From 8d146a12a7b3772d0f38f036a2c0e362b33c8866 Mon Sep 17 00:00:00 2001
From: Michele Calgaro <michele.calgaro@yahoo.it>
Date: Wed, 22 Apr 2020 23:30:09 +0900
Subject: DEB build scripts: added support for reproducible builds.

Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
---
 debian/_buildscripts/local/build_module.sh        | 36 +++++++++++++----------
 debian/_buildscripts/local/internals/_pbuilder.sh |  6 ++--
 2 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/debian/_buildscripts/local/build_module.sh b/debian/_buildscripts/local/build_module.sh
index f52d76e99..b3a403681 100755
--- a/debian/_buildscripts/local/build_module.sh
+++ b/debian/_buildscripts/local/build_module.sh
@@ -163,7 +163,7 @@ export bool_INTERNAL_PBUILDER
 
 # Local option variables
 # - sign packages
-OPT_SIGN_PKG_LOCAL="-uc -us"
+OPT_SIGN_PKG_LOCAL="--no-sign"
 # - show logs
 OPT_SHOW_LOGS="&>"
 if [ "$bool_SHOW_BUILD_LOGS" = "y" ]; then
@@ -271,16 +271,14 @@ if [ "$bool_COPY_MOD_SRC" = "y" ]; then
   if [ "$bool_EXTRADEP_MOD" != "y" ]; then
     # Normal module
     cp -R "$MOD_GIT_PATH" "$MOD_BUILD_PATH/.."
-    # Add SCM information for crash test report
-    [ -f "$MOD_BUILD_PATH/.tdescmmodule" ]   && rm "$MOD_BUILD_PATH/.tdescmmodule"
-    [ -f "$MOD_BUILD_PATH/.tdescmrevision" ] && rm "$MOD_BUILD_PATH/.tdescmrevision"
-    # --> Module name
-    echo "$MOD_NAME" >"$MOD_BUILD_PATH/.tdescmmodule"
-    # --> SCM info
+    # Add GIT information
+    echo "# TDE SCM module information" > "$MOD_BUILD_PATH/.tdescminfo"
+    echo "Name: $MOD_NAME" >> "$MOD_BUILD_PATH/.tdescminfo"
     cd "$MOD_GIT_PATH"
     MOD_BRANCH=`git branch --contains HEAD | grep -v "no branch" | head -n1 | cut -c 3-`
     COMMIT_HASH=`git rev-parse HEAD`
-    echo "$MOD_BRANCH-$COMMIT_HASH" >"$MOD_BUILD_PATH/.tdescmrevision"
+    echo "Revision: $MOD_BRANCH-$COMMIT_HASH" >> "$MOD_BUILD_PATH/.tdescminfo"
+    git log -1 --pretty=format:"DateTime: %cd%n" --date=format:"%m/%d/%Y %H:%M" >> "$MOD_BUILD_PATH/.tdescminfo"
   else
     # Extra dependency module
     if [ `find "$MOD_GIT_PATH" -name '*.dsc' | wc -l` == 1 ]; then
@@ -309,7 +307,7 @@ if [ "$bool_EXTRADEP_MOD" != "y"  -a  "$bool_COPY_PKGING_FILES" = "y" ]; then
 	  
   # TODO metapackage support
   
-	# Default package name (Slavek's repo style)
+	# Default package name
 	# Calculate package version
 	cd $MOD_GIT_PATH
 	branch=`git branch --contains HEAD | egrep -v "no branch|detached" | head -n1 | cut -c 3-`
@@ -345,12 +343,14 @@ if [ "$bool_EXTRADEP_MOD" != "y"  -a  "$bool_COPY_PKGING_FILES" = "y" ]; then
 	fi
 	# TODO add relative patch count  
 	ADD_REL=0
-	
-	DATE=$(date -R)
+
+	# Update changelog
+	REPO_DATE=`git log -1 --pretty=format:"%cd%n" --date=rfc`
 	GITUSER="$(git config --get user.name) <$(git config --get user.email)>"
 	echo "$PKG_NAME ($REL-0$DISTRO$DISTRO_VERSION.$ADD_REL+$PKG_REL) $DISTRO_NAME; urgency=low" > "$MOD_BUILD_PKGING_PATH/changelog"
-	echo -e "\n  * Automated git build\n\n -- $GITUSER  $DATE\n"   >> "$MOD_BUILD_PKGING_PATH/changelog"
+	echo -e "\n  * Automated git build\n\n -- $GITUSER  $REPO_DATE\n"   >> "$MOD_BUILD_PKGING_PATH/changelog"
 	cat "$REPO_TDE_PACKAGING/$MOD_NAME/debian/changelog" >> "$MOD_BUILD_PKGING_PATH/changelog"
+	touch -d "$REPO_DATE" "$MOD_BUILD_PKGING_PATH/changelog"
 fi
 
