Debian Bug report logs -
#1006861
pcp: reproducible builds: demo tarballs include user, group and file mode of build user
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, PCP Development Team <pcp@groups.io>:
Bug#1006861; Package src:pcp.
(Mon, 07 Mar 2022 00:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, PCP Development Team <pcp@groups.io>.
(Mon, 07 Mar 2022 00:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: pcp
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: umask username
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
Several of the tarballs shipped in /usr/share/pcp/demos/tutorials/ embed
the username, userid, groupname, groupid and umask of the build user:
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/pcp.html
/usr/share/pcp/demos/tutorials/cpuperf.tar.gz
-rw-r--r--···0·pbuilder1··(1111)·pbuilder1··(1111)····93752·2015-08-06·05:46:36.000000·cpuperf/babylon.percpu.0
vs.
-rw-rw-r--···0·pbuilder2··(2222)·pbuilder2··(2222)····93752·2015-08-06·05:46:36.000000·cpuperf/babylon.percpu.0
The attached patch fixes this by passing arguments to ensure consistent
sort order, timestamp, user, group, uid, gid and file permissions.
Thanks for maintaining pcp!
live well,
vagrant
[0001-Patch-tarball-generation-to-sort-order-of-files-use-.patch (text/x-diff, inline)]
From b4511208eddf9c970dc34873dccad4c9c93378c7 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Sun, 6 Mar 2022 18:49:44 +0000
Subject: [PATCH 1/3] Patch tarball generation to sort order of files, use
consistent timestamp, mode, and set numeric owner and group to 0.
---
man/html/cpuperf/GNUmakefile | 2 +-
man/html/diskmodel/GNUmakefile | 2 +-
man/html/diskperf/GNUmakefile | 2 +-
man/html/pmie/GNUmakefile | 2 +-
man/html/pmview/GNUmakefile | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/man/html/cpuperf/GNUmakefile b/man/html/cpuperf/GNUmakefile
index 7c07e81..04e17ac 100644
--- a/man/html/cpuperf/GNUmakefile
+++ b/man/html/cpuperf/GNUmakefile
@@ -15,7 +15,7 @@ $(BINTAR): $(PCPLOGS) $(CONFIGS)
for f in `echo $^`; do \
echo $(BUNDLE)/$$f >> $$CDIR/manifest; \
done; \
- $(TAR) --format ustar -T $$CDIR/manifest -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
+ $(TAR) --format ustar -T $$CDIR/manifest --sort=name --mtime="@$(SOURCE_DATE_EPOCH)" --owner=0 --group=0 --numeric-owner --mode=u=wrX,og=rX -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
echo "Created $(BINTAR)"
include $(BUILDRULES)
diff --git a/man/html/diskmodel/GNUmakefile b/man/html/diskmodel/GNUmakefile
index d61ff9d..1adb083 100644
--- a/man/html/diskmodel/GNUmakefile
+++ b/man/html/diskmodel/GNUmakefile
@@ -16,7 +16,7 @@ $(BINTAR): $(PCPLOGS) $(CONFIGS) $(MODELS)
for f in `echo $^`; do \
echo $(BUNDLE)/$$f >> $$CDIR/manifest; \
done; \
- $(TAR) --format ustar -T $$CDIR/manifest -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
+ $(TAR) --format ustar -T $$CDIR/manifest --sort=name --mtime="@$(SOURCE_DATE_EPOCH)" --owner=0 --group=0 --numeric-owner --mode=u=wrX,og=rX -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
echo "Created $(BINTAR)"
include $(BUILDRULES)
diff --git a/man/html/diskperf/GNUmakefile b/man/html/diskperf/GNUmakefile
index e111f13..550b9ce 100644
--- a/man/html/diskperf/GNUmakefile
+++ b/man/html/diskperf/GNUmakefile
@@ -15,7 +15,7 @@ $(BINTAR): $(PCPLOGS) $(CONFIGS)
for f in `echo $^`; do \
echo $(BUNDLE)/$$f >> $$CDIR/manifest; \
done; \
- $(TAR) --format ustar -T $$CDIR/manifest -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
+ $(TAR) --format ustar -T $$CDIR/manifest --sort=name --mtime="@$(SOURCE_DATE_EPOCH)" --owner=0 --group=0 --numeric-owner --mode=u=wrX,og=rX -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
echo "Created $(BINTAR)"
include $(BUILDRULES)
diff --git a/man/html/pmie/GNUmakefile b/man/html/pmie/GNUmakefile
index ff6a061..c3a6582 100644
--- a/man/html/pmie/GNUmakefile
+++ b/man/html/pmie/GNUmakefile
@@ -15,7 +15,7 @@ $(BINTAR): $(PCPLOGS) $(CONFIGS)
for f in `echo $^`; do \
echo $(BUNDLE)/$$f >> $$CDIR/manifest; \
done; \
- $(TAR) --format ustar -T $$CDIR/manifest -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
+ $(TAR) --format ustar -T $$CDIR/manifest --sort=name --mtime="@$(SOURCE_DATE_EPOCH)" --owner=0 --group=0 --numeric-owner --mode=u=wrX,og=rX -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
echo "Created $(BINTAR)"
include $(BUILDRULES)
diff --git a/man/html/pmview/GNUmakefile b/man/html/pmview/GNUmakefile
index 714282b..e08c479 100644
--- a/man/html/pmview/GNUmakefile
+++ b/man/html/pmview/GNUmakefile
@@ -15,7 +15,7 @@ $(BINTAR): $(PCPLOGS) $(CONFIGS)
for f in `echo $^`; do \
echo $(BUNDLE)/$$f >> $$CDIR/manifest; \
done; \
- $(TAR) --format ustar -T $$CDIR/manifest -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
+ $(TAR) --format ustar -T $$CDIR/manifest --sort=name --mtime="@$(SOURCE_DATE_EPOCH)" --owner=0 --group=0 --numeric-owner --mode=u=wrX,og=rX -cf - | $(ZIP) --best --no-name > $$CDIR/$(BINTAR); \
echo "Created $(BINTAR)"
include $(BUILDRULES)
--
2.30.2
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Nathan Scott <nathans@debian.org>:
You have taken responsibility.
