1. 04 Sep, 2021 20 commits
  2. 08 Aug, 2021 1 commit
    • Allan McRae's avatar
      libmakepkg: reproducibilty for python packages · 1c5a5688
      Allan McRae authored
      
      
      Arch Linux has been setting PYTHONHASHSEED=0 to create deterministic
      .pyc files.  After a thorough review by the Arch Security Team, setting
      this variable was determined not to generated vulnerable .pyc files, as
      when the loader loads the .pyc file and unmarshalls it, the internal
      runtime will just populate the unordered data structures and use a new
      runtime hash for them.
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      1c5a5688
  3. 04 Aug, 2021 4 commits
  4. 01 Jul, 2021 1 commit
    • Jonas Witschel's avatar
      doc: use localdate instead of pacman_date to improve reproducibility · b4383b8d
      Jonas Witschel authored
      
      
      pacman_date is set to the current date during build without respecting
      SOURCE_DATE_EPOCH. As a result, a build cannot be fully reproduced on a later
      date because the date embedded into the man pages does not match.
      
      In contrast, the built-in asciidoc attribute "localdate" respects
      SOURCE_DATE_EPOCH and has the desired ISO 8601 format, so simply use that
      instead of the custom "pacman_date" attribute.
      
      Fixes: FS#71154
      
      Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      b4383b8d
  5. 24 Jun, 2021 2 commits
  6. 07 Jun, 2021 3 commits
  7. 02 Jun, 2021 1 commit
  8. 20 May, 2021 6 commits
  9. 19 May, 2021 1 commit
    • Eli Schwartz's avatar
      makepkg: squelch readelf warnings from debug stripping · e176b8ec
      Eli Schwartz authored
      
      
      readelf --debug-dump sometimes reports inscrutable warnings which don't
      actually affect our extraction of source filenames. For example:
      
      readelf: Warning: There is a hole [0xd3d - 0xd89] in .debug_loc section.
      
      Now gcc 11 seems to have dramatically increased the number of warnings:
      
      readelf: Warning: Corrupt offset (0x0000008e) in range entry 9
      [...]
      readelf: Warning: Corrupt offset (0x000010f0) in range entry 250
      
      The resulting debuginfo created by the very same toolchain works fine,
      as does the list of source filenames. But the warnings are quite
      noisy... send them to /dev/null since they are not actionable in the
      context of getting source files
      Signed-off-by: Eli Schwartz's avatarEli Schwartz <eschwartz@archlinux.org>
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      e176b8ec
  10. 18 May, 2021 1 commit