 # prepare destination directory for building
@@ -373,7 +373,6 @@ if [ -x "$HOOK_DIR/$MOD_NAME/pre_build.sh" ]; then
 	fi
 fi
 
-
 #----------------------------
 # Switch to 3.0(quilt) format
 #----------------------------
@@ -384,7 +383,10 @@ MOD_MAJOR_VER=`head -n 1 "$MOD_BUILD_PKGING_PATH/changelog" | sed -r "s/^[^ ]+ \
 MOD_UP_VER=`head -n 1 "$MOD_BUILD_PKGING_PATH/changelog" | sed -r "s/^[^ ]+ \(([^:]+:)?([^-]+).*/\2/"`
 MOD_DEB_VER=`head -n 1 "$MOD_BUILD_PKGING_PATH/changelog" | sed -r "s/^[^ ]+ \([^-]+-([^\)]+).*/\1/"`
 
-tar cJf "../${MOD_BASENAME}_${MOD_UP_VER}.orig.tar.xz" --exclude="debian" --exclude=".git*" .
+REPO_DATE=`dpkg-parsechangelog -l "$MOD_BUILD_PATH/debian/changelog" | sed -n -e 's|^Date: ||p'`
+tar cJf "../${MOD_BASENAME}_${MOD_UP_VER}.orig.tar.xz" --exclude="debian" --exclude=".git*" \
+      --mtime "$REPO_DATE" --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime .
+touch -d "$REPO_DATE" "../${MOD_BASENAME}_${MOD_UP_VER}.orig.tar.xz"
 
 # switch to quilt format
 if [ -f "$MOD_BUILD_PKGING_PATH/source/format" ]; then
@@ -426,7 +428,11 @@ cd "$MOD_BUILD_PATH"
 if [ "$bool_BUILD_LOCALLY" = "y" ]; then
   ## Build module locally
   echo -e "${CYellow}> Building locally${CNone}"
-  eval dpkg-buildpackage $OPT_SIGN_PKG_LOCAL $OPT_SHOW_LOGS\"$BUILDING_LOG_FILE\"
+  eval dpkg-buildpackage -S $OPT_SIGN_PKG_LOCAL $OPT_SHOW_LOGS\"$BUILDING_LOG_FILE\"
+  build_retval=$?
+  if [ $build_retval -eq 0 ]; then
+    eval dpkg-buildpackage -b $OPT_SIGN_PKG_LOCAL $OPT_SHOW_LOGS\"$BUILDING_LOG_FILE\"
+  fi
 	build_retval=$?
 else
   ## Build module in a clean chroot environment using pbuilder
diff --git a/debian/_buildscripts/local/internals/_pbuilder.sh b/debian/_buildscripts/local/internals/_pbuilder.sh
index 51ba48dc6..cbcded647 100755
--- a/debian/_buildscripts/local/internals/_pbuilder.sh
+++ b/debian/_buildscripts/local/internals/_pbuilder.sh
@@ -44,9 +44,9 @@ function run_pdebuild()
 echo "deb [trusted=yes] file:$TDE_DEBS_DIR ./" >> /etc/apt/sources.list
 END_D05_01
 	if [[ "$USE_PREBUILD_EXTRA_DEPS" = "y" ]]; then
-		# Get building branch from .tdescmrevision file
-		if [[ -f "$MOD_BUILD_PATH/.tdescmrevision" ]]; then
-			BUILD_BRANCH=`sed -r "s/([^-]+)-.*/\1/" "$MOD_BUILD_PATH/.tdescmrevision"`
+		# Get building branch from .tdescminfo file
+		if [[ -f "$MOD_BUILD_PATH/.tdescminfo" ]]; then
+			BUILD_BRANCH=`sed -n -r "s/^Revision: ([^-]+)-.*/\1/p" "$MOD_BUILD_PATH/.tdescminfo"`
 			OLD_IFS=$IFS && IFS=$' \t'
 			while read l_branch l_repo l_component; do
 				if [ "$l_branch" = "$BUILD_BRANCH" ]; then
-- 
cgit v1.2.3