Debian Bug report logs -
#1030057
refpolicy: reproducible builds: tarball embeds user/group/uid/gid of build user
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>:
Bug#1030057; Package src:refpolicy.
(Mon, 30 Jan 2023 20:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>.
(Mon, 30 Jan 2023 20:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: refpolicy
Version: 2:2.20221101-4
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: username
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
The source tarball /usr/src/selinux-policy-src.tar.zst embeds the
username, userid, groupname and groupid of the build user:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/refpolicy.html
drwxr-xr-x···0·pbuilder1··(1111)·pbuilder1··(1111)········0·2023-01-29·04:07:05.000000·selinux-policy-src/
vs.
drwxr-xr-x···0·pbuilder2··(2222)·pbuilder2··(2222)········0·2023-01-29·04:07:05.000000·selinux-policy-src/
The attached patch fixes this by passing arguments to tar in
debian/rules to ensure consistent user, group, uid and gid in the
generated tarball.
Historically, most versions of refpolicy did not have this issue, so
this appears to be a recent regression (possibly triggered by a switch
to "rules-requires-root: no"?):
https://tests.reproducible-builds.org/debian/history/refpolicy.html
According to my local tests, with this patch applied refpolicy should
become reproducible on tests.reproducible-builds.org!
Thanks for maintaining refpolicy!
live well,
vagrant
[0001-debian-rules-Pass-arguments-to-tar-to-use-a-consiste.patch (text/x-diff, inline)]
From 7b691da36a702d912cfd647f50cdeed5ca7bd0c6 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Mon, 30 Jan 2023 19:49:41 +0000
Subject: [PATCH] debian/rules: Pass arguments to tar to use a consistent uid
and gid.
Otherwise the user name, user id, group name and group id are recorded
in selinux-policy-src.tar.zst shipped in the package.
https://reproducible-builds.org/docs/archives/
---
debian/rules | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/rules b/debian/rules
index 32d70d6..d7feee3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -166,6 +166,6 @@ install-src: conf-src
rm -rf selinux-policy-src/support/__pycache__/; \
find selinux-policy-src -type f -print0 | xargs -0r chmod 0644; \
find selinux-policy-src -type d -print0 | xargs -0r chmod 0755; \
- TZ=UTC tar cf - --sort=name --mtime="$(BUILD_DATE)" selinux-policy-src | zstd -9 > $(CURDIR)/debian/tmp/usr/src/selinux-policy-src.tar.zst)
+ TZ=UTC tar cf - --sort=name --mtime="$(BUILD_DATE)" --owner=0 --group=0 --numeric-owner selinux-policy-src | zstd -9 > $(CURDIR)/debian/tmp/usr/src/selinux-policy-src.tar.zst)
rm -rf $(CURDIR)/debian/tmp/etc/selinux/default/src/
touch $@
--
2.30.2
[signature.asc (application/pgp-signature, inline)]
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 10:59:29 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.