Debian Bug report logs - #1005408
wcwidth: reproducible-builds: build path and timestamp embedded in unicode_versions.py

version graph

Package: src:wcwidth; Maintainer for src:wcwidth is Debian Python Team <team+python@tracker.debian.org>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Sat, 12 Feb 2022 22:21:02 UTC

Severity: normal

Tags: patch

Fixed in version wcwidth/0.2.5+dfsg1-1.1

Done: Holger Levsen <holger@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian Python Team <team+python@tracker.debian.org>:
Bug#1005408; Package src:wcwidth. (Sat, 12 Feb 2022 22:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian Python Team <team+python@tracker.debian.org>. (Sat, 12 Feb 2022 22:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: wcwidth: reproducible-builds: build path and timestamp embedded in unicode_versions.py
Date: Sat, 12 Feb 2022 14:16:35 -0800
[Message part 1 (text/plain, inline)]
Source: wcwidth
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath timestamps
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

Builds in a different source directory and at a different time trigger
reproducibility issues in the generated file
/usr/lib/python3/dist-packages/wcwidth/unicode_versions.py:


│ │ │ ├── ./usr/lib/python3/dist-packages/wcwidth/unicode_versions.py
│ │ │ │ @@ -1,11 +1,11 @@
│ │ │ │  """
│ │ │ │  Exports function list_versions() for unicode version level support.
│ │ │ │
│ │ │ │ -This code generated by /tmp/reprotest.WGluB5/const_build_path/bin/update-tables.py on 2022-02-12 21:45:53.764832.
│ │ │ │ +This code generated by /tmp/reprotest.WGluB5/build-experiment-1/bin/update-tables.py on 2023-06-01 05:54:05.897865.
│ │ │ │  """
│ │ │ │
│ │ │ │
│ │ │ │  def list_versions():
│ │ │ │      """
│ │ │ │      Return Unicode version levels supported by this module release.

The attached patch fixes this by modifying update-tables.py to not add
comment to files it generates, which is presumably safe to do...


With this patch applied, wcwidth should build reproducibly on
tests.reproducible-builds.org!


Thanks for maintaining wcwidth!


live well,
  vagrant

[0001-bin-update-tables.py-Remove-comment-which-embeds-the.patch (text/x-diff, inline)]
From 38064c3f0b5412ca4f58d1dc783361dd1ea71156 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Sat, 12 Feb 2022 21:54:47 +0000
Subject: [PATCH] bin/update-tables.py: Remove comment which embeds the build
 path and timestamp.

https://reproducible-builds.org/docs/timestamps/
https://reproducible-builds.org/docs/build-path/
---
 bin/update-tables.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/bin/update-tables.py b/bin/update-tables.py
index 674f41f..5a5ef2b 100644
--- a/bin/update-tables.py
+++ b/bin/update-tables.py
@@ -306,7 +306,6 @@ def do_unicode_versions(versions):
         fp.write(f"""\"\"\"
 Exports function list_versions() for unicode version level support.
 
-This code generated by {__file__} on {utc_now}.
 \"\"\"
 
 
-- 
2.34.1


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Team <team+python@tracker.debian.org>:
Bug#1005408; Package src:wcwidth. (Tue, 10 Jan 2023 22:51:10 GMT) (full text, mbox, link).

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Team <team+python@tracker.debian.org>. (Tue, 10 Jan 2023 22:51:10 GMT) (full text, mbox, link).

Message #10 received at 1005408@bugs.debian.org (full text, mbox, reply):

From: Holger Levsen <holger@layer-acht.org>
To: 1005408@bugs.debian.org
Subject: wcwidth 0.2.5+dfsg1-1.1 uploaded to DELAYED/10 fixing #1005408
Date: Tue, 10 Jan 2023 22:47:08 +0000
[Message part 1 (text/plain, inline)]
hi,

I've uploaded wcwidth 0.2.5+dfsg1-1.1 to DELAYED/10 fixing
#1005408: wcwidth: reproducible-builds: build path and timestamp embedded in 
unicode_versions.py - https://bugs.debian.org/1005408

The debdiff is attached.

I'm happy to cancel the upload or remove the delay.


-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

figures don't lie, but liars figure.

[wcwidth_0.2.5+dfsg1-1.1_diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Reply sent to Holger Levsen <holger@debian.org>:
You have taken responsibility. (Fri, 20 Jan 2023 23:27:03 GMT) (full text, mbox, link).

