Debian Bug report logs -
#1020867
uclibc: reproducible builds: tarball includes user, group and file mode of build user
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Simon Richter <sjr@debian.org>:
Bug#1020867; Package src:uclibc.
(Tue, 27 Sep 2022 19:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Simon Richter <sjr@debian.org>.
(Tue, 27 Sep 2022 19:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: uclibc
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: umask username
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
The source tarball /usr/src/uClibc-ng-1.0.35.tar.xz embeds the username,
userid, groupname, groupid and umask of the build user:
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/uclibc.html
drwxr-xr-x···0·pbuilder1··(1111)·pbuilder1··(1111)········0·2020-08-29·02:35:19.000000·uClibc-ng-1.0.35/
vs.
drwxrwxr-x···0·pbuilder2··(2222)·pbuilder2··(2222)········0·2020-08-29·02:35:19.000000·uClibc-ng-1.0.35/
The attached patch fixes this by passing arguments to tar in
debian/rules to ensure consistent user, group, uid, gid and file
permissions in the generated tarball.
I have not verified that these changes work correctly in the resulting
packages, only that it builds reproducibly; please be sure to verify
before uploading.
I have not fully tested this patch as my local build environment does
not successfully test umask differences, though I am fairly confident
with this patch applied, uclibc should become reproducible on
tests.reproducible-builds.org!
Thanks for maintaining uclibc!
live well,
vagrant
[0001-debian-rules-Set-sort-order-user-id-group-id-and-fil.patch (text/x-diff, inline)]
From 7463e372afbc7f9d3e7c78788741ded0890c4102 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Tue, 27 Sep 2022 19:09:06 +0000
Subject: [PATCH] debian/rules: Set sort order, user id, group id, and file
mask when generating tarball.
https://reproducible-builds.org/docs/archives/
---
debian/rules | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/rules b/debian/rules
index c850f66..7a41ebc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -129,7 +129,7 @@ build/uClibc-ng-$(version).tar.xz: build/uClibc-ng-$(version).tar
build/uClibc-ng-$(version).tar:
dh_testdir
mkdir -p build
- tar -cf $@ --mtime="$(BUILD_DATE)" --exclude=./build --transform s@^\.@uClibc-ng-$(version)@ .
+ tar -cf $@ --mtime="$(BUILD_DATE)" --sort=name --owner=0 --group=0 --numeric-owner --mode=go=rX,u+rw,a-s --exclude=./build --transform s@^\.@uClibc-ng-$(version)@ .
binary-%: build-%
dh_testdir
--
2.37.2
[signature.asc (application/pgp-signature, inline)]
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 13:28:51 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.