Debian Bug report logs - #773916
libical: Ship different constant values accross builds

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jérémy Bobbio <lunar@debian.org>

To: submit@bugs.debian.org

Subject: libical: Ship different constant values accross builds

Date: Thu, 25 Dec 2014 16:46:14 +0100

[Message part 1 (text/plain, inline)]

Package: libical-dev
Version: 1.0-1.1
Severity: critical
User: reproducible-builds@lists.alioth.debian.org
Usertags: randomness

Hi!

While working on the “reproducible builds” effort [1], we have noticed
that libical could not be built reproducibly:
https://jenkins.debian.net/userContent/dbd/libical_1.0-1.1.debbindiff.html

The debbindiff output linked above show that two builds of libical will
output different values for the constant defined in the icalvalue_kind
enum in ical.h and icalderivedvalue.h.

This is bad. It means that any software using these values will break
when libical is updated. After a quick look at the report, this might be
the cause for #766454.

The problem highly likely lies in the following code:
https://sources.debian.net/src/libical/1.0-1.1/scripts/mkderivedvalues.pl/?hl=66:74#L66
Sorting the keys before using them should make the output stable accross
builds. Ideally this should be done in all similar constructs to enable
the package to build reproducibly.

Packages having a Build-Depends on libical-dev should probably be
binNMU'ed once this is fixed. That should be: agenda.app, asterisk,
bluez, cairo-dock-plug-ins, citadel, cyrus-imapd-2.4, evolution,
evolution-data-server, evolution-ews, gnokii, goldencheetah, ical2html,
kdepimlibs, kmymoney, libsynthesis, openchange, orage, osmo,
syncevolution, webcit.

 [1]: https://wiki.debian.org/ReproducibleBuilds

-- 
Lunar                                .''`. 
lunar@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 773916@bugs.debian.org (full text, mbox, reply):

From: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>

To: 773916@bugs.debian.org

Subject: Re: libical: Ship different constant values accross builds

Date: Mon, 29 Dec 2014 20:09:09 +0000

[Message part 1 (text/plain, inline)]

On Thu, 25 Dec 2014 16:46:14 +0100 =?iso-8859-1?B?Suly6W15?= Bobbio
<lunar@debian.org> wrote:
> Package: libical-dev
> Version: 1.0-1.1
> Severity: critical
> User: reproducible-builds@lists.alioth.debian.org
> Usertags: randomness
>
> Hi!
>
> While working on the “reproducible builds” effort [1], we have noticed
> that libical could not be built reproducibly:
> https://jenkins.debian.net/userContent/dbd/libical_1.0-1.1.debbindiff.html
>

Looks like perl script is used to generate the headers.... which is
using unsorted hash, hence random result. Sorting it seems to do the
trick.

If I fail to upload this, please upload it instead of me.

Regards,

Dimitri.

[libical.debdiff (application/octet-stream, attachment)]

Message #17 received at 773916-close@bugs.debian.org (full text, mbox, reply):

From: Dimitri John Ledkov <dimitri.j.ledkov@linux.intel.com>

To: 773916-close@bugs.debian.org

Subject: Bug#773916: fixed in libical 1.0-1.2

Date: Mon, 29 Dec 2014 21:26:01 +0000

Source: libical
Source-Version: 1.0-1.2

We believe that the bug you reported is fixed in the latest version of
libical, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 773916@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dimitri John Ledkov <dimitri.j.ledkov@linux.intel.com> (supplier of updated libical package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 29 Dec 2014 18:42:22 +0000
Source: libical
Binary: libical-dev libical1 libical-dbg
Architecture: amd64 source
Version: 1.0-1.2
Distribution: unstable
Urgency: medium
Maintainer: Fathi Boudra <fabo@debian.org>
Changed-By: Dimitri John Ledkov <dimitri.j.ledkov@linux.intel.com>
Closes: 773916
Description: 
 libical1   - iCalendar library implementation in C (runtime)
 libical-dbg - debugging symbols for libical
 libical-dev - iCalendar library implementation in C (development)
Changes:
 libical (1.0-1.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Sort keys to generate reproducible source code. (Closes: #773916)
Checksums-Sha1: 
 f3508ec583127bd03079e1012b75193269c8b267 205446 libical-dev_1.0-1.2_amd64.deb
 5ac83c9c8acb695c9303fe1cd35f97e2ac5739b5 184536 libical1_1.0-1.2_amd64.deb
 58f62bb8aebecd4b7797b1ac06b62efedaf90f07 383776 libical-dbg_1.0-1.2_amd64.deb
 478f37d881f55e788a402997d79f394fb51955e2 1455 libical_1.0-1.2.dsc
 572db1febc02bc81610a77faa940baa62f45a998 21403 libical_1.0-1.2.debian.tar.gz
Checksums-Sha256: 
 f6e93e65d33d35039b1424ddc1fd6ca196e128dc9c921919ef7fa28944466569 205446 libical-dev_1.0-1.2_amd64.deb
 7a79f9b649f648ade573ccce1ba31cf3abc1541d7aaf044f7cb640d06d857430 184536 libical1_1.0-1.2_amd64.deb
 4dbc45b7521861be4f0c3f86d44125fcf905ad9b4fcd080d9eb065252446b923 383776 libical-dbg_1.0-1.2_amd64.deb
 2457f805bd59bf45caddf94d2cd95dcea2a98b6a1ec5d169d769409035b2c1a5 1455 libical_1.0-1.2.dsc
 3a4e83d9f27b04255b884c9f11b50572d2c7a0845fa1f04dff542aeb1f9bfbcb 21403 libical_1.0-1.2.debian.tar.gz
Files: 
 56f2cef72e3c91d7d1a1645c0e78c9f0 205446 libdevel optional libical-dev_1.0-1.2_amd64.deb
 90543eeb22bb05e76bf77b594dc515b0 184536 libs optional libical1_1.0-1.2_amd64.deb
 b27b7ce7ca503767c187e33a63a8144a 383776 debug extra libical-dbg_1.0-1.2_amd64.deb
 008a8e93b62928356cced9252ebbf34b 1455 libs optional libical_1.0-1.2.dsc
 7d7408c3561001f06275dcff37f08198 21403 libs optional libical_1.0-1.2.debian.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJUobEwAAoJEEM4jufBUcnJtv4IAJgPv5PkM04iVO2LrIkFCOTZ
OswdAONzHFVTRJbzdPkiiPam7WOtAQ2qnM36gcvQLPpk8SwtXlm6evGnCj1y7Boo
dWYs3acm0FTXqNbFAuYvi5IRBWvAJWSEBNNx95P5U7LtdHEN5v1/8wBQaMDe/lxG
qq9EoU5rU3mS2fv3ANM3lupWhCaGnE+u6gK7cXkgQqtrEciOPkcewAqTQ948ces4
DpqumpEFHPTtwyChOO4lbt/ZUTavH4M7Emm/fsim/7JqBzI/YaHjpewXVi6tNQ+L
3ERo3qcrfU7GtW57TJAG+MsLYa1Th6uTIlhRBW0C1BBV7sw3VfHuU049erYXEIA=
=gtHy
-----END PGP SIGNATURE-----

