Debian Bug report logs -
#890487
wreport: please make the build reproducible
Reported by: Chris Lamb <lamby@debian.org>
Date: Thu, 15 Feb 2018 09:09:05 UTC
Severity: wishlist
Tags: patch
Found in version wreport/3.6-1
Fixed in version wreport/3.12-1
Done: Enrico Zini <enrico@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Enrico Zini <enrico@debian.org>:
Bug#890487; Package src:wreport.
(Thu, 15 Feb 2018 09:09:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Enrico Zini <enrico@debian.org>.
(Thu, 15 Feb 2018 09:09:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: wreport
Version: 3.6-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0], we noticed
that wreport could not be built reproducibly.
This is because we ship the doxytags file. I'm pretty sure this
is not very useful; I mean, first of all it's ".gz" and it's in
the doc/ directory so its not going to be found automatically by
any tools, and it's not really human readable.
Patch attached.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
[wreport.diff.txt (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Enrico Zini <enrico@debian.org>:
Bug#890487; Package src:wreport.
(Thu, 15 Feb 2018 11:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Enrico Zini <enrico@debian.org>.
(Thu, 15 Feb 2018 11:03:05 GMT) (full text, mbox, link).
Message #10 received at 890487@bugs.debian.org (full text, mbox, reply):
Hi Enrico,
> The tags file is currently used by dballe (a reverse build-dep of
> wreport) to build its documentation.
Ah, it can a) find it and b) use it despite it being gzipped? :)
> I have no problem moving it to a different location than doc/, but if it
> breaks reproducibility I have a bigger problem than its install
> location.
We can always sed the tags file to remove the absolute build path.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Information forwarded
to debian-bugs-dist@lists.debian.org, Enrico Zini <enrico@debian.org>:
Bug#890487; Package src:wreport.
(Thu, 15 Feb 2018 11:09:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Enrico Zini <enrico@enricozini.org>:
Extra info received and forwarded to list. Copy sent to Enrico Zini <enrico@debian.org>.
(Thu, 15 Feb 2018 11:09:06 GMT) (full text, mbox, link).
Message #15 received at 890487@bugs.debian.org (full text, mbox, reply):
On Thu, Feb 15, 2018 at 09:07:45AM +0000, Chris Lamb wrote:
> Whilst working on the Reproducible Builds effort [0], we noticed
> that wreport could not be built reproducibly.
>
> This is because we ship the doxytags file. I'm pretty sure this
> is not very useful; I mean, first of all it's ".gz" and it's in
> the doc/ directory so its not going to be found automatically by
> any tools, and it's not really human readable.
The tags file is currently used by dballe (a reverse build-dep of
wreport) to build its documentation.
I have no problem moving it to a different location than doc/, but if it
breaks reproducibility I have a bigger problem than its install
location.
Is it the first case of doxygen tags being shipped by a library and used
to build documentation of libraries using it? I wonder what best
practices in this case would be.
Enrico
--
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Information forwarded
to debian-bugs-dist@lists.debian.org, Enrico Zini <enrico@debian.org>:
Bug#890487; Package src:wreport.
(Thu, 15 Feb 2018 12:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Enrico Zini <enrico@enricozini.org>:
Extra info received and forwarded to list. Copy sent to Enrico Zini <enrico@debian.org>.
(Thu, 15 Feb 2018 12:06:05 GMT) (full text, mbox, link).
Message #20 received at 890487@bugs.debian.org (full text, mbox, reply):
On Thu, Feb 15, 2018 at 11:01:06AM +0000, Chris Lamb wrote:
> > The tags file is currently used by dballe (a reverse build-dep of
> > wreport) to build its documentation.
> Ah, it can a) find it and b) use it despite it being gzipped? :)
Yes, because it knows where to find it and that it is gzipped. I don't
mind moving it to /usr/share, for example, and shipping it non
gzipped.
> > I have no problem moving it to a different location than doc/, but if it
> > breaks reproducibility I have a bigger problem than its install
> > location.
> We can always sed the tags file to remove the absolute build path.
That sounds like a very good thing to do. I had not realised that
doxygen tags files contained absolute paths. I consider that to be a
potential leak of private data, on top of being a reproducibility issue.
Enrico
--
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Information forwarded
to debian-bugs-dist@lists.debian.org, Enrico Zini <enrico@debian.org>:
Bug#890487; Package src:wreport.
(Thu, 15 Feb 2018 15:21:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Enrico Zini <enrico@debian.org>.
(Thu, 15 Feb 2018 15:21:09 GMT) (full text, mbox, link).
Message #25 received at 890487@bugs.debian.org (full text, mbox, reply):
Hi Enrico,
> Yes, because it knows where to find it and that it is gzipped. I don't
> mind moving it to /usr/share, for example, and shipping it non
> gzipped.
I have no input on this. It's unrelated to unreproducibility after all;
I only mentioned the location and it being gzipped because I was
(incorrectly, according to your clarifications) inferring that it meant
that the file was not being consumed mechanically.
