Debian Bug report logs - #722166
bobcat: Please do not write timestamps in gzip files

version graph

Package: bobcat; Maintainer for bobcat is Frank B. Brokken <f.b.brokken@rug.nl>;

Reported by: Jérémy Bobbio <lunar@debian.org>

Date: Sun, 8 Sep 2013 17:33:02 UTC

Severity: wishlist

Tags: patch

Found in version 3.15.00-1

Fixed in version bobcat/3.15.00-2

Done: tony mancill <tmancill@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Frank B. Brokken <f.b.brokken@rug.nl>:
Bug#722166; Package bobcat. (Sun, 08 Sep 2013 17:33:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jérémy Bobbio <lunar@debian.org>:
New Bug report received and forwarded. Copy sent to Frank B. Brokken <f.b.brokken@rug.nl>. (Sun, 08 Sep 2013 17:33:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jérémy Bobbio <lunar@debian.org>
To: submit@bugs.debian.org
Subject: bobcat: Please do not write timestamps in gzip files
Date: Sun, 8 Sep 2013 19:30:41 +0200
[Message part 1 (text/plain, inline)]
Package: bobcat
Version: 3.15.00-1
Severity: wishlist

Hi!

In the effort of making Debian binary package build reproducible [1], I
have noticed that your package currently ship gz compressed files with a
timestamp.

Adding the `-n` or `--no-name` flag to the various calls to `gzip` made
in `icmake/install` would happily solve the problem.

[1] http://wiki.debian.org/ReproducibleBuilds

Thanks,
-- 
Lunar                                .''`. 
lunar@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Frank B. Brokken <f.b.brokken@rug.nl>:
Bug#722166; Package bobcat. (Sun, 08 Sep 2013 17:45:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to tony mancill <tmancill@debian.org>:
Extra info received and forwarded to list. Copy sent to Frank B. Brokken <f.b.brokken@rug.nl>. (Sun, 08 Sep 2013 17:45:08 GMT) Full text and rfc822 format available.

Message #10 received at 722166@bugs.debian.org (full text, mbox):

From: tony mancill <tmancill@debian.org>
To: Jérémy Bobbio <lunar@debian.org>, 722166@bugs.debian.org
Subject: Re: Bug#722166: bobcat: Please do not write timestamps in gzip files
Date: Sun, 08 Sep 2013 10:41:03 -0700
[Message part 1 (text/plain, inline)]
On 09/08/2013 10:30 AM, Jérémy Bobbio wrote:
> Package: bobcat
> Version: 3.15.00-1
> Severity: wishlist
> 
> Hi!
> 
> In the effort of making Debian binary package build reproducible [1], I
> have noticed that your package currently ship gz compressed files with a
> timestamp.
> 
> Adding the `-n` or `--no-name` flag to the various calls to `gzip` made
> in `icmake/install` would happily solve the problem.
> 
> [1] http://wiki.debian.org/ReproducibleBuilds
> 
> Thanks,

Hi Jeremy,

Thanks for the suggestion and for looking into the cause of the issue
with the bobcat build.  I'm suspect that Frank, the upstream developer,
will be willing to address this in a future upstream release.

Cheers,
tony


[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Frank B. Brokken <f.b.brokken@rug.nl>:
Bug#722166; Package bobcat. (Sun, 08 Sep 2013 18:33:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jérémy Bobbio <lunar@debian.org>:
Extra info received and forwarded to list. Copy sent to Frank B. Brokken <f.b.brokken@rug.nl>. (Sun, 08 Sep 2013 18:33:10 GMT) Full text and rfc822 format available.

Message #15 received at 722166@bugs.debian.org (full text, mbox):

From: Jérémy Bobbio <lunar@debian.org>
To: 722166@bugs.debian.org
Subject: Re: Bug#722166: bobcat: Please do not write timestamps in gzip files
Date: Sun, 8 Sep 2013 20:29:11 +0200
[Message part 1 (text/plain, inline)]
Control: tags -1 + patch

tony mancill:
> Thanks for the suggestion and for looking into the cause of the issue
> with the bobcat build.  I'm suspect that Frank, the upstream developer,
> will be willing to address this in a future upstream release.

