Debian Bug report logs - #950606
gdb-source: generated tarball includes system metadata

version graph

Package: gdb-source; Maintainer for gdb-source is Héctor Orón Martínez <zumbi@debian.org>; Source for gdb-source is src:gdb (PTS, buildd, popcon).

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Tue, 4 Feb 2020 06:33:02 UTC

Severity: normal

Tags: patch

Fixed in version gdb/9.1-1

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Héctor Orón Martínez <zumbi@debian.org>:
Bug#950606; Package gdb-source. (Tue, 04 Feb 2020 06:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Héctor Orón Martínez <zumbi@debian.org>. (Tue, 04 Feb 2020 06:33:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gdb-source: generated tarball includes system metadata
Date: Mon, 03 Feb 2020 22:27:58 -0800
[Message part 1 (text/plain, inline)]
Package: gdb-source
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps umask username
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The tarball produced in gdb-source binary package includes metadata from
the filesystem, including umask, timestamps, and potentially username,
group, and sort order of the files in the tarball.

The attached patch passes arguments to tar to ensure reproducible builds
of this package.

There are several outstanding reproducibility issues with the other
packages produced by gdb, but please consider applying this to improve
the signal to noise ratio.


Thanks for maintaining gdb!


live well,
  vagrant

[0001-debian-rules-Use-tar-arguments-to-ensure-consistant-.patch (text/x-diff, inline)]
From cb9a4e0584e3f3dca2efa25078b81b5821ef747a Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Tue, 4 Feb 2020 03:16:30 +0000
Subject: [PATCH] debian/rules: Use tar arguments to ensure consistant
 tarballs, setting file mode, uid/gid, timestamps and sort order.

---
 debian/rules | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/debian/rules b/debian/rules
index a6ad6ac71..d05d28ad7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -287,6 +287,11 @@ binary-post-install/gdb-source ::
 	cd $(BUILDDIRSOURCE) && debian/rules clean
 	cd $(dir $(BUILDDIRSOURCE)) \
 	  && tar -cjf $(shell pwd)/debian/gdb-source/usr/src/gdb.tar.bz2 \
+	     --format=gnu \
+	     --mode=755 \
+	     --mtime="@$${SOURCE_DATE_EPOCH}" --clamp-mtime \
+	     --numeric-owner --owner=0 --group=0 \
+	     --sort=name \
 	     $(notdir $(BUILDDIRSOURCE))
 
 debian/control:: debian/control.in $(CROSS_FORCE)
-- 
2.20.1


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Héctor Orón Martínez <zumbi@debian.org>:
Bug#950606; Package gdb-source. (Tue, 04 Feb 2020 18:27:06 GMT) (full text, mbox, link).

Acknowledgement sent to Hector Oron <zumbi@debian.org>:
Extra info received and forwarded to list. Copy sent to Héctor Orón Martínez <zumbi@debian.org>. (Tue, 04 Feb 2020 18:27:06 GMT) (full text, mbox, link).

Message #10 received at 950606@bugs.debian.org (full text, mbox, reply):

From: Hector Oron <zumbi@debian.org>
To: Vagrant Cascadian <vagrant@reproducible-builds.org>, 950606@bugs.debian.org
Subject: Re: Bug#950606: gdb-source: generated tarball includes system metadata
Date: Tue, 4 Feb 2020 19:22:32 +0100
Hello,

Missatge de Vagrant Cascadian <vagrant@reproducible-builds.org> del
dia dt., 4 de febr. 2020 a les 7:33:

> The attached patch passes arguments to tar to ensure reproducible builds
> of this package.

Thanks, applied in git, queued for next release.

[debian/unstable 4704dec43] debian/rules: allow reproducible source tarballs
 Author: Vagrant Cascadian <vagrant@reproducible-builds.org>
 Date: Tue Feb 4 03:16:30 2020 +0000
 1 file changed, 5 insertions(+)

Regards
-- 
 Héctor Orón  -.. . -... .. .- -.   -.. . ...- . .-.. --- .--. . .-.

Reply sent to Héctor Orón Martínez <zumbi@debian.org>:
You have taken responsibility. (Sun, 09 Feb 2020 16:09:12 GMT) (full text, mbox, link).

Notification sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer. (Sun, 09 Feb 2020 16:09:12 GMT) (full text, mbox, link).

