Skip to content

Commit 60cff80

Browse files
keliramukeliramu
authored
fix: Ensure reproducable Deb package (#747)
Each time building exaclty from the same source, ensure exaclty the same size deb package is generated. Signed-off-by: keliramu <ramunas.keliuotis@nordsec.com>
1 parent 43a4419 commit 60cff80

File tree

1 file changed

+19
-10
lines changed

1 file changed

+19
-10
lines changed

deb/deb.go

+19-10
Original file line numberDiff line numberDiff line change
@@ -391,14 +391,14 @@ func createFilesInsideDataTar(info *nfpm.Info, tw *tar.Writer) (md5buf bytes.Buf
391391
Format: tar.FormatGNU,
392392
Uname: file.FileInfo.Owner,
393393
Gname: file.FileInfo.Group,
394-
ModTime: file.FileInfo.MTime,
394+
ModTime: time.Unix(0, 0),
395395
})
396396
case files.TypeSymlink:
397397
err = newItemInsideTar(tw, []byte{}, &tar.Header{
398398
Name: files.AsExplicitRelativePath(file.Destination),
399399
Linkname: file.Source,
400400
Typeflag: tar.TypeSymlink,
401-
ModTime: file.FileInfo.MTime,
401+
ModTime: time.Unix(0, 0),
402402
Format: tar.FormatGNU,
403403
})
404404
case files.TypeDebChangelog:
@@ -554,18 +554,27 @@ func createControl(instSize int64, md5sums []byte, info *nfpm.Info) (controlTarG
554554
return nil, err
555555
}
556556

557-
filesToCreate := map[string][]byte{
558-
"./control": body.Bytes(),
559-
"./md5sums": md5sums,
560-
"./conffiles": conffiles(info),
557+
// ensure predefined sort order of these items
558+
filesToCreateNames := []string{
559+
"./control",
560+
"./md5sums",
561+
"./conffiles",
562+
}
563+
564+
filesToCreateContent := [][]byte{
565+
body.Bytes(),
566+
md5sums,
567+
conffiles(info),
561568
}
562569

563570
triggers := createTriggers(info)
564571
if len(triggers) > 0 {
565-
filesToCreate["./triggers"] = triggers
572+
filesToCreateNames = append(filesToCreateNames, "./triggers")
573+
filesToCreateContent = append(filesToCreateContent, triggers)
566574
}
567575

568-
for name, content := range filesToCreate {
576+
for idx, name := range filesToCreateNames {
577+
content := filesToCreateContent[idx]
569578
if err := newFileInsideTar(out, name, content); err != nil {
570579
return nil, err
571580
}
@@ -638,7 +647,7 @@ func newFileInsideTar(out *tar.Writer, name string, content []byte) error {
638647
Name: files.AsExplicitRelativePath(name),
639648
Size: int64(len(content)),
640649
Mode: 0o644,
641-
ModTime: time.Now(),
650+
ModTime: time.Unix(0, 0),
642651
Typeflag: tar.TypeReg,
643652
Format: tar.FormatGNU,
644653
})
@@ -657,7 +666,7 @@ func newFilePathInsideTar(out *tar.Writer, path, dest string, mode int64) error
657666
Name: files.AsExplicitRelativePath(dest),
658667
Size: int64(len(content)),
659668
Mode: mode,
660-
ModTime: time.Now(),
669+
ModTime: time.Unix(0, 0),
661670
Typeflag: tar.TypeReg,
662671
Format: tar.FormatGNU,
663672
})

0 commit comments

Comments
 (0)