Great! Attached is a patch that indeed did the trick. :)

-- 
Lunar                                .''`. 
lunar@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
[gzip_n.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from Jérémy Bobbio <lunar@debian.org> to 722166-submit@bugs.debian.org. (Sun, 08 Sep 2013 18:33:10 GMT) Full text and rfc822 format available.

Reply sent to tony mancill <tmancill@debian.org>:
You have taken responsibility. (Mon, 09 Sep 2013 04:51:05 GMT) Full text and rfc822 format available.

Notification sent to Jérémy Bobbio <lunar@debian.org>:
Bug acknowledged by developer. (Mon, 09 Sep 2013 04:51:05 GMT) Full text and rfc822 format available.

Message #22 received at 722166-close@bugs.debian.org (full text, mbox):

From: tony mancill <tmancill@debian.org>
To: 722166-close@bugs.debian.org
Subject: Bug#722166: fixed in bobcat 3.15.00-2
Date: Mon, 09 Sep 2013 04:48:02 +0000
Source: bobcat
Source-Version: 3.15.00-2

We believe that the bug you reported is fixed in the latest version of
bobcat, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 722166@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill <tmancill@debian.org> (supplier of updated bobcat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 08 Sep 2013 19:59:11 -0700
Source: bobcat
Binary: libbobcat3 libbobcat-dev
Architecture: source amd64
Version: 3.15.00-2
Distribution: unstable
Urgency: low
Maintainer: Frank B. Brokken <f.b.brokken@rug.nl>
Changed-By: tony mancill <tmancill@debian.org>
Description: 
 libbobcat-dev - headers and documentation for the Bobcat library
 libbobcat3 - run-time (shared) Bobcat library
Closes: 722166
Changes: 
 bobcat (3.15.00-2) unstable; urgency=low
 .
   * Add patch to no longer timestamp .gz files.  (Closes: #722166)
     - This allows for reproducible builds.  Thanks to Jeremy Bobbio.
Checksums-Sha1: 
 77a1b9ee33791bdb5b05f6e4551e8c1aede7b978 2124 bobcat_3.15.00-2.dsc
 76c4c313e52941b09b7a569a500437a1aea6873c 13005 bobcat_3.15.00-2.debian.tar.gz
 55621a2e618332b9ab87d3462fcbb2eec5afd0fe 226052 libbobcat3_3.15.00-2_amd64.deb
 305cf74988157135e3808fce75d1b2db6a459f67 1205208 libbobcat-dev_3.15.00-2_amd64.deb
Checksums-Sha256: 
 e945c5b28a9073fb230c74a5bd7faac345cabe946616637849ccdba5f21a9ba1 2124 bobcat_3.15.00-2.dsc
 1cb516080c485efc0047c26641251b29c689aecfb99fd757aaa401173a4a8bfb 13005 bobcat_3.15.00-2.debian.tar.gz
 3d9c24664e4e0a90348e5a4480044c5be9e38ae7a87c17ce1fae3f763ad62485 226052 libbobcat3_3.15.00-2_amd64.deb
 1a05dcbcf021a981dd972ece98d10e1cc107c2b8e41a1cc5768a2989ea3c7cf7 1205208 libbobcat-dev_3.15.00-2_amd64.deb
Files: 
 5328edfa90a1012534ae6b8ada8e3352 2124 libs optional bobcat_3.15.00-2.dsc
 25d7a6797dd0fd9873a6928d6183d34a 13005 libs optional bobcat_3.15.00-2.debian.tar.gz
 c1526eed720606f8edd67e2bc38f8afb 226052 libs optional libbobcat3_3.15.00-2_amd64.deb
 8502a476dc4affd166b6698359434d1e 1205208 libdevel optional libbobcat-dev_3.15.00-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSLVFHAAoJECHSBYmXSz6Wsv0QALW40NeeqlWgGdvsiSbaf3Y2
3GS4RQRThJ7dJ/OGzaXU6sPpv2CqQBwMP8vZXHAGi6ZKIVC6EahRt6Zyb0P82if4
3jIpR10WWTHXBiLv4xDf2dGKVq8+68bljZ1HdY22KwBGrnpO+HYusGAU0hXqaD65
Vg3AuUTXbFW0zMufj2/IYBBrxRjqFnFw1Ubik8i+dzTJ/WgOJsd0VaL5YSg/R9Fs
+7yRH3aJUCYS1LkmloWA3fXNn3538jL2TQtHsSCqHAEcxXvCj8BAHwpP4AA4APMY
jGixTwVVXmxdVnpbx+Vu8nb46VMZwp1v6t8+C9qRHPjg8KlESEZjOBpDqEVHG2px
bk3ujiMzmkDdfCoXasBRHWlTvJhkyA/ooWMjKZTfBm2sYDiQ6A4RGc+I42O+hsCR
EcGUMwsfX2Jt/CNmIt5a3JV135udWvwcrTNa8BWiLj4LFvDTUEwGfI+bmzAXSHkc
U9lI+Pof8GbxWLZPC7noQuJhu/b8OkVAI7MHj7khT8/xfF8saZ1kRsZ8MXQcUj73
KspVKxgxDXgSVuGMtJV+ELfpg3I+46VImGuFqXazvVdicuD/MqhYp1dOGhivQEHL
hjCnOXSYKrmMWgliJj0xSe25nZPVYwHboeZQ2chp7ICeSIdICuLQVVV1H/8+rrN/
3tZnjTnUS8IjDp8aCO3P
=wV1j
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Frank B. Brokken <f.b.brokken@rug.nl>:
Bug#722166; Package bobcat. (Mon, 09 Sep 2013 06:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to f.b.brokken@rug.nl:
Extra info received and forwarded to list. Copy sent to Frank B. Brokken <f.b.brokken@rug.nl>. (Mon, 09 Sep 2013 06:24:04 GMT) Full text and rfc822 format available.

