Debian Bug report logs -
#833141
apg: please make the build reproducible (umask)
Reported by: Daniel Shahaf <danielsh@apache.org>
Date: Mon, 1 Aug 2016 11:03:06 UTC
Severity: wishlist
Tags: patch
Found in version apg/2.2.3.dfsg.1-3
Fixed in version apg/2.2.3.dfsg.1-4
Done: Marc Haber <mh+debian-packages@zugschlus.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, danielsh@apache.org, reproducible-builds@lists.alioth.debian.org, Marc Haber <mh+debian-packages@zugschlus.de>:
Bug#833141; Package src:apg.
(Mon, 01 Aug 2016 11:03:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Shahaf <danielsh@apache.org>:
New Bug report received and forwarded. Copy sent to danielsh@apache.org, reproducible-builds@lists.alioth.debian.org, Marc Haber <mh+debian-packages@zugschlus.de>.
(Mon, 01 Aug 2016 11:03:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: apg
Version: 2.2.3.dfsg.1-3
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: umask
Dear Maintainer,
While working on the “reproducible builds” effort [1], we have noticed
that apg could not be built reproducibly.
Following up on #778215, please find enclosed a patch that makes the
permissions of files inside php.tar.gz independent of the umask [2].
Cheers,
Daniel
[1]: https://wiki.debian.org/ReproducibleBuilds
[2]: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/apg.html
[[[
diff --git a/debian/rules b/debian/rules
index e313383..11d92b9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,7 +9,8 @@ override_dh_auto_build:
override_dh_auto_install:
make install INSTALL_PREFIX=$(CURDIR)/debian/apg/usr
mv $(CURDIR)/debian/apg/usr/bin/apg $(CURDIR)/debian/apg/usr/lib/apg/apg
- tar --create --file - --directory $(CURDIR)/php/apgonline/ . | gzip --no-name > php.tar.gz
+ tar --create --file - --directory $(CURDIR)/php/apgonline/ --mode=u=rwX,go=rX . \
+ | gzip --no-name > php.tar.gz
install -D --mode=0644 php.tar.gz $(CURDIR)/debian/apg/usr/share/doc/apg/php.tar.gz
rm php.tar.gz
install -D --mode=0755 $(CURDIR)/debian/apg.wrapper $(CURDIR)/debian/apg/usr/bin/apg
]]]
Information forwarded
to debian-bugs-dist@lists.debian.org, danielsh@apache.org, Marc Haber <mh+debian-packages@zugschlus.de>:
Bug#833141; Package src:apg.
(Mon, 01 Aug 2016 17:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Shahaf <danielsh@apache.org>:
Extra info received and forwarded to list. Copy sent to danielsh@apache.org, Marc Haber <mh+debian-packages@zugschlus.de>.
(Mon, 01 Aug 2016 17:51:05 GMT) (full text, mbox, link).
Message #10 received at 833141@bugs.debian.org (full text, mbox, reply):
Package: src:apg
Followup-For: Bug #833141
Daniel Shahaf wrote on Mon, Aug 01, 2016 at 10:56:05 +0000:
> - tar --create --file - --directory $(CURDIR)/php/apgonline/ . | gzip --no-name > php.tar.gz
> + tar --create --file - --directory $(CURDIR)/php/apgonline/ --mode=u=rwX,go=rX . \
> + | gzip --no-name > php.tar.gz
Reiner noticed that --sort=name is also needed here to account for
varying readdir() order on some platforms. Here's a replacement patch:
[[[
diff --git a/debian/rules b/debian/rules
index e313383..b4f9477 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,7 +9,8 @@ override_dh_auto_build:
override_dh_auto_install:
make install INSTALL_PREFIX=$(CURDIR)/debian/apg/usr
mv $(CURDIR)/debian/apg/usr/bin/apg $(CURDIR)/debian/apg/usr/lib/apg/apg
- tar --create --file - --directory $(CURDIR)/php/apgonline/ . | gzip --no-name > php.tar.gz
+ tar --create --file - --directory $(CURDIR)/php/apgonline/ \
+ --mode=u=rwX,go=rX --sort=name | gzip --no-name > php.tar.gz
install -D --mode=0644 php.tar.gz $(CURDIR)/debian/apg/usr/share/doc/apg/php.tar.gz
rm php.tar.gz
install -D --mode=0755 $(CURDIR)/debian/apg.wrapper $(CURDIR)/debian/apg/usr/bin/apg
]]]
Cheers,
Daniel
Reply sent
to Marc Haber <mh+debian-packages@zugschlus.de>:
You have taken responsibility.
