Debian Bug report logs - #1010378
leds-alix: reproducible builds: source tarball embeds timestamps and umask

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>

To: submit@bugs.debian.org

Subject: leds-alix: reproducible builds: source tarball embeds timestamps and umask

Date: Fri, 29 Apr 2022 15:25:03 -0700

[Message part 1 (text/plain, inline)]

Source: leds-alix
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps umask
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

leds-alix-source embeds the timestamp and file permissions determined by
umask in the leds-alix source tarball:

  https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/leds-alix.html

  /usr/src/leds-alix.tar.bz2

  -rw-r--r--···0·root·········(0)·root·········(0)·····3610·2022-04-15·23:37:31.000000·modules/leds-alix/leds-alix.c
vs.
  -rw-rw-r--···0·root·········(0)·root·········(0)·····3610·2023-05-19·06:01:18.000000·modules/leds-alix/leds-alix.c

The attached patch fixes this by passing arguments to tar in
debian/rules to ensure consistent timestamp, file permissions, sort
order, user, group, uid and gid in the generated tarball.


With this patch applied, leds-alix should become reproducible on
tests.reproducible-builds.org!


live well,
  vagrant

[0001-debian-rules-Generate-tarball-reproducibly.patch (text/x-diff, inline)]

From 7f79cf28e70fdc2c0832f10517f29f7a9be3b61e Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 29 Apr 2022 21:35:18 +0000
Subject: [PATCH 1/2] debian/rules: Generate tarball reproducibly.

Pass arguments to tar to set sort order, timestamps, owner, group and
mode.
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 1068a59..59012aa 100755
--- a/debian/rules
+++ b/debian/rules
@@ -48,7 +48,7 @@ install: build
 	dh_installdirs -p$(psource)  usr/src/modules/$(sname)/debian
 	cp Makefile leds-alix.c $(DESTDIR)
 	cp debian/*modules.in* debian/control debian/rules debian/changelog debian/copyright debian/README.Debian $(DESTDIR)/debian
-	cd debian/$(psource)/usr/src && tar c modules | bzip2 -9 > $(sname).tar.bz2 && rm -rf modules
+	cd debian/$(psource)/usr/src && tar --sort=name --mtime="@$(SOURCE_DATE_EPOCH)" --owner=0 --group=0 --numeric-owner --mode=go=rX,u+rw,a-s --create modules | bzip2 -9 > $(sname).tar.bz2 && rm -rf modules
 	dh_install
 
 binary-indep: build install
-- 
2.30.2

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 1010378-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1010378-close@bugs.debian.org

Subject: Bug#1010378: fixed in leds-alix 0.0.1-3

Date: Fri, 29 Apr 2022 22:49:49 +0000

Source: leds-alix
Source-Version: 0.0.1-3
Done: Vagrant Cascadian <vagrant@reproducible-builds.org>

We believe that the bug you reported is fixed in the latest version of
leds-alix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010378@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vagrant Cascadian <vagrant@reproducible-builds.org> (supplier of updated leds-alix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Apr 2022 15:28:19 -0700
Source: leds-alix
Architecture: source
Version: 0.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Vagrant Cascadian <vagrant@reproducible-builds.org>
Closes: 1010378
Changes:
 leds-alix (0.0.1-3) unstable; urgency=medium
 .
   * QA upload.
   * debian/rules: Generate tarball reproducibly (Closes: #1010378).
   * debian/control: Set Rules-Requires-Root to no.
Checksums-Sha1:
 91705a87380d14d7aa08a94a3d73a43ec393a593 1285 leds-alix_0.0.1-3.dsc
 21edea84a5d736b6aac6dc0010289619a9d72e24 3836 leds-alix_0.0.1-3.debian.tar.xz
 25f06896ba308d47ed1413b6e433e018bd591dcb 5228 leds-alix_0.0.1-3_amd64.buildinfo
Checksums-Sha256:
 c641597ad2a731b1368f764c8056b7f6a3b80436eb9f57b46b1c52961fac41b3 1285 leds-alix_0.0.1-3.dsc
 4747ef20e49e02d9d7c65dd7480303d433ba97d1e04004d24be74fcad3e9743f 3836 leds-alix_0.0.1-3.debian.tar.xz
 f261815c6a2f551bc9d555736c09e51836ba949769f30551047d894c8806c454 5228 leds-alix_0.0.1-3_amd64.buildinfo
Files:
 d12c639e3b84915aa49c2138ff729273 1285 utils optional leds-alix_0.0.1-3.dsc
 d300159a4e14875508008db2ff2db5ff 3836 utils optional leds-alix_0.0.1-3.debian.tar.xz
 5f8f71d61e00d16b5e57833d2013886f 5228 utils optional leds-alix_0.0.1-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iJYEARYKAD4WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYmxoZCAcdmFncmFudEBy
ZXByb2R1Y2libGUtYnVpbGRzLm9yZwAKCRDcUY/If5cWquvpAP0UqBhQt8kq0KB5
JeOxUV7kidaxdH4el9rrdtmmhIfkfwD+Prsu00LDfDM1XbURmhx6xZDbjEMIIboU
li70z0Kf+w8=
=boqQ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.