Message #27 received at 722166@bugs.debian.org (full text, mbox):

From: "Frank B. Brokken" <f.b.brokken@rug.nl>
To: 722166@bugs.debian.org
Cc: lunar@debian.org, Tony Mancill <tony@mancill.com>
Subject: Re: Bug#722166: bobcat: Please do not write timestamps in gzip files
Date: Mon, 9 Sep 2013 08:17:05 +0200
Dear J??r??my Bobbio, you wrote:
> Control: tags -1 + patch
> 
> tony mancill:
> > Thanks for the suggestion and for looking into the cause of the issue
> > with the bobcat build.  I'm suspect that Frank, the upstream developer,
> > will be willing to address this in a future upstream release.

Of course I am. Could somebody please enlighten me what the problem actually
is? This is the first time in my l-o-o-o-o-ng life that I learn about a thing
called a `timestamp of a gzip file' and that it may cause problems.

I'll adapt the upstream sources later this week.

Cheers,

-- 
    Frank B. Brokken
    Center for Information Technology, University of Groningen
    (+31) 50 363 9281 
    Public PGP key: http://pgp.surfnet.nl
    Key Fingerprint: DF32 13DE B156 7732 E65E  3B4D 7DB2 A8BE EAE4 D8AA



Information forwarded to debian-bugs-dist@lists.debian.org, Frank B. Brokken <f.b.brokken@rug.nl>:
Bug#722166; Package bobcat. (Mon, 09 Sep 2013 06:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jérémy Bobbio <lunar@debian.org>:
Extra info received and forwarded to list. Copy sent to Frank B. Brokken <f.b.brokken@rug.nl>. (Mon, 09 Sep 2013 06:48:04 GMT) Full text and rfc822 format available.

