HomePhabricator

Build reproducible tarballs for releases

Authored by aaronpuchert on Sun, Nov 22, 11:51 AM.

Description

Build reproducible tarballs for releases

Currently the tarballs contain superfluous metadata, like the user name
of the packager and via Pax headers even the PID of the tar process that
packaged the files. We build the monorepo projects directly from the git
repo using "git archive" and for the test-suite we add some flags as
recommended by https://reproducible-builds.org/docs/archives/. We don't
use numeric owners though to be compatible with "git archive".

The advantage of "git archive" is that the releaser doesn't have to
download the tar ball and extract it, rather the archive is built
directly from the repository. This is probably what GitHub uses
internally to produce the tarballs, so I wouldn't expect a difference.

Reviewed By: tstellar

Differential Revision: https://reviews.llvm.org/D91494

Details

Committed
aaronpuchertSun, Nov 22, 11:51 AM
Reviewer
tstellar
Differential Revision
D91494: Build reproducible tarballs for releases
Parents
rG825f80e111f2: [Sema] Introduce function reference conversion, NFC
Branches
Unknown
Tags
Unknown