Debian Bug report logs - #852289
python-passlib: please make the build reproducible (timestamps)

Package: src:python-passlib; Maintainer for src:python-passlib is Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>;

Reported by: Dhole <dhole@openmailbox.org>

Date: Mon, 23 Jan 2017 10:03:04 UTC

Severity: wishlist

Tags: patch

Found in version python-passlib/1.7.0-1

Fixed in version python-passlib/1.7.1-1

Done: Barry Warsaw <barry@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#852289; Package src:python-passlib. (Mon, 23 Jan 2017 10:03:06 GMT) (full text, mbox, link).

Acknowledgement sent to Dhole <dhole@openmailbox.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Mon, 23 Jan 2017 10:03:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Source: python-passlib
Version: 1.7.0-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

Hi,

While working on the "reproducible builds" effort [1], we have noticed that
python-passlib could not be built reproducibly.

The version string of the package includes a timestamp that is generated at
build time.

The attached patch fixes this by using SOURCE_DATE_EPOCH as the timestamp for
the version string. Once applied, python-passlib can be built reproducibly in
our current experimental framework.

 [1]: https://wiki.debian.org/ReproducibleBuilds

Regards,
-- 
Dhole

[python-passlib.diff.txt (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#852289; Package src:python-passlib. (Mon, 23 Jan 2017 21:42:17 GMT) (full text, mbox, link).

Acknowledgement sent to Eli Collins <elic@astllc.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Mon, 23 Jan 2017 21:42:17 GMT) (full text, mbox, link).

Message #10 received at 852289@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Passlib author here -

In case this helps the debian package maintainer decide on this patch /
schedule things, the timestamp problem this addresses is due to a bug in
the passlib 1.7.0 setup script, which should be fixed in the 1.7.1 upstream
release (due out next weekend).

- Eli

On Mon, 23 Jan 2017 01:59:13 -0800 Dhole <dhole@openmailbox.org> wrote:
> Source: python-passlib
> Version: 1.7.0-1
> Severity: wishlist
> Tags: patch
> User: reproducible-builds@lists.alioth.debian.org
> Usertags: timestamps
> X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
>
> Hi,
>
> While working on the "reproducible builds" effort [1], we have noticed
that
> python-passlib could not be built reproducibly.
>
> The version string of the package includes a timestamp that is generated
at
> build time.
>
> The attached patch fixes this by using SOURCE_DATE_EPOCH as the timestamp
for
> the version string. Once applied, python-passlib can be built
reproducibly in
> our current experimental framework.
>
>  [1]: https://wiki.debian.org/ReproducibleBuilds
>
> Regards,
> --
> Dhole

[Message part 2 (text/html, inline)]

Acknowledgement sent to Barry Warsaw <barry@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Mon, 23 Jan 2017 22:15:10 GMT) (full text, mbox, link).

Message #15 received at 852289@bugs.debian.org (full text, mbox, reply):

On Jan 23, 2017, at 04:40 PM, Eli Collins wrote:

>In case this helps the debian package maintainer decide on this patch /
>schedule things, the timestamp problem this addresses is due to a bug in
>the passlib 1.7.0 setup script, which should be fixed in the 1.7.1 upstream
>release (due out next weekend).

Thanks for the status Eli.  If the bug is fixed upstream, I think it makes
sense to just wait until 1.7.1.  Feel free to drop us a ping when that's
available (though I'll eventually notice it anyway).  If Brian doesn't beat me
to it, I'm happy to update to 1.7.1 once it's available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#852289; Package src:python-passlib. (Sat, 28 Jan 2017 22:54:03 GMT) (full text, mbox, link).

Acknowledgement sent to Brian May <bam@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Sat, 28 Jan 2017 22:54:03 GMT) (full text, mbox, link).

Message #20 received at 852289@bugs.debian.org (full text, mbox, reply):

Barry Warsaw <barry@debian.org> writes:

> On Jan 23, 2017, at 04:40 PM, Eli Collins wrote:
>
>>In case this helps the debian package maintainer decide on this patch /
>>schedule things, the timestamp problem this addresses is due to a bug in
>>the passlib 1.7.0 setup script, which should be fixed in the 1.7.1 upstream
>>release (due out next weekend).
>
> Thanks for the status Eli.  If the bug is fixed upstream, I think it makes
> sense to just wait until 1.7.1.  Feel free to drop us a ping when that's
> available (though I'll eventually notice it anyway).  If Brian doesn't beat me
> to it, I'm happy to update to 1.7.1 once it's available.

Considering the coming freeze, might be best to upload a fix before
then... If you want this in stretch that is.
-- 
Brian May <bam@debian.org>

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#852289; Package src:python-passlib. (Tue, 31 Jan 2017 14:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Eli Collins <elic@astllc.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Tue, 31 Jan 2017 14:45:03 GMT) (full text, mbox, link).