(Tue, 05 Apr 2022 01:39:05 GMT) (full text, mbox, link).
Notification sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer.
(Tue, 05 Apr 2022 01:39:05 GMT) (full text, mbox, link).
Message #10 received at 1006861-close@bugs.debian.org (full text, mbox, reply):
Source: pcp
Source-Version: 5.3.7-1
Done: Nathan Scott <nathans@debian.org>
We believe that the bug you reported is fixed in the latest version of
pcp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1006861@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nathan Scott <nathans@debian.org> (supplier of updated pcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 05 Apr 2022 09:12:16 +1000
Source: pcp
Architecture: source
Version: 5.3.7-1
Distribution: unstable
Urgency: low
Maintainer: PCP Development Team <pcp@groups.io>
Changed-By: Nathan Scott <nathans@debian.org>
Closes: 1006860 1006861 1006864
Changes:
pcp (5.3.7-1) unstable; urgency=low
.
* New release (full details in CHANGELOG).
* Updates for reproducible-builds (closes: #1006860, #1006861, #1006864)
Checksums-Sha1:
fc20ed998bd1a45572e82c9fd90a6d9c5e67ed58 5045 pcp_5.3.7-1.dsc
cf1a7e856a803d04fb1f0dec8cad2f429f06178c 43551206 pcp_5.3.7.orig.tar.gz
1193c58f249e21cb573dfde3913bb23daa8d0c0b 25696 pcp_5.3.7-1.debian.tar.xz
f0a8ca479acb4ae4c1c8a415055f0d09321ad69b 14257 pcp_5.3.7-1_source.buildinfo
Checksums-Sha256:
86a33b8a90a8e3403e9dbc55459ed3335ae94d1b5f62e980271ad23496152829 5045 pcp_5.3.7-1.dsc
1b508320082ab422a9b654d1ba4777248d85cf0344e16e6c29f84d174a0d9dc1 43551206 pcp_5.3.7.orig.tar.gz
5758e47a00aefa8afc237637ac6daff21112feb812440c3a7e9e430e7fbb2a73 25696 pcp_5.3.7-1.debian.tar.xz
58e835e405e6c228a8361c5ddc98584e3b913101fd43965d5bf2ea98d10b5e74 14257 pcp_5.3.7-1_source.buildinfo
Files:
4d0c51fe5152bb388cfd01c1938444e8 5045 utils extra pcp_5.3.7-1.dsc
e9216f9f7825b7ad47c365c62c550711 43551206 utils extra pcp_5.3.7.orig.tar.gz
04ce857fb09f52d456ccff7fd4445886 25696 utils extra pcp_5.3.7-1.debian.tar.xz
f1343edf44b91b17781ef956aa4550de 14257 utils extra pcp_5.3.7-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE96vodh5v5oY45ig6/ghC7jbdjAwFAmJLlmgACgkQ/ghC7jbd
jAzNHBAAyUjTjfcYXiMsprJobXuT2MxRdZDAYbBIlgtcZeOXw9gOlm5CJuLc+/U5
lmfkhxbu5G4o3T3FunM9Wj4eoPVVBYteSmFLH0Gflj62JrRBYfNbNB/QR3c0mI9W
eKCUx1huhuTqA3QnTVVmjwVBEyToPaQnSMhliby8A6fnP2RFh90wto8k3EJ0FVmD
K6QSic5caT5Lq8DKlmXmyE/7m+QPgeyyeDIK4fnm4pcqdqDmIHIuYLhktSDcIPt/
ViWUgH3zqBNsZPkt4E2qI1mPK6cSsO5aycpvBHIf3rtxi6EA+GZQhBfe04Zicyeu
PUqdBMhM1Aa0RdvptOFTGLE5Rvd9ViOmmjUwHeDE3TfkLi6sCc9BjNpAjPAw4jnX
GAQdTZCLLvi0yhvtoug4qc2ircE0oVvv7vFt8QhIsB9TDJfLgc26eD5JukwniQZz
AxSLRba0oagIenlYeicJnTGOBMGhgeTSi6K9c7CsQg8z6ggECgGTkJ12AJj1hZeS
5dTIeUBIdc2T4MmeSCBlccAuVvJRv6aGBJLGqB2Bs9cb+0iQEVnJ0Rfibyjtj3Lb
htG8NLL2a/CDc8AIieSU74Irx7SX+wcKkQi94xo1N2Hqeazn5F9499DGVOCsEwN6
DIwtglhMaVR6KRW3/bQTJffc0Sq6nndfj5/YAKcD4vlI1Ziw644=
=vFmb
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 18 May 2022 07:30:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 13:24:03 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.