Debian Bug report logs -
#1009342
xfce4-panel-profiles: reproducible builds: demo tarballs include user, group and file mode of build user
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian Xfce Maintainers <debian-xfce@lists.debian.org>:
Bug#1009342; Package src:xfce4-panel-profiles.
(Tue, 12 Apr 2022 01:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian Xfce Maintainers <debian-xfce@lists.debian.org>.
(Tue, 12 Apr 2022 01:45:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: xfce4-panel-profiles
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: umask username
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
Several of the tarballs shipped in
/usr/share/xfce4-panel-profiles/layouts/ embed the username, userid,
groupname, groupid and umask of the build user:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/xfce4-panel-profiles.html
/usr/share/xfce4-panel-profiles/layouts/Cupertino.tar.bz2
-rw-r--r--···0·pbuilder1··(1111)·pbuilder1··(1111)·····4925·2021-02-21·22:44:32.000000·config.txt
vs.
-rw-rw-r--···0·pbuilder2··(2222)·pbuilder2··(2222)·····4925·2021-02-21·22:44:32.000000·config.txt
The attached patch fixes this by passing arguments to tar in
Makefile.in.in to ensure consistent user, group, uid, gid and file
permissions in the generated tarballs.
I have not verified that these changes work correctly in the resulting
packages, only that it builds reproducibly; please be sure to verify
before uploading.
With this patch applied, xfce4-panel-profiles should become reproducible
on tests.reproducible-builds.org!
Thanks for maintaining xfce4-panel-profiles!
live well,
vagrant
[0001-Makefile.in.in-Pass-arguments-to-tar-to-make-build-r.patch (text/x-diff, inline)]
From 8cf9f8941c20e1527ac73829687c0ea5f2f4b608 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Tue, 12 Apr 2022 01:28:32 +0000
Subject: [PATCH 1/3] Makefile.in.in: Pass arguments to tar to make build
reproducible regardless of user or umask.
https://reproducible-builds.org/docs/archives/
---
Makefile.in.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Makefile.in.in b/Makefile.in.in
index a34e177..180da38 100644
--- a/Makefile.in.in
+++ b/Makefile.in.in
@@ -31,6 +31,8 @@ pot:
ifeq ($(shell tar --help|grep -o sort=),sort=)
TAROPTS := --sort=name --format ustar
+ TAROPTS += --owner=0 --group=0 --numeric-owner
+ TAROPTS += --mode=u=wrX,og=
endif
layouts:
cd data/layouts/cupertino; tar $(TAROPTS) -cvjf "../Cupertino.tar.bz2" *
--
2.30.2
[signature.asc (application/pgp-signature, inline)]
Added tag(s) upstream.
Request was from Akbarkhon Variskhanov <akbarkhon.variskhanov@gmail.com>
to control@bugs.debian.org.
(Sun, 13 Nov 2022 16:45:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 10:42:01 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.