Message #25 received at 852289@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Passlib 1.7.1 is out, which should fix #852289; I'll try to keep an eye on
the reproducible build status for a bit in case there's any other hiccups.

- Eli

On Mon, Jan 23, 2017 at 5:12 PM, Barry Warsaw <barry@debian.org> wrote:

> On Jan 23, 2017, at 04:40 PM, Eli Collins wrote:
>
> >In case this helps the debian package maintainer decide on this patch /
> >schedule things, the timestamp problem this addresses is due to a bug in
> >the passlib 1.7.0 setup script, which should be fixed in the 1.7.1
> upstream
> >release (due out next weekend).
>
> Thanks for the status Eli.  If the bug is fixed upstream, I think it makes
> sense to just wait until 1.7.1.  Feel free to drop us a ping when that's
> available (though I'll eventually notice it anyway).  If Brian doesn't
> beat me
> to it, I'm happy to update to 1.7.1 once it's available.
>

[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#852289; Package src:python-passlib. (Tue, 31 Jan 2017 16:03:06 GMT) (full text, mbox, link).

Acknowledgement sent to Barry Warsaw <barry@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Tue, 31 Jan 2017 16:03:06 GMT) (full text, mbox, link).

Message #30 received at 852289@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

On Jan 31, 2017, at 09:43 AM, Eli Collins wrote:

>Passlib 1.7.1 is out, which should fix #852289; I'll try to keep an eye on
>the reproducible build status for a bit in case there's any other hiccups.

Thanks!  I'm working on the new upstream in git right now.  It looks like we
can also drop the 0001-Disable-Django-support.patch since

https://bitbucket.org/ecollins/passlib/issues/68/tests-fail-with-django-19

is resolved upstream.  I'm not a Django expert though so please let me know if
this is not correct.

Cheers,
-Barry

[Message part 2 (application/pgp-signature, inline)]

Added tag(s) pending. Request was from Barry Warsaw <barry@debian.org> to control@bugs.debian.org. (Tue, 31 Jan 2017 16:51:04 GMT) (full text, mbox, link).

Message sent on to Dhole <dhole@openmailbox.org>:
Bug#852289. (Tue, 31 Jan 2017 16:51:07 GMT) (full text, mbox, link).

Message #35 received at 852289-submitter@bugs.debian.org (full text, mbox, reply):

tag 852289 pending
thanks

Hello,

Bug #852289 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=python-modules/packages/python-passlib.git;a=commitdiff;h=226426e

---
commit 226426e6ccc9bff1d321a33cf9b615e2cb833958
Author: Barry Warsaw <barry@debian.org>
Date:   Tue Jan 31 11:47:31 2017 -0500

    New upstream release.
    
    * Team upload.
    * New upstream release.  (Closes: #852289)
    * d/patches/0001-Disable-Django-support.patch: Dropped as upstream issue
      should now be fixed.

diff --git a/debian/changelog b/debian/changelog
index 1c7cfee..e264e76 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,17 @@
+python-passlib (1.7.1-1) UNRELEASED; urgency=medium
+
+  * Team upload.
+  * New upstream release.  (Closes: #852289)
+  * d/patches/0001-Disable-Django-support.patch: Dropped as upstream issue
+    should now be fixed.
+
+ -- Barry Warsaw <barry@debian.org>  Tue, 31 Jan 2017 10:59:37 -0500
+
 python-passlib (1.7.0-1) unstable; urgency=medium
 
   * Team upload.
   * New upstream release.  (Closes: #844233)
-  * d/control: 
+  * d/control:
     - Bump Standards-Version with no other changes necessary.
     - Bump debhelper version dependency to >= 9.
   * d/compat: Bump to version 9.

Reply sent to Barry Warsaw <barry@debian.org>:
You have taken responsibility. (Tue, 31 Jan 2017 17:51:12 GMT) (full text, mbox, link).

Notification sent to Dhole <dhole@openmailbox.org>:
Bug acknowledged by developer. (Tue, 31 Jan 2017 17:51:12 GMT) (full text, mbox, link).

Message #40 received at 852289-close@bugs.debian.org (full text, mbox, reply):

