packages: bump APK to improve reproducibility

The package bump to version rc6 incorporates two recent changes, first, the stored `mtime` honors SOURCE_DATE_EPOCH, making a prior "touch" obsolete. Secondly the order of files added to created packages is now sorted, improving reproducibility, too. Signed-off-by: Paul Spooren <mail@aparcar.org>
2025-12-21 19:14:28 +04:00 · 2025-10-04 20:53:51 +02:00
parent 5b1cb76a01
commit 4bef775c70
2 changed files with 5 additions and 7 deletions
--- a/include/package-pack.mk
+++ b/include/package-pack.mk
@@ -232,6 +232,7 @@ $(_endef)
    $$(PACK_$(1)) : export DESCRIPTION=$$(Package/$(1)/description)
    $$(PACK_$(1)) : export PATH=$$(TARGET_PATH_PKG)
    $$(PACK_$(1)) : export PKG_SOURCE_DATE_EPOCH:=$(PKG_SOURCE_DATE_EPOCH)
+    $$(PACK_$(1)) : export SOURCE_DATE_EPOCH:=$(PKG_SOURCE_DATE_EPOCH)
    $(PKG_INFO_DIR)/$(1).provides $$(PACK_$(1)): $(STAMP_BUILT) $(INCLUDE_DIR)/package-pack.mk
 	rm -rf $$(IDIR_$(1))
 ifeq ($$(CONFIG_USE_APK),)
@@ -383,9 +384,6 @@ else
 		exit 1; \
 	fi

-	# Touch all files to set mtime to PKG_SOURCE_DATE_EPOCH for reproducible builds
-	find $$(IDIR_$(1)) -exec touch -d "@$(PKG_SOURCE_DATE_EPOCH)" {} \;
-
 	$(FAKEROOT) $(STAGING_DIR_HOST)/bin/apk mkpkg \
 	  --info "name:$(1)$$(ABIV_$(1))" \
 	  --info "version:$(VERSION)" \
--- a/package/system/apk/Makefile
+++ b/package/system/apk/Makefile
@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=apk
-PKG_RELEASE:=2
+PKG_RELEASE:=1

 PKG_SOURCE_URL=https://gitlab.alpinelinux.org/alpine/apk-tools.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2025-06-06
-PKG_SOURCE_VERSION:=9331888de6bd5b280d75112e5b2f7b55684db0ec
-PKG_MIRROR_HASH:=cf5b3429ce9ee5e2c4705b0b8160adec6f300dd2a42f8190fb0953754dd5eaa5
+PKG_SOURCE_DATE:=2025-10-07
+PKG_SOURCE_VERSION:=6ffc65c63004b8d991ead4ea0f3d80e05b06b977
+PKG_MIRROR_HASH:=388e0210247a49099f49e783ff3d0753bed26bbb91acec2dd2d5722aca5daf6f

 PKG_VERSION=3.0.0_pre$(subst -,,$(PKG_SOURCE_DATE))