git.ipfire.org Git - thirdparty/curl.git/commit

author	Viktor Szakats <commit@vsz.me>
	Fri, 5 Apr 2024 13:27:05 +0000 (13:27 +0000)
committer	Viktor Szakats <commit@vsz.me>
	Sun, 7 Apr 2024 22:28:42 +0000 (22:28 +0000)
commit	860cd5fc2dc8e165fadd2c19a9b7c73b3ae5069d
tree	c0a32bf20608202d8d136cde15097dc0ee54b1c0	tree \| snapshot
parent	a42de088a28a4661b17693f087397210e30c2ccd	commit \| diff

dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs

- set bash `-eu` and fix fallouts.
- fix shellcheck warnings.
- set and use `SOURCE_DATE_EPOCH` for reproducibility.
Authored-by: Daniel J. H.
Ref: #13280
- set `TZ=UTC` and `LC_ALL=C` for reproducibility.
- make file timestamps in tarball/zip reproducible.
- make directory timestamps in zip reproducible.
- make timestamps of tarballs/zip reproducible.
- make file order in tarball/zip reproducible.
- omit extra file metadata from zip for reproducibility.
- use maximum zip compression.
- use POSIX `ustar` tarball format to avoid supply chain vulnerability:
https://seclists.org/oss-sec/2021/q4/0
- make uid/gid in tarball reproducible.
- omit owner user/group names from tarball for reproducibility and privacy.
- omit current timestamp from .gz header for reproducibility.
- display SHA-256 hashes of produced tarballs/zip.
- fix whitespace.

`.tar.gz` also became smaller in the process: 4,462,311 -> 4,148,249 bytes (8.7.1)

Requires GNU tar, GNU date, `sha256sum`.

Reviewed-by: Daniel Stenberg
Ref: #13250
Closes #13299