoid embedding time zone information about the current system into the XPI ++export TZ=UTC ++ ++set chrome/content/preferences/defaultPrefs.js \ + chrome/content/modules/addrbook.jsm \ + chrome/content/modules/amPrefsService.jsm \ + chrome/content/modules/app.jsm \ +@@ -184,9 +185,15 @@ zip -9 --must-match\ + chrome/content/modules/all-modules.txt \ + chrome/content/am-enigprefs.xul + +-zip -9 \ +- ../${xpiFile} \ +- chrome/content/ui/*.* \ ++# Set modification timestamps to a fixed value for reproducibilty ++[ -n "$SOURCE_DATE_EPOCH" ] && touch --date "@$SOURCE_DATE_EPOCH" -- "$@" ++zip -9 -o -X --must-match ../${xpiFile} "$@" ++ ++if [ $? -ne 0 ]; then ++ exit 1 ++fi ++ ++set chrome/content/ui/*.* \ + chrome/skin/aero/*.* \ + chrome/skin/modern/*.* \ + chrome/skin/tb-mac/*.* \ +@@ -198,3 +205,7 @@ zip -9 \ + bootstrap.js \ + chrome.manifest \ + ${pkgFile} ++ ++# Set modification timestamps to a fixed value for reproducibilty ++[ -n "$SOURCE_DATE_EPOCH" ] && touch --date "@$SOURCE_DATE_EPOCH" -- "$@" ++zip -9 -o -X ../${xpiFile} "$@" +-- +2.27.0 + |