Message #22 received at 773916@bugs.debian.org (full text, mbox, reply):

From: Jérémy Bobbio <lunar@debian.org>

To: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>, 773916@bugs.debian.org

Subject: Re: Bug#773916: libical: Ship different constant values accross builds

Date: Tue, 30 Dec 2014 11:51:13 +0100

[Message part 1 (text/plain, inline)]

Dimitri John Ledkov:
> If I fail to upload this, please upload it instead of me.

Looks like the upload went ok. I am now able to rebuild libical
reproducibly. :)

Please remember to coordinate with the release team for binNUMs and
unblocks.

-- 
Lunar                                .''`. 
lunar@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   

[signature.asc (application/pgp-signature, inline)]

Message #27 received at 773916@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: 773916@bugs.debian.org

Cc: Jérémy Bobbio <lunar@debian.org>, Dimitri John Ledkov <dimitri.j.ledkov@linux.intel.com>

Subject: Re: Bug#773916: libical: Ship different constant values accross builds

Date: Wed, 31 Dec 2014 10:00:14 +0000

On Mon, 29 Dec 2014 at 21:27:16 +0000, Debian Bug Tracking System wrote:
>  libical (1.0-1.2) unstable; urgency=medium
>  .
>    * Non-maintainer upload.
>    * Sort keys to generate reproducible source code. (Closes: #773916)

This is enough to make 1.0 internally consistent; but if the list is going to
get larger (I don't know whether it can, I don't know anything about this
library), then it is not enough to make 1.0 consistent with a subsequent 1.1.

There is really no long-term solution to this other than upstream declaring
that a particular enum ordering is canonical, sticking to it in future,
always adding new entries at the end, and never re-ordering or deleting.
The order in which they appear in the source file might be the best choice
for a canonical order.

    S

Message #32 received at 773916@bugs.debian.org (full text, mbox, reply):

From: Dimitri John Ledkov <dimitri.j.ledkov@linux.intel.com>

To: Simon McVittie <smcv@debian.org>, 773916@bugs.debian.org

Cc: Jérémy Bobbio <lunar@debian.org>

Subject: Re: Bug#773916: libical: Ship different constant values accross builds

Date: Fri, 02 Jan 2015 14:34:27 +0000

[Message part 1 (text/plain, inline)]

On 31/12/14 10:00, Simon McVittie wrote:
> On Mon, 29 Dec 2014 at 21:27:16 +0000, Debian Bug Tracking System wrote:
>>  libical (1.0-1.2) unstable; urgency=medium
>>  .
>>    * Non-maintainer upload.
>>    * Sort keys to generate reproducible source code. (Closes: #773916)
> 
> This is enough to make 1.0 internally consistent; but if the list is going to
> get larger (I don't know whether it can, I don't know anything about this
> library), then it is not enough to make 1.0 consistent with a subsequent 1.1.
> 
> There is really no long-term solution to this other than upstream declaring
> that a particular enum ordering is canonical, sticking to it in future,
> always adding new entries at the end, and never re-ordering or deleting.
> The order in which they appear in the source file might be the best choice
> for a canonical order.
> 

That is true. It's enough for debian though, for now. And one should check abi on subsequent updates.

I haven't checked later releases, but sorting the keys / keeping-things-not-future-proof is what is done elsewhere in the generated code upstream.

It did appear that some other enums have stable values, but I didn't manage to figure it out if those simply are non-generated / static pieces of code.

There are accessors and getters generated for each of the values, and the "NONE" and "LAST" are stable values throughout, thus the abi breakage is subtle.

-- 
Regards,

Dimitri.

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.