Debian Bug report logs - #1033958
binutils: reproducible builds: files in source tarball in arbitrary order

version graph

Package: src:binutils; Maintainer for src:binutils is Matthias Klose <doko@debian.org>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Tue, 4 Apr 2023 23:42:02 UTC

Severity: normal

Tags: patch

Found in version binutils/2.40-2

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Matthias Klose <doko@debian.org>:
Bug#1033958; Package src:binutils. (Tue, 04 Apr 2023 23:42:04 GMT) (full text, mbox, link).

Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Matthias Klose <doko@debian.org>. (Tue, 04 Apr 2023 23:42:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: binutils: reproducible builds: files in source tarball in arbitrary order
Date: Tue, 04 Apr 2023 16:39:46 -0700
[Message part 1 (text/plain, inline)]
Source: binutils
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: randomness
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The files in the binutils tarball appear to be in arbitrary order,
possibly affected by locale or filesystem differences:

  https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/armhf/diffoscope-results/binutils.html

  /usr/src/binutils/binutils-2.40.tar.xz

  e.g. the first file in the bfd directory listed in these two builds are:

  hrw-r--r--···0········0········0········0·2023-01-14·00:00:00.000000·binutils-2.40/bfd/elf32-m68hc1x.h
  vs.
  hrw-r--r--···0········0········0········0·2023-01-14·00:00:00.000000·binutils-2.40/bfd/elf32-score7.c


The attached patch to debian/rules fixes this by passing the --sort=name
argument to tar.


Unfortunately, this patch alone does not solve all reproducibility
issues with binutils, but applying this patch should significantly reduce
the differences, making it easier to debug remaining issues.


Thanks for maintaining binutils!


live well,
  vagrant

[0001-debian-rules-Pass-argument-to-tar-to-sort-the-files-.patch (text/x-diff, inline)]
From 6dce3b6b223419c31fb1aaa59b658652b0fe953d Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Tue, 4 Apr 2023 16:10:53 -0700
Subject: [PATCH 1/2] debian/rules: Pass argument to tar to sort the files in
 the binutils source tarball.

Locale or filesystem differences may result in the generated tarball
embedding files in arbitrary order.

https://reproducible-builds.org/docs/archives/
https://tests.reproducible-builds.org/debian/issues/unstable/random_order_in_tarball_issue.html
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 0a3ff6ec..a697df43 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1484,7 +1484,7 @@ endif # ifndef BACKPORT
 		xargs -0r touch --no-dereference --date='$(BUILD_DATE)' && \
 		find $(source_files) -type f -print0 | LC_ALL=C sort -z | \
 		XZ_OPT=-9 tar --null -T - -c --xz --mode=go=rX,u+rw,a-s \
-		--owner=0 --group=0 --numeric-owner \
+		--owner=0 --group=0 --numeric-owner --sort=name \
 		--xform='s=^[^/]*\/=binutils-$(VERSION)/=' \
 		-f $(pwd)/$(d_src)/$(PF)/src/binutils/binutils-$(VERSION).tar.xz \
 		$(source_files)
-- 
2.39.2


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@debian.org>:
Bug#1033958; Package src:binutils. (Sun, 14 May 2023 22:00:06 GMT) (full text, mbox, link).

Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Extra info received and forwarded to list. Copy sent to Matthias Klose <doko@debian.org>. (Sun, 14 May 2023 22:00:06 GMT) (full text, mbox, link).

Message #10 received at 1033958@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: 1033959@bugs.debian.org, 1033958@bugs.debian.org
Subject: binutils: reproducible builds: build paths/tarball sort order
Date: Sun, 14 May 2023 14:56:46 -0700
Control: found 1033959 2.40-2
Control: found 1033958 2.40-2

Marking issues with versions in which it is still present.

live well,
  vagrant

Marked as found in versions binutils/2.40-2. Request was from Vagrant Cascadian <vagrant@reproducible-builds.org> to 1033958-submit@bugs.debian.org. (Sun, 14 May 2023 22:00:06 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 09:21:56 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.