> That sounds like a very good thing to do. I had not realised that
> doxygen tags files contained absolute paths. I consider that to be a
> potential leak of private data, on top of being a reproducibility issue.
Indeed. Reproducibility is great for finding QA issues as well as
security ones (see, for example <https://bugs.debian.org/833885>).
Anyway, here is an alternative patch:
--- a/debian/rules 2018-02-14 22:40:51.055273779 +0000
--- b/debian/rules 2018-02-15 14:41:23.016460856 +0000
@@ -26,6 +26,9 @@
done
# Remove python modules .la files
rm -f debian/tmp/usr/lib/python*/dist-packages/*.la
+ # Remove absolute build path from tag file, resulting in <path>.</path>
+ sed -i -e 's@$(CURDIR)@/usr/include@g' \
+ debian/tmp/usr/share/doc/wreport/libwreport.doxytags
vercheck:
debian/vercheck > /dev/null
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Reply sent
to Enrico Zini <enrico@debian.org>:
You have taken responsibility.
(Wed, 25 Jul 2018 02:39:06 GMT) (full text, mbox, link).
Notification sent
to Chris Lamb <lamby@debian.org>:
Bug acknowledged by developer.
(Wed, 25 Jul 2018 02:39:07 GMT) (full text, mbox, link).
Message #30 received at 890487-close@bugs.debian.org (full text, mbox, reply):
Source: wreport
Source-Version: 3.12-1
We believe that the bug you reported is fixed in the latest version of
wreport, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 890487@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Enrico Zini <enrico@debian.org> (supplier of updated wreport package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 Jul 2018 09:42:00 +0800
Source: wreport
Binary: libwreport-dev libwreport-doc libwreport3 wreport-common python-wreport python3-wreport
Architecture: source amd64 all
Version: 3.12-1
Distribution: unstable
Urgency: medium
Maintainer: Enrico Zini <enrico@debian.org>
Changed-By: Enrico Zini <enrico@debian.org>
Description:
libwreport-dev - library for working with weather reports
libwreport-doc - documentation for libwreport
libwreport3 - shared library for working with weather reports
python-wreport - Python library to work with BUFR and CREX weather bulletins
python3-wreport - Python library to work with BUFR and CREX weather bulletins
wreport-common - common data files for libwreport
Closes: 890487
Changes:
wreport (3.12-1) unstable; urgency=medium
.
* New upstream version
* Remove absolute paths from doxygen tags file, thanks Chris Lamb for the
patch. Closes: #890487
Checksums-Sha1:
1ddf0bcea8d0ccda018e941805023d1f855eee69 2252 wreport_3.12-1.dsc
6de1aa26a6359a68d3e68246310973f42220173b 2179130 wreport_3.12.orig.tar.gz
ed29da97d019f63a3a050cad1217e83aa12ab0cd 5476 wreport_3.12-1.debian.tar.xz
bacfbec13e714932da89dbfce8628a7888bf06a8 256444 libwreport-dev_3.12-1_amd64.deb
ff606f45dca8c22a56b020decce48a4451c1c409 346976 libwreport-doc_3.12-1_all.deb
d2f6164a2c44ab13175ab41ec95d20ef39bd54cb 2638104 libwreport3-dbgsym_3.12-1_amd64.deb
8fa8a54eb561d4bc7c2f12f0adcef5961cf4a23c 182408 libwreport3_3.12-1_amd64.deb
f93aea775d12be26b83fadd844855ab6e8b21906 167860 python-wreport-dbgsym_3.12-1_amd64.deb
5021e86de855a6ad2f8c9ef27add6f6bf6b327d9 26580 python-wreport_3.12-1_amd64.deb
f20ebd14086cf7c3c6a85bef63b369b7573be7b5 340900 python3-wreport-dbgsym_3.12-1_amd64.deb
8d4e9d398b349e0b568bde715bcd7bd44b629b5a 26724 python3-wreport_3.12-1_amd64.deb
0fd374666a17eb1eaf5806b550acbd58ab91c8c9 150996 wreport-common_3.12-1_amd64.deb
0b8eb64560e6a803287be60e820ef89120f2e2a9 9814 wreport_3.12-1_amd64.buildinfo
