Debian Bug report logs - #1021522
crack: reproducible-builds: date in various binaries

Package: src:crack; Maintainer for src:crack is Debian Security Tools <team+pkg-security@tracker.debian.org>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Mon, 10 Oct 2022 00:54:01 UTC

Severity: normal

Tags: patch

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian Security Tools <team+pkg-security@tracker.debian.org>:
Bug#1021522; Package src:crack. (Mon, 10 Oct 2022 00:54:04 GMT) (full text, mbox, link).


Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian Security Tools <team+pkg-security@tracker.debian.org>. (Mon, 10 Oct 2022 00:54:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: crack: reproducible-builds: date in various binaries
Date: Sun, 09 Oct 2022 17:27:31 -0700
[Message part 1 (text/plain, inline)]
Source: crack
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The date is embedded in various binaries:

  https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/crack.html

  /usr/lib/Crack/stdlib-cracker

  Fri·Nov·10·06:59:40·-12·2023
  vs.
  Sun·Oct··9·02:42:03·+14·2022

There are two different patches to fix this issue, the first patches the
upstream src/util/Makefile to not embed a date at all, and is the
preferred approach from a reproducible builds perspective.

The second patch uses the SOURCE_DATE_EPOCH environment variable to
specify the date to use in the embedded files, if for some reason these
files require a date in order to function correctly.

According to my local tests, with this patch applied, and a soon-to-be
submitted patch to fix build paths, crack should build reproducibly on
tests.reproducible-builds.org!

Thanks for maintaining crack!

live well,
  vagrant
[0002-src-util-Makefile-Remove-embedded-timestamps.patch (text/x-diff, inline)]
From 14c413afff3bb0bdbcbe5113adfd569d0f496fe0 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Mon, 10 Oct 2022 00:10:18 +0000
Subject: [PATCH 2/4] src/util/Makefile: Remove embedded timestamps.

https://reproducible-builds.org/docs/timestamps/
---
 src/util/Makefile | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/util/Makefile b/src/util/Makefile
index b2a96c3..f09bb9f 100644
--- a/src/util/Makefile
+++ b/src/util/Makefile
@@ -42,25 +42,21 @@ $(XDIR)/stdlib-cracker: cracker.c $(XLIB)
 	$(CC) $(CFLAGS) -c elcid.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB)
-	date > $@
 
 $(XDIR)/libdes-cracker: cracker.c $(XLIB)
 	$(CC) $(CFLAGS) -c elcid.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../libdes/libdes.a
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../libdes/libdes.a
-	date > $@
 
 $(XDIR)/ufc-cracker: cracker.c $(XLIB)
 	$(CC) $(CFLAGS) -DINITDES -DFCRYPT -c elcid.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../ufc-crypt/libufc.a
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../ufc-crypt/libufc.a
-	date > $@
 
 $(XDIR)/gnu-cracker: cracker.c $(XLIB)
 	$(CC) $(CFLAGS) -c elcid.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../crypt/libufc.a
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../crypt/libufc.a
-	date > $@
 
 #------------------------------------------------------------------
 
-- 
2.37.2

[0004-src-util-Makefile-Use-SOURCE_DATE_EPOCH-to-set-date.patch (text/x-diff, inline)]
From eae675adc4369871379c238fd7550d96d79512a2 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Mon, 10 Oct 2022 00:12:03 +0000
Subject: [PATCH 4/4] src/util/Makefile: Use SOURCE_DATE_EPOCH to set date.

https://reproducible-builds.org/docs/source-date-epoch/
---
 src/util/Makefile | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/util/Makefile b/src/util/Makefile
index b2a96c3..1ea15be 100644
--- a/src/util/Makefile
+++ b/src/util/Makefile
@@ -20,6 +20,8 @@ EXE=    $(XDIR)/dawg \
 
 #------------------------------------------------------------------
 
+DATESTAMP = $(shell LC_ALL=C date --utc --date=@$(SOURCE_DATE_EPOCH))
+
 all:    $(EXE)
 	@echo all made in util
 
@@ -42,25 +44,25 @@ $(XDIR)/stdlib-cracker: cracker.c $(XLIB)
 	$(CC) $(CFLAGS) -c elcid.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB)
-	date > $@
+	echo "$(DATESTAMP)" > $@
 
 $(XDIR)/libdes-cracker: cracker.c $(XLIB)
 	$(CC) $(CFLAGS) -c elcid.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../libdes/libdes.a
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../libdes/libdes.a
-	date > $@
+	echo "$(DATESTAMP)" > $@
 
 $(XDIR)/ufc-cracker: cracker.c $(XLIB)
 	$(CC) $(CFLAGS) -DINITDES -DFCRYPT -c elcid.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../ufc-crypt/libufc.a
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../ufc-crypt/libufc.a
-	date > $@
+	echo "$(DATESTAMP)" > $@
 
 $(XDIR)/gnu-cracker: cracker.c $(XLIB)
 	$(CC) $(CFLAGS) -c elcid.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../crypt/libufc.a
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../crypt/libufc.a
-	date > $@
+	echo "$(DATESTAMP)" > $@
 
 #------------------------------------------------------------------
 
-- 
2.37.2

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 12:42:23 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.