#1021522 - crack: reproducible-builds: date in various binaries

Debian Bug report logs - #1021522
crack: reproducible-builds: date in various binaries

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Mon, 10 Oct 2022 00:54:01 UTC

Severity: normal

Tags: patch

Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian Security Tools <team+pkg-security@tracker.debian.org>:
Bug#1021522; Package src:crack. (Mon, 10 Oct 2022 00:54:04 GMT) (full text, mbox, link).

Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian Security Tools <team+pkg-security@tracker.debian.org>. (Mon, 10 Oct 2022 00:54:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Source: crack Severity: normal Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org The date is embedded in various binaries: https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/crack.html /usr/lib/Crack/stdlib-cracker Fri·Nov·10·06:59:40·-12·2023 vs. Sun·Oct··9·02:42:03·+14·2022 There are two different patches to fix this issue, the first patches the upstream src/util/Makefile to not embed a date at all, and is the preferred approach from a reproducible builds perspective. The second patch uses the SOURCE_DATE_EPOCH environment variable to specify the date to use in the embedded files, if for some reason these files require a date in order to function correctly. According to my local tests, with this patch applied, and a soon-to-be submitted patch to fix build paths, crack should build reproducibly on tests.reproducible-builds.org! Thanks for maintaining crack! live well, vagrant

From 14c413afff3bb0bdbcbe5113adfd569d0f496fe0 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagrant@reproducible-builds.org> Date: Mon, 10 Oct 2022 00:10:18 +0000 Subject: [PATCH 2/4] src/util/Makefile: Remove embedded timestamps. https://reproducible-builds.org/docs/timestamps/ --- src/util/Makefile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/util/Makefile b/src/util/Makefile index b2a96c3..f09bb9f 100644 --- a/src/util/Makefile +++ b/src/util/Makefile @@ -42,25 +42,21 @@ $(XDIR)/stdlib-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -c elcid.c $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) - date > $@ $(XDIR)/libdes-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -c elcid.c $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../libdes/libdes.a $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../libdes/libdes.a - date > $@ $(XDIR)/ufc-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -DINITDES -DFCRYPT -c elcid.c $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../ufc-crypt/libufc.a $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../ufc-crypt/libufc.a - date > $@ $(XDIR)/gnu-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -c elcid.c $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../crypt/libufc.a $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../crypt/libufc.a - date > $@ #------------------------------------------------------------------ -- 2.37.2

From eae675adc4369871379c238fd7550d96d79512a2 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagrant@reproducible-builds.org> Date: Mon, 10 Oct 2022 00:12:03 +0000 Subject: [PATCH 4/4] src/util/Makefile: Use SOURCE_DATE_EPOCH to set date. https://reproducible-builds.org/docs/source-date-epoch/ --- src/util/Makefile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/util/Makefile b/src/util/Makefile index b2a96c3..1ea15be 100644 --- a/src/util/Makefile +++ b/src/util/Makefile @@ -20,6 +20,8 @@ EXE= $(XDIR)/dawg \ #------------------------------------------------------------------ +DATESTAMP = $(shell LC_ALL=C date --utc --date=@$(SOURCE_DATE_EPOCH)) + all: $(EXE) @echo all made in util @@ -42,25 +44,25 @@ $(XDIR)/stdlib-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -c elcid.c $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) - date > $@ + echo "$(DATESTAMP)" > $@ $(XDIR)/libdes-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -c elcid.c $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../libdes/libdes.a $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../libdes/libdes.a - date > $@ + echo "$(DATESTAMP)" > $@ $(XDIR)/ufc-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -DINITDES -DFCRYPT -c elcid.c $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../ufc-crypt/libufc.a $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../ufc-crypt/libufc.a - date > $@ + echo "$(DATESTAMP)" > $@ $(XDIR)/gnu-cracker: cracker.c $(XLIB) $(CC) $(CFLAGS) -c elcid.c $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/cracker cracker.c elcid.o $(XLIB) ../crypt/libufc.a $(CC) $(CFLAGS) $(LDFLAGS) -o $(XDIR)/dictfilt dictfilt.c elcid.o $(XLIB) ../crypt/libufc.a - date > $@ + echo "$(DATESTAMP)" > $@ #------------------------------------------------------------------ -- 2.37.2

[signature.asc (application/pgp-signature, inline)]

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 12:42:23 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #1021522 crack: reproducible-builds: date in various binaries

Debian Bug report logs - #1021522
crack: reproducible-builds: date in various binaries