include: make APK packing mtime reproducible

APK kindly stores the mtime of each containing file in created packages, breaking reproducibility. As a fix, touch all files of the package with the timestamp of PKGSOURCE_DATE_EPOCH, which contains the timestamp based on the last package modification. Over at OPKG, something similar is done by setting mtime in the tar command, see the `ipkg-build` script. To tackle this in APK directly, some changes are suggested. However until this is merged, we should fix it downstream. https://gitlab.alpinelinux.org/alpine/apk-tools/-/merge_requests/348 Signed-off-by: Paul Spooren <mail@aparcar.org>
author: Paul Spooren 2025-09-30 12:17:11 +0000
committer: Paul Spooren 2025-09-30 12:48:13 +0000
commit: 16416782f194d1850a9d9accf02f04832a7fcea4 (patch)
tree: 2aff480a99fd81a0ec7e516af4f9db85dca4e962
parent: c68a41818e05c5bb6eb90f0121486657cb4d3b3f (diff)
download: openwrt-16416782f194d1850a9d9accf02f04832a7fcea4.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/include/package-pack.mk b/include/package-pack.mk
index 38655a4492..5268eaf666 100644
--- a/include/package-pack.mk
+++ b/include/package-pack.mk
@@ -383,6 +383,9 @@ else
 		exit 1; \
 	fi
 
+	# Touch all files to set mtime to PKG_SOURCE_DATE_EPOCH for reproducible builds
+	find $$(IDIR_$(1)) -exec touch -d "@$(PKG_SOURCE_DATE_EPOCH)" {} \;
+
 	$(FAKEROOT) $(STAGING_DIR_HOST)/bin/apk mkpkg \
 	  --info "name:$(1)$$(ABIV_$(1))" \
 	  --info "version:$(VERSION)" \
author	Paul Spooren	2025-09-30 12:17:11 +0000
committer	Paul Spooren	2025-09-30 12:48:13 +0000
commit	16416782f194d1850a9d9accf02f04832a7fcea4 (patch)
tree	2aff480a99fd81a0ec7e516af4f9db85dca4e962
parent	c68a41818e05c5bb6eb90f0121486657cb4d3b3f (diff)
download	openwrt-16416782f194d1850a9d9accf02f04832a7fcea4.tar.gz