From 16416782f194d1850a9d9accf02f04832a7fcea4 Mon Sep 17 00:00:00 2001
From: Paul Spooren <mail@aparcar.org>
Date: Tue, 30 Sep 2025 14:17:11 +0200
Subject: [PATCH] include: make APK packing mtime reproducible

APK kindly stores the mtime of each containing file in created packages,
breaking reproducibility. As a fix, touch all files of the package with the
timestamp of PKGSOURCE_DATE_EPOCH, which contains the timestamp based on the
last package modification.

Over at OPKG, something similar is done by setting mtime in the tar command,
see the `ipkg-build` script.

To tackle this in APK directly, some changes are suggested. However until this
is merged, we should fix it downstream.
https://gitlab.alpinelinux.org/alpine/apk-tools/-/merge_requests/348

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 include/package-pack.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/package-pack.mk b/include/package-pack.mk
index 38655a4492..5268eaf666 100644
--- a/include/package-pack.mk
+++ b/include/package-pack.mk
@@ -383,6 +383,9 @@ else
 		exit 1; \
 	fi
 
+	# Touch all files to set mtime to PKG_SOURCE_DATE_EPOCH for reproducible builds
+	find $$(IDIR_$(1)) -exec touch -d "@$(PKG_SOURCE_DATE_EPOCH)" {} \;
+
 	$(FAKEROOT) $(STAGING_DIR_HOST)/bin/apk mkpkg \
 	  --info "name:$(1)$$(ABIV_$(1))" \
 	  --info "version:$(VERSION)" \
-- 
2.30.2