Merge pull request #15819 from MikeMcQuaid/bottle_reproducibility_fixes

bottle: reproducibility fixes.
2025-07-14 16:09:03 +08:00 · 2023-08-04 10:26:55 +01:00 · 2023-08-04 10:26:55 +01:00 · 4877de52d3
commit 4877de52d3
parent 5c718b5dfd 71888db8ba
5 changed files with 25 additions and 22 deletions
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -428,4 +428,6 @@ jobs:

      - run: brew test-bot --only-setup

+      - run: brew install gnu-tar
+
      - run: brew test-bot --only-formulae --only-json-tab --test-default-formula
--- a/Library/Homebrew/dev-cmd/bottle.rb
+++ b/Library/Homebrew/dev-cmd/bottle.rb
@ -234,14 +234,26 @@ module Homebrew
    [].freeze
  end

+  sig { params(gnu_tar_formula: Formula).returns(String) }
+  def self.gnu_tar(gnu_tar_formula)
+    "#{gnu_tar_formula.opt_bin}/tar"
+  end
+
  sig { params(mtime: String).returns(T::Array[String]) }
  def self.reproducible_gnutar_args(mtime)
    # Ensure gnu tar is set up for reproducibility.
    # https://reproducible-builds.org/docs/archives/
    [
-      "--format", "pax", "--owner", "0", "--group", "0", "--sort", "name", "--mtime=#{mtime}",
+      # File modification times
+      "--mtime=#{mtime}",
+      # File ordering
+      "--sort=name",
+      # Users, groups and numeric ids
+      "--owner=0", "--group=0", "--numeric-owner",
+      # PAX headers
+      "--format=pax",
      # Set exthdr names to exclude PID (for GNU tar <1.33). Also don't store atime and ctime.
-      "--pax-option", "globexthdr.name=/GlobalHead.%n,exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime"
+      "--pax-option=globexthdr.name=/GlobalHead.%n,exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime"
    ].freeze
  end

@ -253,14 +265,14 @@ module Homebrew

    # Use gnu-tar as it can be set up for reproducibility better than libarchive.
    begin
-      gnu_tar = Formula["gnu-tar"]
+      gnu_tar_formula = Formula["gnu-tar"]
    rescue FormulaUnavailableError
      return default_tar_args
    end

-    ensure_formula_installed!(gnu_tar, reason: "bottling")
+    ensure_formula_installed!(gnu_tar_formula, reason: "bottling")

-    ["#{gnu_tar.opt_bin}/gtar", reproducible_gnutar_args(mtime)].freeze
+    [gnu_tar(gnu_tar_formula), reproducible_gnutar_args(mtime)].freeze
  end

  def self.formula_ignores(formula)
--- a/Library/Homebrew/extend/os/dev-cmd/bottle.rb
+++ b/Library/Homebrew/extend/os/dev-cmd/bottle.rb
@ -1,8 +1,4 @@
 # typed: strict
 # frozen_string_literal: true

-if OS.mac?
-  require "extend/os/mac/dev-cmd/bottle"
-elsif OS.linux?
-  require "extend/os/linux/dev-cmd/bottle"
-end
+require "extend/os/mac/dev-cmd/bottle" if OS.mac?
--- a/Library/Homebrew/extend/os/linux/dev-cmd/bottle.rb
+++ b/Library/Homebrew/extend/os/linux/dev-cmd/bottle.rb
@ -1,12 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-
-module Homebrew
-  sig { params(args: T.untyped, mtime: String).returns([String, T::Array[String]]) }
-  def self.setup_tar_and_args!(args, mtime)
-    # Without --only-json-tab bottles are never reproducible
-    return ["tar", tar_args].freeze unless args.only_json_tab?
-
-    ["tar", reproducible_gnutar_args(mtime)].freeze
-  end
-end
--- a/Library/Homebrew/extend/os/mac/dev-cmd/bottle.rb
+++ b/Library/Homebrew/extend/os/mac/dev-cmd/bottle.rb
@ -10,4 +10,9 @@ module Homebrew
      [].freeze
    end
  end
+
+  sig { params(gnu_tar_formula: Formula).returns(String) }
+  def self.gnu_tar(gnu_tar_formula)
+    "#{gnu_tar_formula.opt_bin}/gtar"
+  end
 end