Message #32 received at 722166@bugs.debian.org (full text, mbox):

From: Jérémy Bobbio <lunar@debian.org>
To: "Frank B. Brokken" <f.b.brokken@rug.nl>
Cc: 722166@bugs.debian.org, Tony Mancill <tony@mancill.com>
Subject: Re: Bug#722166: bobcat: Please do not write timestamps in gzip files
Date: Mon, 9 Sep 2013 08:44:40 +0200
[Message part 1 (text/plain, inline)]
Hi Frank,

Frank B. Brokken:
> Of course I am. Could somebody please enlighten me what the problem actually
> is? This is the first time in my l-o-o-o-o-ng life that I learn about a thing
> called a `timestamp of a gzip file' and that it may cause problems.

In Debian context, it currently can pause problem for multiarch:
<http://lintian.debian.org/tags/gzip-file-is-not-multi-arch-same-safe.html>

Some people are also working on having byte-by-byte reproducible
builds [1]. This adds a way to verify that a given source produces the
same binary. When done by multiple independent people, this would give
Debian some resistance against targatted attacks on its developers.

For the latter to work, we need to eliminate any variations coming from
external factors, like timestamps.

[1] http://wiki.debian.org/ReproducibleBuilds

Hope that helps,
-- 
Lunar                                .''`. 
lunar@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Frank B. Brokken <f.b.brokken@rug.nl>:
Bug#722166; Package bobcat. (Mon, 09 Sep 2013 06:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to f.b.brokken@rug.nl:
Extra info received and forwarded to list. Copy sent to Frank B. Brokken <f.b.brokken@rug.nl>. (Mon, 09 Sep 2013 06:51:04 GMT) Full text and rfc822 format available.

Message #37 received at 722166@bugs.debian.org (full text, mbox):

From: "Frank B. Brokken" <f.b.brokken@rug.nl>
To: 722166@bugs.debian.org, Tony Mancill <tony@mancill.com>
Subject: Re: Bug#722166: bobcat: Please do not write timestamps in gzip files
Date: Mon, 9 Sep 2013 08:47:49 +0200
Dear J?r?my Bobbio, you wrote:
> ...
> For the latter to work, we need to eliminate any variations coming from
> external factors, like timestamps.
> 
> Hope that helps,

Absolutely,

Thanks for the speedy clarification!

Cheers,

-- 
    Frank B. Brokken
    Center for Information Technology, University of Groningen
    (+31) 50 363 9281 
    Public PGP key: http://pgp.surfnet.nl
    Key Fingerprint: DF32 13DE B156 7732 E65E  3B4D 7DB2 A8BE EAE4 D8AA



Information forwarded to debian-bugs-dist@lists.debian.org, Frank B. Brokken <f.b.brokken@rug.nl>:
Bug#722166; Package bobcat. (Mon, 09 Sep 2013 15:30:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to tony <tony@mancill.com>:
Extra info received and forwarded to list. Copy sent to Frank B. Brokken <f.b.brokken@rug.nl>. (Mon, 09 Sep 2013 15:30:14 GMT) Full text and rfc822 format available.

Message #42 received at 722166@bugs.debian.org (full text, mbox):

From: tony <tony@mancill.com>
To: "Frank B. Brokken" <f.b.brokken@rug.nl>
Cc: 722166@bugs.debian.org
Subject: Re: Bug#722166: bobcat: Please do not write timestamps in gzip files
Date: Mon, 9 Sep 2013 08:27:07 -0700
On Mon, Sep 09, 2013 at 08:47:49AM +0200, Frank B. Brokken wrote:
> Dear J?r?my Bobbio, you wrote:
> > ...
> > For the latter to work, we need to eliminate any variations coming from
> > external factors, like timestamps.
> > 
> > Hope that helps,
> 
> Absolutely,
> 
> Thanks for the speedy clarification!
> 
> Cheers,

Hi Frank,

There is a ready-to-go patch against icmake/install in the debian/patches/
folder on Alioth.  I went ahead and uploaded an updated Debian version last
night, so there's no need for you to do a new upstream release just for this
change, but please do include it with the next regularly scheduled upstream
release.

Cheers,
tony




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 Nov 2013 07:30:19 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 05:19:17 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.