[Fedora-packaging] Pulling with bzr to create source tarballs.

Jeff Spaleta jspaleta at gmail.com
Sat May 5 03:30:14 UTC 2007

Good Morning Campers,

It appears that pulling from bzr to produce a source tarball can not
be done in a way that preserves file timestamps. This makes it
impossible to easily verify the md5sum of a tarball created this way.
The review guidance implies that that a comment block in the spec file
needs to provide enough information to recreate and verify such a
tarball. Unfortunately for bzr, the verification of the tarball will
always fail due to the timestamp issue.

As a workaround, i suggest that for tarballs built from a bzr export
that the spec file include a note that the contents of the tarball
must be verified individually, and that a note concerning bzr's
inability to preserve timestamps (and the dire consequences of that)
be added to the code control related review guidance.

For reference see the discussion in:
I have manually verified that the contents of the included source1
tarball match the files
pulled from call to bzr in the specfile comment block.

and for bzr's plan for timestamps:

-jef"why am i not drinking tequila right now?"spaleta

More information about the Fedora-packaging mailing list