Debian Bug report logs - #829754
bibclean: please make the build reproducible

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Reiner Herrmann <reiner@reiner-h.de>

To: submit@bugs.debian.org

Subject: bibclean: please make the build reproducible

Date: Tue, 5 Jul 2016 21:12:43 +0200

[Message part 1 (text/plain, inline)]

Source: bibclean
Version: 2.11.4.1-4
Severity: wishlist
Tags: patch upstream
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps username hostname
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Hi!

While working on the "reproducible builds" effort [1], we have noticed
that bibclean could not be built reproducibly.
It embeds the username and hostname into the binary, and a timestamp
into a dvi file.

The attached patch this by stripping non-deterministic data and setting
FORCE_SOURCE_DATE, which tells texlive to override the timestamps in the
dvi file with SOURCE_DATE_EPOCH.

Regards,
 Reiner

[1]: https://wiki.debian.org/ReproducibleBuilds

[bibclean.patch (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 829754@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>

To: Reiner Herrmann <reiner@reiner-h.de>, 829754@bugs.debian.org

Subject: Re: Bug#829754: bibclean: please make the build reproducible

Date: Thu, 30 Sep 2021 18:14:13 -0700

[Message part 1 (text/plain, inline)]

On 2016-07-05, Reiner Herrmann wrote:
> Source: bibclean
> Version: 2.11.4.1-4
> Severity: wishlist
> Tags: patch upstream
> User: reproducible-builds@lists.alioth.debian.org
> Usertags: timestamps username hostname
> X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
>
> Hi!
>
> While working on the "reproducible builds" effort [1], we have noticed
> that bibclean could not be built reproducibly.
> It embeds the username and hostname into the binary, and a timestamp
> into a dvi file.
>
> The attached patch this by stripping non-deterministic data and setting
> FORCE_SOURCE_DATE, which tells texlive to override the timestamps in the
> dvi file with SOURCE_DATE_EPOCH.
>
> Regards,
>  Reiner
>
> [1]: https://wiki.debian.org/ReproducibleBuilds

I can confirm this patch still works, although there are build-path
issues it does not resolve (though tests.reproducible-builds.org doesn't
current test build path variations in testing or stable, so applying
this patch would be sufficient to get the package to at least build
reproducibly there.


live well,
  vagrant

> diff --git a/debian/patches/reproducible-build.patch b/debian/patches/reproducible-build.patch
> new file mode 100644
> index 0000000..6d32ce8
> --- /dev/null
> +++ b/debian/patches/reproducible-build.patch
> @@ -0,0 +1,30 @@
> +Author: Reiner Herrmann <reiner@reiner-h.de>
> +Description: Strip non-deterministic data to make build reproducible
> +
> +--- a/option.c
> ++++ b/option.c
> +@@ -567,24 +567,6 @@
> + #if defined(HOST) || defined(USER) || defined(__DATE__) || defined(__TIME__)
> + 	"Compiled",
> + 
> +-#if defined(USER)
> +-	" by <", USER,
> +-
> +-#if defined(HOST)
> +-	"@", HOST,
> +-#endif /* defined(HOST) */
> +-
> +-	">",
> +-#endif /* defined(USER) */
> +-
> +-#if defined(__DATE__)
> +-	" on ", __DATE__,
> +-#endif /* defined(__DATE__) */
> +-
> +-#if defined(__TIME__)
> +-	" ", __TIME__,
> +-#endif /* defined(__TIME__) */
> +-
> + #if defined(HAVE_PATTERNS)
> + 	"\nwith native pattern matching",
> + #endif /* defined(HAVE_PATTERNS) */
> diff --git a/debian/patches/series b/debian/patches/series
> index b4e2b79..4305c2c 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -3,3 +3,4 @@ make.patch
>  source.patch
>  man.patch
>  bibclean.ini.patch
> +reproducible-build.patch
> diff --git a/debian/rules b/debian/rules
> index 23a3ba1..6da74d6 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -9,6 +9,8 @@
>  DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
>  DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
>  
> +export FORCE_SOURCE_DATE=1
> +
>  CFLAGS = -Wall -g
>  ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
>  	CFLAGS += -O0
> _______________________________________________
> Reproducible-builds mailing list
> Reproducible-builds@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

[signature.asc (application/pgp-signature, inline)]

Message #15 received at 829754@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>

To: Reiner Herrmann <reiner@reiner-h.de>, 829754@bugs.debian.org

Subject: Re: Bug#829754: bibclean: please make the build reproducible

Date: Thu, 30 Sep 2021 18:26:14 -0700

[Message part 1 (text/plain, inline)]

On 2021-09-30, Vagrant Cascadian wrote:
> On 2016-07-05, Reiner Herrmann wrote:
>> Source: bibclean
>> Version: 2.11.4.1-4
>> Severity: wishlist
>> Tags: patch upstream
>> User: reproducible-builds@lists.alioth.debian.org
>> Usertags: timestamps username hostname
>> X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
>>
>> Hi!
>>
>> While working on the "reproducible builds" effort [1], we have noticed
>> that bibclean could not be built reproducibly.
>> It embeds the username and hostname into the binary, and a timestamp
>> into a dvi file.
>>
>> The attached patch this by stripping non-deterministic data and setting
>> FORCE_SOURCE_DATE, which tells texlive to override the timestamps in the
>> dvi file with SOURCE_DATE_EPOCH.
>>
>> Regards,
>>  Reiner
>>
>> [1]: https://wiki.debian.org/ReproducibleBuilds
>
> I can confirm this patch still works, although there are build-path
> issues it does not resolve (though tests.reproducible-builds.org doesn't
> current test build path variations in testing or stable, so applying
> this patch would be sufficient to get the package to at least build
> reproducibly there.

