Debian Bug report logs - #778232
refpolicy: please make the build reproducible

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>

To: submit@bugs.debian.org

Subject: refpolicy: please make the build reproducible

Date: Thu, 12 Feb 2015 13:47:46 +0000

[Message part 1 (text/plain, inline)]

Source: refpolicy
Version: 2:2.20140421-9
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Hi,

While working on the "reproducible builds" effort [1], we have noticed
that refpolicy could not be built reproducibly.

The attached patch removes timestamps from the build system. Once
applied, refpolicy can be built reproducibly in our current experimental
framework.

 [1]: https://wiki.debian.org/ReproducibleBuilds


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

[patch.refpolicy.diff.txt (text/plain, attachment)]

Message #12 received at 778232-close@bugs.debian.org (full text, mbox, reply):

From: Laurent Bigonville <bigon@debian.org>

To: 778232-close@bugs.debian.org

Subject: Bug#778232: fixed in refpolicy 2:2.20140421-10

Date: Fri, 13 May 2016 22:27:37 +0000

Source: refpolicy
Source-Version: 2:2.20140421-10

We believe that the bug you reported is fixed in the latest version of
refpolicy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 778232@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laurent Bigonville <bigon@debian.org> (supplier of updated refpolicy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 13 May 2016 22:29:59 +0200
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20140421-10
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Changed-By: Laurent Bigonville <bigon@debian.org>
Description:
 selinux-policy-default - Strict and Targeted variants of the SELinux policy
 selinux-policy-dev - Headers from the SELinux reference policy for building modules
 selinux-policy-doc - Documentation for the SELinux reference policy
 selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
 selinux-policy-src - Source of the SELinux reference policy for customization
Closes: 585355 697843 756729 778232 780934 781670 805492 805496
Changes:
 refpolicy (2:2.20140421-10) unstable; urgency=medium
 .
   * Team upload.
   [ Laurent Bigonville ]
   * Fix the maintainer script to support the new policy store from libsemnage
     2.4 (Closes: #805492)
   * debian/gbp.conf: Sign tags by default (Closes: #781670)
   * debian/control: Adjust and cleanup the {build-}dependencies (Closes:
     #805496)
   * debian/control: Bump Standards-Version to 3.9.8 (no further changes)
   * debian/rules: Make the build reproducible (Closes: #778232)
   * Remove deprecated system.users and local.users files
   * debian/control: Update Homepage URL (Closes: #780934)
   * debian/rules: Allow parallel build now that the build system is supporting
     it, see #677689
   * debian/policygentool: Remove string exceptions so the script is Python >=
     2.6 compatible (Closes: #585355)
   * Do not install semanage.read.LOCK, semanage.trans.LOCK and
     file_contexts.local in /etc/selinux/* this is not needed anymore with the
     new policy store.
   * debian/control: Use https for the Vcs-* URL's to please lintian
   * debian/watch: Fix watch file URL now that the project has moved to github
 .
   [ Russell Coker ]
   * Allow init_t to manage init_var_run_t symlinks and self getsched
     to relabel files and dirs to etc_runtime_t for /run/blkid
     to read/write init_var_run_t fifos for /run/initctl
     kernel_rw_unix_sysctls() for setting max_dgram_qlen (and eventually other
     sysctls)
   * Allow restorecond_t and setfiles_t to getattr pstore_t and debugfs_t
     filesystems
   * Allow kernel_t to setattr/getattr/unlink tty_device_t for kdevtmpfs
