From 924d5a06a673d23d2ba8bf5e80cbc3c615a526e6 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 30 Mar 2021 22:08:14 +0800
Subject: [PATCH] Make releases tarballs more deterministic

Not fully tested on different systems yet
---
 release.sh | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/release.sh b/release.sh
index 525cef3..091b136 100755
--- a/release.sh
+++ b/release.sh
@@ -1,4 +1,7 @@
 #!/bin/sh
+
+set -e
+
 VERSION=$(echo '#include "sysoptions.h"\necho DROPBEAR_VERSION' | cpp - | sh)
 echo Releasing version "$VERSION" ...
 if ! head -n1 CHANGES | grep -q $VERSION ; then
@@ -13,7 +16,11 @@ fi
 
 head -n1 CHANGES
 
-#sleep 3
+if tar --version | grep -q 'GNU tar'; then
+	TAR=tar
+else
+	TAR=gtar
+fi
 
 RELDIR=$PWD/../dropbear-$VERSION
 ARCHIVE=${RELDIR}.tar.bz2
@@ -35,7 +42,11 @@ rm -r "$RELDIR/autom4te.cache" || exit 2
 
 rm "$RELDIR/.hgtags"
 
-(cd "$RELDIR/.." && tar cjf $ARCHIVE `basename "$RELDIR"`) || exit 2
+RELDATE=$(head -n1 CHANGES | cut -d - -f 2)
+
+# from https://reproducible-builds.org/docs/archives/
+TAROPTS="--sort=name --owner=0 --group=0 --numeric-owner"
+(cd "$RELDIR/.." && $TAR cjf $ARCHIVE $TAROPTS --mtime="$RELDATE" `basename "$RELDIR"`) || exit 2
 
 ls -l $ARCHIVE
 openssl sha256 $ARCHIVE