(Fri, 05 Aug 2016 11:00:13 GMT) (full text, mbox, link).
Notification sent
to Daniel Shahaf <danielsh@apache.org>:
Bug acknowledged by developer.
(Fri, 05 Aug 2016 11:00:13 GMT) (full text, mbox, link).
Message #15 received at 833141-close@bugs.debian.org (full text, mbox, reply):
Source: apg
Source-Version: 2.2.3.dfsg.1-4
We believe that the bug you reported is fixed in the latest version of
apg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 833141@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Haber <mh+debian-packages@zugschlus.de> (supplier of updated apg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 05 Aug 2016 12:04:46 +0200
Source: apg
Binary: apg
Architecture: source
Version: 2.2.3.dfsg.1-4
Distribution: unstable
Urgency: low
Maintainer: Marc Haber <mh+debian-packages@zugschlus.de>
Changed-By: Marc Haber <mh+debian-packages@zugschlus.de>
Description:
apg - Automated Password Generator - Standalone version
Closes: 734870 833141
Changes:
apg (2.2.3.dfsg.1-4) unstable; urgency=low
.
* add patch from Steve Langasek to use correct compiler (Closes: #734870)
* add patch from Daniel Shahaf to help reproducible builds (Closes: #833141)
* fix watch file, add dversionmangle
* Standards-Version: 3.9.8 (no changes needed)
Checksums-Sha1:
bd06d7e8999d6022aee62b6beff8e37ca46a5078 1825 apg_2.2.3.dfsg.1-4.dsc
3dd114186a5515344b2983110f6b3b1a2f0e2db2 9252 apg_2.2.3.dfsg.1-4.debian.tar.xz
Checksums-Sha256:
482b1282e7cb7d2804024b136a0bc8edcf5625fc979591e30b7fd802dfa10046 1825 apg_2.2.3.dfsg.1-4.dsc
73d3693939a28d4fb958677294b8382ad440e78ce070bcf3d117f34df2c381f2 9252 apg_2.2.3.dfsg.1-4.debian.tar.xz
Files:
4be73c017ccddc4cf0726f0413a687f4 1825 admin optional apg_2.2.3.dfsg.1-4.dsc
25645d3e31457c19e5a7aed1a6d02ee0 9252 admin optional apg_2.2.3.dfsg.1-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXpGv4AAoJEI93IBMBMgRCmpIQAKVxh6WZVN7UV/ZzbqKpu/Pt
dT3otOdxjHSHBXyqSo0lArinDvWVzlQimgQhOIFqLWz4jDpzlUf1bp26egaDGIgT
43IKBXAj4vaEakDzFNTCeEv+uaUA6RfSZYIZYGwq1psaf9X0syO6uQJlVczEgZ8y
u5XXGnQbLIVzWrnf/1zBB78C5nsKuFE9esZyFdutQVgkT1XRINgND6XSLlO3UPtn
KGsO7mpdEWSFK54LC5fbh3+Xe3XXdXhQ0b6nQBqslB16vYqxEEabfkqpwMAA/Hq1
mgbSM4AXmvTI3D54dDifICXgvdG43Bz50MrCqV8JwDLU8s9ovn1s4FxseH5WevpE
1oYkmCOpdvOzVMw1eTNVxcrwSl4LFeJNyG4ugaYal1HdugP4oGkExtNwabz7zK0V
JpE9nvKwHAsj6MOn+5gaby/FGO9ScMJJOZ/UdRYVuPRaK5wNnIoUt7qsVDWxEHHt
PJjN3jM3GEDDVNACOw/nGSMof4ayi6cOYv5FvVLMk4sgSAPFG3zC7DCfaytdoyyc
anQgmsy+wHmM+ZYYM6QgISsCBPHpeJzKEw4HQ/PZiDKKUo+ZCYh1HM1gZeu7geio
ykqsL+u0PnV7UT9GtbTckFC8J5PqYpzBNtNm/+U9LBeN5NmSW6/gBJMS02IbWpGI
1HS9eTSFtYq9967+nTMD
=qdaM
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 13 Sep 2016 07:29:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 13:50:12 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.