Source: python-passlib
Source-Version: 1.7.1-1

We believe that the bug you reported is fixed in the latest version of
python-passlib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 852289@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Barry Warsaw <barry@debian.org> (supplier of updated python-passlib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 31 Jan 2017 11:48:36 -0500
Source: python-passlib
Binary: python-passlib python3-passlib
Architecture: source all
Version: 1.7.1-1
Distribution: unstable
Urgency: medium
Maintainer: Barry Warsaw <barry@debian.org>
Changed-By: Barry Warsaw <barry@debian.org>
Description:
 python-passlib - comprehensive password hashing framework
 python3-passlib - comprehensive password hashing framework
Closes: 852289
Changes:
 python-passlib (1.7.1-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release.  (Closes: #852289)
   * d/patches/0001-Disable-Django-support.patch: Dropped as upstream issue
     should now be fixed.
Checksums-Sha1:
 d08054c7801f3519012dabd243bfdce260b1154e 2200 python-passlib_1.7.1-1.dsc
 1fccaee7a5a158ee04274e18f4927a6a603c6901 645724 python-passlib_1.7.1.orig.tar.gz
 2cf8b62b20f6105de87ac0ebaeae6dbc595ed9e8 13724 python-passlib_1.7.1-1.debian.tar.xz
 bb819c5cfc1c63f3c873ae51775cbdb4fbc1af45 348248 python-passlib_1.7.1-1_all.deb
 f406a1905fa402c573b994872b30e6f3238995c6 5803 python-passlib_1.7.1-1_amd64.buildinfo
 b9d8a92bdb373d592256db58e31e4ed570c60887 347580 python3-passlib_1.7.1-1_all.deb
Checksums-Sha256:
 c9c38982ffee05f8d3696674edaa2caab8bf9848fd9fe27275eae6e06e41e3a2 2200 python-passlib_1.7.1-1.dsc
 3d948f64138c25633613f303bcc471126eae67c04d5e3f6b7b8ce6242f8653e0 645724 python-passlib_1.7.1.orig.tar.gz
 67081dd31c183318cc4b660887cf872662ad385a76dc752903801cb407c5cfa4 13724 python-passlib_1.7.1-1.debian.tar.xz
 7ef0e92215c20b4e771113f583b10e97e33e0c9c137669e13819d0e6582c0f7c 348248 python-passlib_1.7.1-1_all.deb
 6e6cdbd444be50880666340ddfe96b2aa8899d95d37cfdef29bd19a4686e316d 5803 python-passlib_1.7.1-1_amd64.buildinfo
 cd398a4fa1cb4f57c2e6cc86b2ed93fa48d8324d266b7849427b78fc31dfd735 347580 python3-passlib_1.7.1-1_all.deb
Files:
 29e8f3aedc03934e9b7580952e2b5c87 2200 python extra python-passlib_1.7.1-1.dsc
 254869dae3fd9f09f0746a3cb29a0b15 645724 python extra python-passlib_1.7.1.orig.tar.gz
 6bc1d17c148e68860d4d5a723d7c828f 13724 python extra python-passlib_1.7.1-1.debian.tar.xz
 4fa23afb983fb4b25309a29b24bf1de9 348248 python extra python-passlib_1.7.1-1_all.deb
 da7261ea83973c73a069268b175b38cd 5803 python extra python-passlib_1.7.1-1_amd64.buildinfo
 6df9e7c408eecba7aff81e9578925958 347580 python extra python3-passlib_1.7.1-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEhBcVftvnPZ6sHlObEm61Y6dLBr8FAliQyBgACgkQEm61Y6dL
Br826A//cI+MguPCEzmNYIUnzhGVkZr5U5YNhjhxWcLsyxKgwX2ads36jMtu3PdN
WRcUDxwrlDmjW4znzSnDS8nIasTm3JuytLrfI67ADjx77x2q1JKHMAA+swzWrt53
Z4k9MxpYetB7gqTnWy3lhdvDb/ZX3VuDmBC9kggotqulhsTUeYAbxQbHhna415cu
Kzw/baAyDtNUYJPVqGULDu/SFnDXzRAQMArVtKSf9UwuHpUCJ0d4w8tBFoFdnlXr
c4uXtAzNyqzEvabC8lEElTtdqBXQUspoKWt6pOiQHoOAZzVjaz+1EJBKYVGmaB/S
ljbS6xZNTb1XMGMaiBw++M17E3bEMbVd9DoyRFNuZJX/9yfIw49/vjTPqyylHpUz
Umtm+xf5YSOsuKDtLUAocGAk5iU5JZoBDUHi/n28wrhREV5Rw2F18zwILVN2aSUd
ysXUrVdFco/yxlo/Qz2/qC3EsW2x7o7gPq/nv7NxFdWklUmj4ngUDFKwSEO40nft
c+PbVDwyXP2wFmG+jRtvPZy7OG+kbBItGNh3F8u8aAeDXV0e1SiTIok0x6z6KQzV
kRrgfyHB3O4QqvYCPRxNMYI5YNLactSFQttglrsA1CS7s+h0j8NxkBUGteWtroKo
SjjVoh91bywoX2v50At/2NlD1AxO5qETsZKk+mjtz9ued3SXRg4=
=NXVq
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 18 Jul 2017 07:48:09 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jan 10 18:14:55 2018; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #852289 python-passlib: please make the build reproducible (timestamps)

Debian Bug report logs - #852289
python-passlib: please make the build reproducible (timestamps)