include: make APK packing mtime reproducible

APK kindly stores the mtime of each containing file in created packages,
breaking reproducibility. As a fix, touch all files of the package with the
timestamp of PKGSOURCE_DATE_EPOCH, which contains the timestamp based on the
last package modification.

Over at OPKG, something similar is done by setting mtime in the tar command,
see the `ipkg-build` script.

To tackle this in APK directly, some changes are suggested. However until this
is merged, we should fix it downstream.
https://gitlab.alpinelinux.org/alpine/apk-tools/-/merge_requests/348

Signed-off-by: Paul Spooren <mail@aparcar.org>

diff --git a/include/package-pack.mk b/include/package-pack.mk
index 38655a44925ca6eeca50d226e75f399d3b56af7d..5268eaf666014408139121bfa666ffccebe86493 100644 (file)
--- a/include/package-pack.mk
+++ b/include/package-pack.mk
@@ -383,6 +383,9 @@ else
                exit 1; \
        fi
 
+       # Touch all files to set mtime to PKG_SOURCE_DATE_EPOCH for reproducible builds
+       find $$(IDIR_$(1)) -exec touch -d "@$(PKG_SOURCE_DATE_EPOCH)" {} \;
+
        $(FAKEROOT) $(STAGING_DIR_HOST)/bin/apk mkpkg \
          --info "name:$(1)$$(ABIV_$(1))" \
          --info "version:$(VERSION)" \