Message #15 received at 950606-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 950606-close@bugs.debian.org
Subject: Bug#950606: fixed in gdb 9.1-1
Date: Sun, 09 Feb 2020 16:04:46 +0000
Source: gdb
Source-Version: 9.1-1

We believe that the bug you reported is fixed in the latest version of
gdb, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 950606@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Héctor Orón Martínez <zumbi@debian.org> (supplier of updated gdb package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 09 Feb 2020 14:15:45 +0100
Source: gdb
Architecture: source
Version: 9.1-1
Distribution: unstable
Urgency: medium
Maintainer: Héctor Orón Martínez <zumbi@debian.org>
Changed-By: Héctor Orón Martínez <zumbi@debian.org>
Closes: 904628 906822 936591 942552 950606 950778
Changes:
 gdb (9.1-1) unstable; urgency=medium
 .
   [ Héctor Orón Martínez ]
   * New upstream version 9.1 (Closes: #906822)
   * debian/control{,.in}: python2 removal (Closes: #936591)
   * debian/patches: refresh
     + debian/patches/load-versioned-libcc1.patch: add SONAME to
       gcc-cp-interface.h (Closes: #950778)
     + debian/patches/gdb-PATH_MAX.patch: drop
   * debian/control{,.in}: build depend on pkg-config
   * debian/control{,.in}: add Sergio Durigan Junior as uploader
   * debian/README.source: point to xz upstream source instead bz2
   * debian/gcore.1: update (Closes: #904628)
 .
   [ Debian Janitor ]
   * Trim trailing whitespace.
   * Use secure URI in debian/watch.
   * Make "Files: *" paragraph the first in the copyright file.
   * Rely on pre-initialized dpkg-architecture variables.
 .
   [ Christian Biesinger ]
   * debian/control: update homepage to an https URL
   * debian/{control,rules}: Enable source highlighting (Closes: #942552)
 .
   [ Vagrant Cascadian ]
   * debian/rules: Use tar arguments to ensure consistant tarballs, setting file
     mode, uid/gid, timestamps and sort order. (Closes: #950606)
Checksums-Sha1:
 0cb9583bb4ccbf119455429587e4cf26664159aa 2793 gdb_9.1-1.dsc
 79cc818bf4af44095129f4d110fb7585138f7fb2 21519800 gdb_9.1.orig.tar.xz
 8c7768396256c45be944f02fbca91dc3780a573a 49292 gdb_9.1-1.debian.tar.xz
 d5cdb0700df8efae0cc272edd3ed972c186632fe 9815 gdb_9.1-1_source.buildinfo
Checksums-Sha256:
 69e2fba4500c5a4ea8a37f3758414af2c1f8b31794ad1dd7d00d40c3baba22e5 2793 gdb_9.1-1.dsc
 1a1a845d845c82303a490a8b0f1cb5aa252dccb90c88869e41d249a76db794e4 21519800 gdb_9.1.orig.tar.xz
 439e3898acceb2bf268737e9a238fa09d3b5eda07c30bd975277547c1f1e14b7 49292 gdb_9.1-1.debian.tar.xz
 c3dc41124138c12ff2b328a98159d61c43d7889be690cfeee4916b6ac8273bfa 9815 gdb_9.1-1_source.buildinfo
Files:
 c782b868df9a06dd8ba1e571a3187384 2793 devel optional gdb_9.1-1.dsc
 5ab268a5d2dd6b6443c12c572a3aafce 21519800 devel optional gdb_9.1.orig.tar.xz
 775e6c5290dd3df2f64179d1a05a609e 49292 devel optional gdb_9.1-1.debian.tar.xz
 d45e806b4f8ab68891085daf8f1abd55 9815 devel optional gdb_9.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE6Q8IiVReeMgqnedOryKDqnbirHsFAl5AKM4ACgkQryKDqnbi
rHuKwQ/+IbGoqQjDjotyk99aLf+fuN0M0zup0Nlgk1kRpjKle6oPAINBTD872Q9e
sclc+ytQUoeaclArg+tIYvNKwzyiby7kUydvPvYWDnN015Sk7BdAp6xf5sq0HJHu
vkT9K/9CmKZehsXHtHHZx7aBOOR63gr6O7UiRIHaqL3OK/jWao+MQWwcgZgJw8N1
ZN2fvw1ncMyFsZPbPMkczWr7Xd8j27i3T12Q0umAo+wXJsY2NdABcwjoj1tcOMKt
f2vo3O4z5CEa+Vd8q2utePxR/gxJRs+4P/XPnkVTy5aWVo4NN1H2Nn6BMJjVsS8a
mWYoCifUpOt6lzJD/m/pMiI+EvKbs0SSkQHJofez7cf4MCfZ8kCsAsFD0FtOYcrr
Rnuh3HQAI1xhkgw9lpTMKVib9SX9ea76MbF5mzuwS3icsbHWni8Tgqk6zJYaRgU1
1bG3e2SrvaBwpDK2VczsPpKXK0l790iZe62zrlKRyb1yip2B5DOZJtoH8C+g0IUt
sbcSgtJ0b1XtsynC7L6P44HU3Wxhl49DVSZ63K22YVWlTWHjpW673vSDsNNql17u
nkdH3oLPNOYHby/xdlEsMHx9IZMGAG+RtOFSA0laAws1+E8oYkukp78eGlrXuhXB
+btu+oiFg/I1HrvghiRAk6Glq587ugOxM/GeBZCaikfkfeo+MsU=
=DONf
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Mar 2020 07:24:42 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 13:39:41 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.