Checksums-Sha256:
5e85b6d14ba848c3abad80374f3d57058598bd8a523b02cfb17458977180f99e 2252 wreport_3.12-1.dsc
e1a6d1041de225dac044924888649b8325daea0b2241e6721d8271d37732a0e1 2179130 wreport_3.12.orig.tar.gz
66a2287b03b0631d584cbbb2701f7dc1afac88a38bbf8ff979b2da61e16a531e 5476 wreport_3.12-1.debian.tar.xz
f9e6fbd4663ed8e956bac070f8a697c18ee49adcc37b23c6e3c2bd1057bc2a49 256444 libwreport-dev_3.12-1_amd64.deb
473d834130f06c82a6a2359c3943309d6d34605fe289ba720bba7c3198f31d9e 346976 libwreport-doc_3.12-1_all.deb
c368566ebd539dda5ece2238da26ed992d07448f4c4a85254da5194b09f0bb30 2638104 libwreport3-dbgsym_3.12-1_amd64.deb
7225970e4acf5eeb2777cde70f549d0542f04a09d03598f644a028f0cb07a840 182408 libwreport3_3.12-1_amd64.deb
3b9dc6cee1e28d3e242fbc8e0512e52e3615403434d2db2c024f53e953d68b0b 167860 python-wreport-dbgsym_3.12-1_amd64.deb
b61b1738382f34e17d78fba3cd8a5d514116dce5a2a0b4000d755fc00cf8af6a 26580 python-wreport_3.12-1_amd64.deb
6fc2dddd043f5131e9e84f8af959a02b7dc68bf855103e9d11b822cd16e38c3b 340900 python3-wreport-dbgsym_3.12-1_amd64.deb
5d74ecd571922c2eab9f3743dc967b1d3b856ba10641aa4eda8b1c1a55dfe7ba 26724 python3-wreport_3.12-1_amd64.deb
cfa9f09795b3d2f10831374ed3fc94f755d60b2e47f9c2215dbb1c8b3aa3d188 150996 wreport-common_3.12-1_amd64.deb
572e53508f75981db2e1af688f4eb59772fc2e062ed595814f099eab4c83aef6 9814 wreport_3.12-1_amd64.buildinfo
Files:
b1e6118b76fefe42b56455e9ca5e6e1f 2252 misc optional wreport_3.12-1.dsc
84eb6934be8be4be4044375685b99db7 2179130 misc optional wreport_3.12.orig.tar.gz
02271ea696e91ba165bb2bc91562c54f 5476 misc optional wreport_3.12-1.debian.tar.xz
9cb7626b830608189cc75b0feb752278 256444 libdevel optional libwreport-dev_3.12-1_amd64.deb
d6e87781e571a290a88e640c6b5a7d81 346976 doc optional libwreport-doc_3.12-1_all.deb
bbc085bd8daa502255c43917fe0e7e5f 2638104 debug optional libwreport3-dbgsym_3.12-1_amd64.deb
18465d113fe71a41b3cac0de94585aa9 182408 libs optional libwreport3_3.12-1_amd64.deb
319f40e7910950075b42194a57b01aa4 167860 debug optional python-wreport-dbgsym_3.12-1_amd64.deb
97c66fb33fa05b3502016109ac08e8c2 26580 python optional python-wreport_3.12-1_amd64.deb
0f0eb38758229684fbd91e116e63de2f 340900 debug optional python3-wreport-dbgsym_3.12-1_amd64.deb
775c6cbca65181ff92ea813058be98d8 26724 python optional python3-wreport_3.12-1_amd64.deb
58d1aeac4fdc72599f9756f7f8908c08 150996 misc optional wreport-common_3.12-1_amd64.deb
63be518ac510f123abe85693985361f3 9814 misc optional wreport_3.12-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEECWOFX2srg4dSrhhPiHMvzA1Tr7YFAltX3PYSHGVucmljb0Bk
ZWJpYW4ub3JnAAoJEIhzL8wNU6+2Z9wP/3eaUGLK2lO2xLpq/J9dk2YAaYQuMDKb
wBWFgDaIjs+MM12aYwgZsBiH6F7669bk6Y59Qcg7JynlJbhjzpwkBRDIoSPuix7W
ZF6ZLKML1S6IuWFhOpbEh95eiA1Oxg2K0M7fGjTnE3O4T/bXkwRo6Ze/ekaaiVeT
XSKZOxruWAxYuN7a8/e2ryuKEMql4khaDBf/SZhSfnAPe0GFV0GF/tDpDWMV3bnh
8ujLQ/441bgbpIrEY+SMEEwJL4BLt/nflyNpSUlqPb1w1pxY0fJNvLdPs1D/1H34
32J8U5Cf2SKbUonF7ovZaDuMAVbpfF4pkmv+z+q4KJdD/XWCIKqLSuKm8UbKTpg9
FY4cetC1WnRwmfr21Y8640OdpezOADlFmrxwWc38tvltodOGG4PigH4GbLz9x2/u
I3cZT2GtAs4e7RBA1Q1itib/iSW67xExc2sIpA2RiSMpodW+mI1LLaSn+fHWsvcl
ub/nHA63WNQzt14U0Wsju9n5BXI3LaEz0zq4INMbZO7s6WeMLSlZWirVnLTwBeJW
UOOzC9e5zBKITJiolK/LDjj2PVdyaLoO/wgX7kcQgttbdlCkEdP7qcvVEOD178JZ
Oqu8zHlQKhjvD469EAoCQuEZIQP3DjQi/hEqkkqhFBp0wL+9YWrpEzI26yu8XEFC
ZNCALXHEYoSc
=er1r
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 15 Nov 2018 07:29:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 14:02:48 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.