Adding this to debian/rules fixes build paths too:

+# Pass option to strip out build paths for reproducible builds
+CFLAGS += -ffile-prefix-map=$(CURDIR)=.

Updated patch attached also including this.

Alternately, switching to using the default buildflags provided by
/usr/share/dpkg/buildflags.mk or calling dpkg-buildflags to set CFLAGS
appropriately would also work.


live well,
  vagrant

[rb.patch (text/x-diff, inline)]

diff --git a/debian/patches/reproducible-build.patch b/debian/patches/reproducible-build.patch
new file mode 100644
index 0000000..6d32ce8
--- /dev/null
+++ b/debian/patches/reproducible-build.patch
@@ -0,0 +1,30 @@
+Author: Reiner Herrmann <reiner@reiner-h.de>
+Description: Strip non-deterministic data to make build reproducible
+
+--- a/option.c
++++ b/option.c
+@@ -567,24 +567,6 @@
+ #if defined(HOST) || defined(USER) || defined(__DATE__) || defined(__TIME__)
+ 	"Compiled",
+ 
+-#if defined(USER)
+-	" by <", USER,
+-
+-#if defined(HOST)
+-	"@", HOST,
+-#endif /* defined(HOST) */
+-
+-	">",
+-#endif /* defined(USER) */
+-
+-#if defined(__DATE__)
+-	" on ", __DATE__,
+-#endif /* defined(__DATE__) */
+-
+-#if defined(__TIME__)
+-	" ", __TIME__,
+-#endif /* defined(__TIME__) */
+-
+ #if defined(HAVE_PATTERNS)
+ 	"\nwith native pattern matching",
+ #endif /* defined(HAVE_PATTERNS) */
diff --git a/debian/patches/series b/debian/patches/series
index b4e2b79..4305c2c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ make.patch
 source.patch
 man.patch
 bibclean.ini.patch
+reproducible-build.patch
diff --git a/debian/rules b/debian/rules
index 23a3ba1..3396a42 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,12 +9,16 @@
 DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
 
+export FORCE_SOURCE_DATE=1
+
 CFLAGS = -Wall -g
 ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
 	CFLAGS += -O0
 else
 	CFLAGS += -O2
 endif
+# Pass option to strip out build paths for reproducible builds
+CFLAGS += -ffile-prefix-map=$(CURDIR)=.
 
 # This target makes sure that timestamps of files are in the
 # right order after dpkg-deb has unpacked the package. It prevents

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 829754@bugs.debian.org (full text, mbox, reply):

From: "Chris Lamb" <lamby@debian.org>

To: 829754@bugs.debian.org, 829754-submitter@bugs.debian.org, 829754@bugs.debian.org, 829754-submitter@bugs.debian.org

Subject: Re: bibclean: please make the build reproducible

Date: Thu, 06 Oct 2022 10:55:22 -0700

[Message part 1 (text/plain, inline)]

tags 829754 + pending patch
tags 929036 + pending patch
thanks

I've just uploaded bibclean 2.11.4.1-4.1 to DELAYED/10:
  
  bibclean (2.11.4.1-4.1) unstable; urgency=medium
  .
    * Non-maintainer upload.
    * Export CFLAGS from dpkg-buildflags(1) and FORCE_SOURCE_DATE to make the
      build reproducible. Based on a patch by Vagrant Cascadian.
      (Closes: #829754)
    * Apply a patch by Helmut Grohne to add support for using a C compiler
      suitable for cross-building. (Closes: #929036)

The full debdiff is attached.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

[bibclean_2.11.4.1-4.1_amd64.debdiff.txt (text/plain, attachment)]

Message #30 received at 829754-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 829754-close@bugs.debian.org

Subject: Bug#829754: fixed in bibclean 2.11.4.1-4.1

Date: Sun, 16 Oct 2022 18:34:28 +0000

Source: bibclean
Source-Version: 2.11.4.1-4.1
Done: Chris Lamb <lamby@debian.org>