   * Label /usr/share/bug/.* files as bin_t for reportbug in strict configuration
   * Label /run/tmpfiles.d/kmod.conf as kmod_var_run_t and allow insmod_t to
     create it
   * apache_unlink_var_lib() now includes write access to httpd_var_lib_t:dir
   * Allow apache to read sysctl_vm_t for overcommit_memory Allow
     httpd_sys_script_t to read sysfs_t. allow httpd_t to manage httpd_log_t
     files and directories for mod_pagespeed.
   * Removed bogus .* in mailman file context that was breaking the regex
   * Lots of mailman changes
   * Allow system_mail_t read/write access to crond_tmp_t
   * Allow postfix_pipe_t to write to postfix_public_t sockets
   * Label /usr/share/mdadm/checkarray as bin_t
   * Let systemd_passwd_agent_t, chkpwd_t, and dovecot_auth_t get enforcing
     status
   * Allow systemd_tmpfiles_t to create the cpu_device_t device
   * Allow init_t to manage init_var_run_t links
   * Allow groupadd_t the fsetid capability
   * Allow dpkg_script_t to transition to passwd_t. Label dpkg-statoverride as
     setfiles_exec_t for changing SE Linux context. Allow setfiles_t to read
     dpkg_var_lib_t so dpkg-statoverride can do it's job
   * Allow initrc_t to write to fsadm_log_t for logsave in strict configuration
   * Allow webalizer to read fonts and allow logrotate to manage
     webaliser_usage_t files also allow it to be run by logrotate_t.
   * Allow jabber to read ssl certs and give it full access to it's log files
     Don't audit jabber running ps.
   * Made logging_search_logs() allow reading var_log_t:lnk_file for symlinks
     in log dir
   * Allow webalizer to read usr_t and created webalizer_log_t for it's logs
   * Made logging_log_filetrans and several other logging macros also allow
     reading var_log_t links so a variety of sysadmin symlinks in /var/log
     won't break things
   * Allow postfix_policyd_t to execute bin_t, read urandom, and capability
     chown.
     New type postfix_policyd_tmp_t
   * Added user_udp_server boolean
   * Allow apt_t to manage dirs of type apt_var_cache_t
   * Allow jabber to connect to the jabber_interserver_port_t TCP port
     Closes: #697843
   * Allow xm_t to create xen_lock_t files for creating the first Xen DomU
   * Allow init_t to manage init_var_run_t for service file symlinks
   * Add init_telinit(dpkg_script_t) for upgrading systemd
   * Allow dpkg_script_t the setfcap capability for systemd postinst.
   * Add domain_getattr_all_domains(init_t) for upgrading strict mode systems
   * Allow *_systemctl_t domains read initrc_var_run_t (/run/utmp), read proc_t,
     and have capability net_admin.  Allow logrotate_systemctl_t to manage all
     services.
   * Give init_t the audit_read capability for systemd
   * Allow iodined_t access to netlink_route_socket.
   * add init_read_state(systemd_cgroups_t) and
     init_read_state(systemd_tmpfiles_t) for /proc/1/environ
   * Label /etc/openvpn/openvpn-status.log as openvpn_status_t as it seems to
     be some
     sort of default location. /var/log is a better directory for this
   * Allow syslogd_t to write to a netlink_audit_socket for systemd-journal
   * Allow mandb_t to get filesystem attributes
   * Allow syslogd to rename and unlink init_var_run_t files for systemd
     temporary files
   * Allow ntpd_t to delete files for peerstats and loopstats
   * Add correct file labels for squid3 and tunable for squid pinger raw net
     access (default true)
   * Allow qemu_t to read crypto sysctls, rw xenfs files, and connect to
     xenstored unix sockets
   * Allow qemu_t to read sysfs files for cpu online
   * Allow qemu to append xend_var_log_t for /var/log/xen/qemu-dm-*
   * Allow xm_t (xl program) to create and rename xend_var_log_t files, read
