Debian Bug report logs - #845475
apktool: please make the build reproducible

version graph

Package: src:apktool; Maintainer for src:apktool is Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>;

Reported by: Chris Lamb <lamby@debian.org>

Date: Wed, 23 Nov 2016 20:03:02 UTC

Severity: wishlist

Tags: patch

Found in version apktool/2.2.1+dfsg-1

Fixed in version apktool/2.2.1+dfsg-2

Done: Markus Koschany <apo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>:
Bug#845475; Package src:apktool. (Wed, 23 Nov 2016 20:03:04 GMT) (full text, mbox, link).

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>. (Wed, 23 Nov 2016 20:03:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>
To: submit@bugs.debian.org
Subject: apktool: please make the build reproducible
Date: Wed, 23 Nov 2016 20:59:34 +0100
[Message part 1 (text/plain, inline)]
Source: apktool
Version: 2.2.1+dfsg-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed
that apktool could not be built reproducibly.

This is due to the build system using the build path to determine
it's version, resulting in different filenames in the binary .deb.
For example, with the package built in "/build/apktool-2.2.1+dfsg/"
it would generate:

    /usr/share/apktool/apktool-2.2.1+dfsg.jar

However, if the build directory is "/build/apktool-2.2.1+dfsg/foo",
the same .jar appears at:

    /usr/share/apktool/foo.jar

Patch attached.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

[apktool.diff.txt (text/plain, attachment)]

Message sent on to Chris Lamb <lamby@debian.org>:
Bug#845475. (Mon, 28 Nov 2016 15:51:15 GMT) (full text, mbox, link).

Message #8 received at 845475-submitter@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>
To: 845475-submitter@bugs.debian.org
Subject: Re: apktool: please make the build reproducible
Date: Mon, 28 Nov 2016 16:46:49 +0100
[Message part 1 (text/plain, inline)]
Control: tags -1 pending

On Wed, 23 Nov 2016 20:59:34 +0100 Chris Lamb <lamby@debian.org> wrote:
> Source: apktool
> Version: 2.2.1+dfsg-1
> Severity: wishlist
> Tags: patch
> User: reproducible-builds@lists.alioth.debian.org
> Usertags: buildpath
> X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
> 
> Hi,
> 
> Whilst working on the Reproducible Builds effort [0], we noticed
> that apktool could not be built reproducibly.
> 
> This is due to the build system using the build path to determine
> it's version, resulting in different filenames in the binary .deb.
> For example, with the package built in "/build/apktool-2.2.1+dfsg/"
> it would generate:
> 
>     /usr/share/apktool/apktool-2.2.1+dfsg.jar
> 
> However, if the build directory is "/build/apktool-2.2.1+dfsg/foo",
> the same .jar appears at:
> 
>     /usr/share/apktool/foo.jar
> 
> Patch attached.

Hi Chris,

thanks for the report. Unfortunately your patch won't work because it
only moves the first jar file. But there are multiple jar files which
all need to be installed into /usr/share/apktool.

I have changed my approach and now I use the install file for this task.
I hope this is sufficient. If not, please reopen the bug report.

Regards,

Markus





[signature.asc (application/pgp-signature, attachment)]

Added tag(s) pending. Request was from Markus Koschany <apo@debian.org> to 845475-submitter@bugs.debian.org. (Mon, 28 Nov 2016 15:51:15 GMT) (full text, mbox, link).

Information stored :
Bug#845475; Package src:apktool. (Mon, 28 Nov 2016 16:00:14 GMT) (full text, mbox, link).

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
Extra info received and filed, but not forwarded. (Mon, 28 Nov 2016 16:00:14 GMT) (full text, mbox, link).

Message #15 received at 845475-quiet@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>
To: Markus Koschany <apo@debian.org>, 845475-quiet@bugs.debian.org, 845475-submitter@bugs.debian.org
Subject: Re: Bug#845475: apktool: please make the build reproducible
Date: Mon, 28 Nov 2016 16:58:23 +0100
Hi Markus,

> thanks for the report. Unfortunately your patch won't work because it
> only moves the first jar file. But there are multiple jar files which
> all need to be installed into /usr/share/apktool.