We believe that the bug you reported is fixed in the latest version of
bibclean, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 829754@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated bibclean package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 06 Oct 2022 10:42:07 -0700
Source: bibclean
Binary: bibclean bibclean-dbgsym
Architecture: source amd64
Version: 2.11.4.1-4.1
Distribution: unstable
Urgency: medium
Maintainer: Thorsten Alteholz <debian@alteholz.de>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 bibclean   - pretty-printer for BibTeX databases
Closes: 829754 929036
Changes:
 bibclean (2.11.4.1-4.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Export CFLAGS from dpkg-buildflags(1) and FORCE_SOURCE_DATE to make the
     build reproducible. Based on a patch by Vagrant Cascadian.
     (Closes: #829754)
   * Apply a patch by Helmut Grohne to add support for using a C compiler
     suitable for cross-building. (Closes: #929036)
Checksums-Sha1:
 ae8a88b435300af66611b4080add0851f7ba1b18 1837 bibclean_2.11.4.1-4.1.dsc
 1082b912be51c1bf838ebd128937f1c563d7c2ae 663796 bibclean_2.11.4.1.orig.tar.gz
 0adf43aca402ac24fba8f49ab90192285829f32a 37520 bibclean_2.11.4.1-4.1.debian.tar.xz
 5f58a0c4f190ff9f833032078b3faac816ceafd0 77768 bibclean-dbgsym_2.11.4.1-4.1_amd64.deb
 4024e7b5bbcbbbc221a5a99195fbc8760fca9a12 7474 bibclean_2.11.4.1-4.1_amd64.buildinfo
 3630050267299dff18ed3ef2b664a734a71ea0df 144260 bibclean_2.11.4.1-4.1_amd64.deb
Checksums-Sha256:
 4146e01625cddba064f32ea08c29c136191913e37fc435c8b2a1f105782fa1e7 1837 bibclean_2.11.4.1-4.1.dsc
 ac688b1010c30d955f86a926bb28bd5721300aecf864536e502143ab95f15f7c 663796 bibclean_2.11.4.1.orig.tar.gz
 58d0344e739c7bb2c57f8aa28d0854e343417aa4a6e067d6bbefb1661ab85027 37520 bibclean_2.11.4.1-4.1.debian.tar.xz
 14b74819c3eb42ee03b7e2dd12d257f63947bd059c12de6f1b4895ca5a79abdc 77768 bibclean-dbgsym_2.11.4.1-4.1_amd64.deb
 ff4c8e7de3643a7f148c1b9675345235756c9b678a013c594b66fe1921f68654 7474 bibclean_2.11.4.1-4.1_amd64.buildinfo
 1745c2e5a0bdefe4c79562d94f81f0c41cd210e6b852394ad84c543ce0eedea8 144260 bibclean_2.11.4.1-4.1_amd64.deb
Files:
 c3852e2fc992eaa26433773f2863654b 1837 tex optional bibclean_2.11.4.1-4.1.dsc
 af4ebce5ddf0d420374d38e359b27095 663796 tex optional bibclean_2.11.4.1.orig.tar.gz
 365e418c36e56525691a83abc0ff0056 37520 tex optional bibclean_2.11.4.1-4.1.debian.tar.xz
 aabee85dc6bdb84786a493cd46be8e29 77768 debug optional bibclean-dbgsym_2.11.4.1-4.1_amd64.deb
 74c651f945fbe6b75608ba9a92280bac 7474 tex optional bibclean_2.11.4.1-4.1_amd64.buildinfo
 fe336ac684e713d920159dd13f09ca45 144260 tex optional bibclean_2.11.4.1-4.1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmM/FkQACgkQHpU+J9Qx
HliRfw//e0amiocrsC+Uz7aiDZNM5SOtjcQoZ/T6e1oC4UWi677g54p3oCoq17t1
Ywpane//mA11buFqV95427CimQf+APwzO4ovauOi0t/FElSL3GxawdeL+1P+se0d
BgHwCEhqj8jStm9BeHsLVz5S315MAQRsi4P1aMWTV0ApsxF1LFMvZiXCdkfJ9Ojb
W8wODuDKEcAXeP9NfKZyf/hOKhlShdckXAecBB/adyc90ymMRjGpcQ7jWL1nQqTK
zRR6VHqPlJdNNpZJ5HQCHZMzf9EhLx05akVrFptmW+JLKoTYNXLuJPyBfvsrOsPb
1Uf+GjrrvEqzmdmy1K51LOYLICXrKHpH3s/ZdPK+Dzwjes01UiflgrPxiLcbX4bk
3FoIh/i2m7anMRooXGOnovTUcxDk3V4kN7Olt1Pbd69qXCtSO4FeYR+ThoDV+RdL
eJDeEl/NO66Y9LVx9Vq7+43oIaH7ZR7RnAtLQRGyXqNxzEN1FDCRxRmNgzbeTu8V
XiqjHab2x+pWFWK/z1prmmF9lU4ymXdoHJPpapMn5IiSk2dr0HLtMbuZzMF9VPp4
aVQJsyVKBT+Z4rFTGo+JJVjdzuvcH7c9wTaYyrcwbKjn0fVCAlcCRncLZjm4RopN
iw7FZwIQtT+P/ilXYWTa2iJzHspbJb+qvU9z9u5NPqsrj+kGz7U=
=OoaO
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.