     kernel images, execute qemu, and inherit fds from sshd etc.
   * Allow xm_t and iptables_t to manage udev_var_run_t to communicate via
     /run/xen-hotplug/iptables for when vif-bridge runs iptables
   * Allow xm_t to write to xen_lock_t files not var_lock_t
   * Allow xm_t to load kernel modules
   * Allow xm_t to signal qemu_t, talk to it by unix domain sockets, and unlink
     it's sockets
   * dontaudit xm_t searching home dir content
   * Label /run/xen as xend_var_run_t and allow qemu_t to create sock_files in
     xend_var_run_t directory
   * Label /var/lock/xl as xen_lock_t
   * allow unconfined_t to execute xl/xm in xm_t domain.
   * Allow system_cronjob_t to configure all systemd services (restart all
     daemons)
   * Allow dpkg_script_t and unconfined_t to manage systemd service files of
     type null_device_t (symlinks to /dev/null)
   * Label /var/run/lwresd/lwresd.pid as named_var_run_t
   * Label /run/xen/qmp* as qemu_var_run_t
   * Also label squid3.pid
   * Allow iptables_t to be in unconfined_r (for Xen)
   * Allow udev_t to restart systemd services
     Closes: #756729
   * Merge Laurent's changes with mine
Checksums-Sha1:
 6274875f7fdd38d056f1e86a03017fb3549560df 2089 refpolicy_2.20140421-10.dsc
 4c4f27df1524bbf2a9db69ba250cb945f8a5f479 90016 refpolicy_2.20140421-10.debian.tar.xz
 433730c9090b856c1d6dfaaac32e7604717f893e 2821672 selinux-policy-default_2.20140421-10_all.deb
 029ed851edd6d45c11b9fab474f701cfac435959 443666 selinux-policy-dev_2.20140421-10_all.deb
 82df1c4e0a456118dcb670f881b0b2347e93530e 423478 selinux-policy-doc_2.20140421-10_all.deb
 ada7d89622cb470fce3dd6f5e0bc5da63a21fd3b 2871900 selinux-policy-mls_2.20140421-10_all.deb
 8b8a042e4f7d5e2af769a2bd7318b9dc3828c4c2 1183880 selinux-policy-src_2.20140421-10_all.deb
Checksums-Sha256:
 0b83e4e05e8c672b86e928128071727cd152d580b721817ce1a883bb92f85cd6 2089 refpolicy_2.20140421-10.dsc
 e07227169bf110bc045b977dd545a6a84864e431c745696102907b571188036b 90016 refpolicy_2.20140421-10.debian.tar.xz
 274656801d596f8ff71c6745a36c56867f0c9e7f9f3d0e2cea98bb12dec0baea 2821672 selinux-policy-default_2.20140421-10_all.deb
 7a8dbdd541378bdf0c6a66f6d27393a64d1de573672dee5feb8fb053b8b5bec6 443666 selinux-policy-dev_2.20140421-10_all.deb
 987384487836b46863ed20c30864a4b1600af836b762ad3f6489da4c04168a40 423478 selinux-policy-doc_2.20140421-10_all.deb
 ecd9622ede56aabb40370a0bd01d151f5ec09e06a7259783428793fb9847fde4 2871900 selinux-policy-mls_2.20140421-10_all.deb
 1b9c76e0e3521a51698bc5d299ad385cc5b94074e7c477c25a7b3ce4f1f2f276 1183880 selinux-policy-src_2.20140421-10_all.deb
Files:
 cd12eda70b44ee8d827288a8f037c90d 2089 admin optional refpolicy_2.20140421-10.dsc
 daa9bad41935fa9966514a77207ae47e 90016 admin optional refpolicy_2.20140421-10.debian.tar.xz
 26a6719a2e8035f1df277de7da5960a4 2821672 admin optional selinux-policy-default_2.20140421-10_all.deb
 c65f722a18d0225b2e70428a2343fbce 443666 admin optional selinux-policy-dev_2.20140421-10_all.deb
 c75fdf3e201c0fbc03f97c91fb24f679 423478 doc optional selinux-policy-doc_2.20140421-10_all.deb
 6fc180e9a11b5994f09a24b515b973dc 2871900 admin extra selinux-policy-mls_2.20140421-10_all.deb
 744b4acc08ea65d4f9083102e86fb8d3 1183880 admin optional selinux-policy-src_2.20140421-10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJXNj1bAAoJEB/FiR66sEPVcGEH/15Pp3PP25YP8g/3KJks5/xG
9CCAfqY0NNMXbonrJVALIRdMn8RJ/9ILP7VqretxuE3WW8hWJ3rgkDwuEJoY/IRt
Wayx6knfJuxz0fuLVmHiKfMt2S2lp4AF5zPpan2bn1VgHYwkGfx3w7orm5TaG2OM
I6p4tLVR9ZArdFObVysOOypg4mzeGzoz1VIjVqgHvnml9kZ7ItfsQ0vWh2GMdl0V
/nbaXG7nLBQA4gR6o8CxS4wZdrBfUkv7WbR8UioYggr5NSytrSpzZd4+C6+nUtnu
ErOp7pSeIudQ08v6yCyEuERQHg4w3lI32mKYIQLiE39pQRk73fT4NHCCgV5QxLU=
=AnqX
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.