From a68b0efbd2002aeb6aa1240b8611cbb97b84d7a7 Mon Sep 17 00:00:00 2001 From: Jonas Witschel Date: Fri, 10 Jul 2020 19:02:43 +0200 Subject: [PATCH] genxpi: make XPI files reproducible zip records the mtime of packed files, making it harder to reproduce the generated file bit for bit. Use the SOURCE_DATE_EPOCH specification that is already respected in other places of this project (package/Makefile) to set the modification time to a known, reproducible value. To avoid embedding time zone information and Unix UIDs/GIDs as further sources of unreproducibilty use "export TZ=UTC" and "zip -X", resp. Also make the mtime of the generated XPI file reproducible using "zip -o" for good measure. --- util/genxpi | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/util/genxpi b/util/genxpi index 9d7c39e5..36110e02 100755 --- a/util/genxpi +++ b/util/genxpi @@ -60,9 +60,10 @@ find chrome/content/modules -name "*.js*" | LC_ALL=C sort > chrome/content/modul echo "Creating ${xpiFile} file" -zip -9 --must-match\ - ../${xpiFile} \ - chrome/content/preferences/defaultPrefs.js \ +# Avoid embedding time zone information about the current system into the XPI +export TZ=UTC + +set chrome/content/preferences/defaultPrefs.js \ chrome/content/modules/addrbook.jsm \ chrome/content/modules/amPrefsService.jsm \ chrome/content/modules/app.jsm \ @@ -184,9 +185,15 @@ zip -9 --must-match\ chrome/content/modules/all-modules.txt \ chrome/content/am-enigprefs.xul -zip -9 \ - ../${xpiFile} \ - chrome/content/ui/*.* \ +# Set modification timestamps to a fixed value for reproducibilty +[ -n "$SOURCE_DATE_EPOCH" ] && touch --date "@$SOURCE_DATE_EPOCH" -- "$@" +zip -9 -o -X --must-match ../${xpiFile} "$@" + +if [ $? -ne 0 ]; then + exit 1 +fi + +set chrome/content/ui/*.* \ chrome/skin/aero/*.* \ chrome/skin/modern/*.* \ chrome/skin/tb-mac/*.* \ @@ -198,3 +205,7 @@ zip -9 \ bootstrap.js \ chrome.manifest \ ${pkgFile} + +# Set modification timestamps to a fixed value for reproducibilty +[ -n "$SOURCE_DATE_EPOCH" ] && touch --date "@$SOURCE_DATE_EPOCH" -- "$@" +zip -9 -o -X ../${xpiFile} "$@" -- 2.27.0