From 71888db8ba1398287a867ea068f97fd8fb6380ec Mon Sep 17 00:00:00 2001
From: Mike McQuaid <mike@mikemcquaid.com>
Date: Fri, 4 Aug 2023 10:02:44 +0100
Subject: [PATCH] bottle: reproducibility fixes.

I noticed from
https://github.com/Homebrew/homebrew-core/actions/runs/5751070010 that
we're no longer creating reproducible bottles between macOS and Linux.

All macOS checksums have changed but Linux ones have not. The main
difference between the two platforms is the `gtar` version used so let's
always just use the formula on both platforms.

While we're here, clear up the ordering and comments a little on the
reproducible `tar` arguments so that it's easier to compare with the
reproducible builds archives documentation.
---
 .github/workflows/tests.yml                   |  2 ++
 Library/Homebrew/dev-cmd/bottle.rb            | 22 ++++++++++++++-----
 Library/Homebrew/extend/os/dev-cmd/bottle.rb  |  6 +----
 .../extend/os/linux/dev-cmd/bottle.rb         | 12 ----------
 .../Homebrew/extend/os/mac/dev-cmd/bottle.rb  |  5 +++++
 5 files changed, 25 insertions(+), 22 deletions(-)
 delete mode 100644 Library/Homebrew/extend/os/linux/dev-cmd/bottle.rb

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index a9f5478912..df065e55a7 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -428,4 +428,6 @@ jobs:
 
       - run: brew test-bot --only-setup
 
+      - run: brew install gnu-tar
+
       - run: brew test-bot --only-formulae --only-json-tab --test-default-formula
diff --git a/Library/Homebrew/dev-cmd/bottle.rb b/Library/Homebrew/dev-cmd/bottle.rb
index 975976b3b2..7f9cf7b578 100644
--- a/Library/Homebrew/dev-cmd/bottle.rb
+++ b/Library/Homebrew/dev-cmd/bottle.rb
@@ -234,14 +234,26 @@ module Homebrew
     [].freeze
   end
 
+  sig { params(gnu_tar_formula: Formula).returns(String) }
+  def self.gnu_tar(gnu_tar_formula)
+    "#{gnu_tar_formula.opt_bin}/tar"
+  end
+
   sig { params(mtime: String).returns(T::Array[String]) }
   def self.reproducible_gnutar_args(mtime)
     # Ensure gnu tar is set up for reproducibility.
     # https://reproducible-builds.org/docs/archives/
     [
-      "--format", "pax", "--owner", "0", "--group", "0", "--sort", "name", "--mtime=#{mtime}",
+      # File modification times
+      "--mtime=#{mtime}",
+      # File ordering
+      "--sort=name",
+      # Users, groups and numeric ids
+      "--owner=0", "--group=0", "--numeric-owner",
+      # PAX headers
+      "--format=pax",
       # Set exthdr names to exclude PID (for GNU tar <1.33). Also don't store atime and ctime.
-      "--pax-option", "globexthdr.name=/GlobalHead.%n,exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime"
+      "--pax-option=globexthdr.name=/GlobalHead.%n,exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime"
     ].freeze
   end
 
@@ -253,14 +265,14 @@ module Homebrew
 
     # Use gnu-tar as it can be set up for reproducibility better than libarchive.
     begin
-      gnu_tar = Formula["gnu-tar"]
+      gnu_tar_formula = Formula["gnu-tar"]
     rescue FormulaUnavailableError
       return default_tar_args
     end
 
-    ensure_formula_installed!(gnu_tar, reason: "bottling")
+    ensure_formula_installed!(gnu_tar_formula, reason: "bottling")
 
-    ["#{gnu_tar.opt_bin}/gtar", reproducible_gnutar_args(mtime)].freeze
+    [gnu_tar(gnu_tar_formula), reproducible_gnutar_args(mtime)].freeze
   end
 
   def self.formula_ignores(formula)
diff --git a/Library/Homebrew/extend/os/dev-cmd/bottle.rb b/Library/Homebrew/extend/os/dev-cmd/bottle.rb
index d87c5e5843..7aec276a06 100644
--- a/Library/Homebrew/extend/os/dev-cmd/bottle.rb
+++ b/Library/Homebrew/extend/os/dev-cmd/bottle.rb
@@ -1,8 +1,4 @@
 # typed: strict
 # frozen_string_literal: true
 
-if OS.mac?
-  require "extend/os/mac/dev-cmd/bottle"
-elsif OS.linux?
-  require "extend/os/linux/dev-cmd/bottle"
-end
+require "extend/os/mac/dev-cmd/bottle" if OS.mac?
diff --git a/Library/Homebrew/extend/os/linux/dev-cmd/bottle.rb b/Library/Homebrew/extend/os/linux/dev-cmd/bottle.rb
deleted file mode 100644
index f7807b2148..0000000000
--- a/Library/Homebrew/extend/os/linux/dev-cmd/bottle.rb
+++ /dev/null
@@ -1,12 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-
-module Homebrew
-  sig { params(args: T.untyped, mtime: String).returns([String, T::Array[String]]) }
-  def self.setup_tar_and_args!(args, mtime)
-    # Without --only-json-tab bottles are never reproducible
-    return ["tar", tar_args].freeze unless args.only_json_tab?
-
-    ["tar", reproducible_gnutar_args(mtime)].freeze
-  end
-end
diff --git a/Library/Homebrew/extend/os/mac/dev-cmd/bottle.rb b/Library/Homebrew/extend/os/mac/dev-cmd/bottle.rb
index 9a234ae843..e035e4a9cc 100644
--- a/Library/Homebrew/extend/os/mac/dev-cmd/bottle.rb
+++ b/Library/Homebrew/extend/os/mac/dev-cmd/bottle.rb
@@ -10,4 +10,9 @@ module Homebrew
       [].freeze
     end
   end
+
+  sig { params(gnu_tar_formula: Formula).returns(String) }
+  def self.gnu_tar(gnu_tar_formula)
+    "#{gnu_tar_formula.opt_bin}/gtar"
+  end
 end