Notification sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer. (Fri, 20 Jan 2023 23:27:03 GMT) (full text, mbox, link).

Message #15 received at 1005408-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1005408-close@bugs.debian.org
Subject: Bug#1005408: fixed in wcwidth 0.2.5+dfsg1-1.1
Date: Fri, 20 Jan 2023 23:24:47 +0000
Source: wcwidth
Source-Version: 0.2.5+dfsg1-1.1
Done: Holger Levsen <holger@debian.org>

We believe that the bug you reported is fixed in the latest version of
wcwidth, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1005408@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated wcwidth package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Jan 2023 23:40:10 +0100
Source: wcwidth
Architecture: source
Version: 0.2.5+dfsg1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Closes: 1005408
Changes:
 wcwidth (0.2.5+dfsg1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload by the Reproducible Builds team.
   * Apply patch from Vagrant Cascadian to make the package build reproducible
     by removing a comment from bin/update-tables.py which embedded the build
     path and timestamp. Closes: #1005408
Checksums-Sha1:
 4f47a40f6cacaeb133cf31914e61c10ce377e5fd 2094 wcwidth_0.2.5+dfsg1-1.1.dsc
 a5a9dcafaa485f1735ef969286e3349a04c928be 4992 wcwidth_0.2.5+dfsg1-1.1.debian.tar.xz
 9c487c9ec905259a98f834045f0644f92ff327e8 7379 wcwidth_0.2.5+dfsg1-1.1_source.buildinfo
Checksums-Sha256:
 1ab31595780d2d7250913655ae9d184924a16e590285c2e32a5bf9d6d0aa3af0 2094 wcwidth_0.2.5+dfsg1-1.1.dsc
 324683f6404d0ebf91ff66c064187797eccd2fa2df488915c2e6d8380801ac5f 4992 wcwidth_0.2.5+dfsg1-1.1.debian.tar.xz
 6fb8a82ced609f832151fcf46269a54078a153306ae9911669e3091ffa78f1c6 7379 wcwidth_0.2.5+dfsg1-1.1_source.buildinfo
Files:
 888671292bc31483f36fd58e1ba25379 2094 python optional wcwidth_0.2.5+dfsg1-1.1.dsc
 f43df0a198d60f0b515183093910793a 4992 python optional wcwidth_0.2.5+dfsg1-1.1.debian.tar.xz
 d6d7627bd54ed8e6814ca964ad2aabf6 7379 python optional wcwidth_0.2.5+dfsg1-1.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmO96XwACgkQCRq4Vgaa
qhz4+g//RxhxUxsIiLsRbHQ3Slak6A1P+jdWZk/uZGJVzUFrnrpa6V5AnT4xqm8J
ED8thI45sOWA9Xq7LmD0ZfeWESAQgolaU3YIA8R+Wvq7GZKXbLPZJQxwzx/hWyFt
0G8Bds9wEglNJ6wqKmWW3SwmQvHlyi7gDldvmqHBWEYGDwurEs7Pbs4by969buvX
SaGgTW+CRpWvEIppUV+NRE8De3IxxQEmDcLy7OedO1EmY8mrwYRSZgcgqYugMka8
Sf7dr0kZpYEv6cXCAI/xUUhpdIAkouMO+P9kgPpmC9koIn5SStAA8WcJMU60Xp66
DZhO+NGf8VBw20ay3SDdbUQMi4XwkTbHDZuavRzcYWglZ/h1KCYkvUX5aWu2gKVD
hVZr0DJzivUuiZoKfd6JGL1zRJHUXWvbC5S3zjdh7Vg9R03YVab6JhWZBc2/Ulrp
d2DWltim6xdshOw9TwDEs2tiyCmSlAUyn0HtbmfIbGkOLel1k6PSmW58+vUnDQwf
WO/q+byOpGzUR73XYCV2YJZvZAnnF/wZyy8D6ThvizKheolHoSm+VHbKiP+G+/li
SYi3Ml610FhZX90ex8qdNcw/iU6omWjjtXaAm6wUpb1jxSMs28A585iG/5dtpOvo
yiP8Q5I1hv/Pl1zIRBmIaODKDzuIEQcUeFzTmMaNyd5kK3PSTv0=
=6rgj
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 23 Feb 2023 07:25:28 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 10:19:29 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.