Curious! IIRC I only saw one jar file in my builds, hence the explicit
-quit in the call to find(1).  I defer to you, naturally... :)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Message sent on to Chris Lamb <lamby@debian.org>:
Bug#845475. (Mon, 28 Nov 2016 16:00:16 GMT) (full text, mbox, link).

Reply sent to Markus Koschany <apo@debian.org>:
You have taken responsibility. (Mon, 28 Nov 2016 16:21:28 GMT) (full text, mbox, link).

Notification sent to Chris Lamb <lamby@debian.org>:
Bug acknowledged by developer. (Mon, 28 Nov 2016 16:21:28 GMT) (full text, mbox, link).

Message #23 received at 845475-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>
To: 845475-close@bugs.debian.org
Subject: Bug#845475: fixed in apktool 2.2.1+dfsg-2
Date: Mon, 28 Nov 2016 16:18:22 +0000
Source: apktool
Source-Version: 2.2.1+dfsg-2

We believe that the bug you reported is fixed in the latest version of
apktool, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 845475@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated apktool package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Nov 2016 16:36:32 +0100
Source: apktool
Binary: apktool
Architecture: source
Version: 2.2.1+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Android Tools Maintainers <android-tools-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 apktool    - tool for reverse engineering Android apk files
Closes: 845475
Changes:
 apktool (2.2.1+dfsg-2) unstable; urgency=medium
 .
   * Make the build reproducible by using the install file for all jar files
     instead of the find command in debian/rules.
     Thanks to Chris Lamb for the report. (Closes: #845475)
Checksums-Sha1:
 9711b270b89a21fbdebea1df8fe3d65131b80cc4 2407 apktool_2.2.1+dfsg-2.dsc
 9bc480c10647d4389c4fdc27c8b2a11a15e725fe 7324 apktool_2.2.1+dfsg-2.debian.tar.xz
Checksums-Sha256:
 329b7be5b31c38cf00a6c8b0be96cf194c7ad6525e688bc97071004c98794ac4 2407 apktool_2.2.1+dfsg-2.dsc
 0303f33bc843764db17cea35793c483b735332380f90406920a8f356a0d93959 7324 apktool_2.2.1+dfsg-2.debian.tar.xz
Files:
 0f4c572679ea98a5575aac06b8a0973b 2407 devel optional apktool_2.2.1+dfsg-2.dsc
 920f812d4c6241f30d20b11c77efadc1 7324 devel optional apktool_2.2.1+dfsg-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlg8UhBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkaGoP/ir4BN+iEWvcj9BilUfg6Y/bCWDxjh/JtRSk
KDqZjf9m8wh/fEcw8w2yVtTpnxUKunqY11WECqWoxqbRYjBTdAYSmGmA6fCVVdfC
A4emoL9uuNh7GbLutlhkNUvSV24vAZ1mGB0W5B1W2EV6LbvFC1IEY7iRSouoWtmw
3++5WzuRBwyKjjOHk9DcVLSh8cIDgFXWdGHMOhRgtRDd93ruoX5zJWW7A4Ry0qXJ
nKm8fvazf82gy1+zOMNix8cX3dbsu+CQ5tVLMwb8gPdfNR2EbRKJ7ng+hszBLR3P
U8+9Lk5P3p8jbZ4RHh+CvwlSrJR46583FZ9vFFY3ZyJMFczuBGSGJA4F87ivhG7/
XxKoPnNd5MGfGUOLxwV9UPR5HaifwPDScoJVYi6gq7WZJ4rkbolHe/UgjXWWhjhn
tISmAT70ojH+YY+dH0pydN47Xx+S/5vgEHl8DQiYkBL7PrL3ShA684BUdNnq4q4w
l29r9DBxOpEhwJLeAcfb1HjGOEXdsCd4sdRaZjsv9O8iz9ERBZbFKA8SJbb4Ce34
q6rTny6qGByfSHyNYJuQ1P1uTurLmZtp0wPkvWGMVnkCjuGB4hdj4uIuARdwKe0T
BWLjX22J95v/cZLdgi6oCJ7O0H0cSx/hrptaNgnLv3UY8OhCUW6tkl6uLPotixwA
qMsXXdVp
=QkXk
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 29 Dec 2016 09:20:50 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 13:57:33 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.