Debian Bug report logs - #963518
source-highlight: Embeds user shell in scripts

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: source-highlight: Embeds user shell in scripts

Date: Mon, 22 Jun 2020 13:43:53 -0700

[Message part 1 (text/plain, inline)]

Source: source-highlight
Version: 3.1.9-1.2
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: shell
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

When CONFIG_SHELL is not set during configure, configure attempts
various methods to detect a valid shell, including using the build
user's shell, which may vary from user to user.

This then gets embedded into scripts shipped in the
libsource-highlight-common package, breaking reproducibility:

  ./usr/share/source-highlight/source-highlight-esc.sh
  Offset 1, 8 lines modified	Offset 1, 8 lines modified
  1 	#!/​bin/​bash	1 	#!/​bin/​sh

  ./usr/share/source-highlight/src-hilite-lesspipe.sh
  Offset 1, 8 lines modified	Offset 1, 8 lines modified
  1 	#!·​/​bin/​bash	1 	#!·​/​bin/​sh

The attached patch works around this by setting CONFIG_SHELL=/bin/sh in
debian/rules during configure.


Thanks for maintaining source-highlight!


live well,
  vagrant

[0001-debian-rules-Set-CONFIG_SHELL-to-bin-sh-during-confi.patch (text/x-diff, inline)]

From 3f369205d838c908a453a944735ab1f0bc12e915 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Mon, 22 Jun 2020 20:25:50 +0000
Subject: [PATCH] debian/rules: Set CONFIG_SHELL to /bin/sh during configure.

This enables reproducible builds regardless of the configured shell of
the build user.
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 011a918..c92d9a6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,7 +3,7 @@
 	dh $@
 
 override_dh_auto_configure:
-	dh_auto_configure -- \
+	CONFIG_SHELL=/bin/sh dh_auto_configure -- \
 	--with-bash-completion=/usr/share/bash-completion/completions \
 	--with-boost-regex=boost_regex
 
-- 
2.20.1

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 963518-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 963518-close@bugs.debian.org

Subject: Bug#963518: fixed in source-highlight 3.1.9-2

Date: Thu, 30 Jul 2020 15:28:57 +0000

Source: source-highlight
Source-Version: 3.1.9-2
Done: Kartik Kulkarni <kartik.koolks@gmail.com>

We believe that the bug you reported is fixed in the latest version of
source-highlight, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 963518@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kartik Kulkarni <kartik.koolks@gmail.com> (supplier of updated source-highlight package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jul 2020 01:56:28 +0530
Source: source-highlight
Architecture: source
Version: 3.1.9-2
Distribution: unstable
Urgency: medium
Maintainer: Kartik Kulkarni <kartik.koolks@gmail.com>
Changed-By: Kartik Kulkarni <kartik.koolks@gmail.com>
Closes: 912715 963518
Changes:
 source-highlight (3.1.9-2) unstable; urgency=medium
 .
   * Fix reproducible build with patch from
     Vagrant (Closes: #963518)
   * Fix fail to cross build from source with patch
     from Helmut  (Closes: #912715)
   * Updated standards version
Checksums-Sha1:
 2c4936e881342e4e7b780dd80c09ffcf0d3177da 2123 source-highlight_3.1.9-2.dsc
 2d1b983a322b215f67ce5413fe2189390dbd6041 5960 source-highlight_3.1.9-2.debian.tar.xz
Checksums-Sha256:
 a3cb25327b31a7e6e49a7dc7f704df5c77fa8a8425892ab3d0641f316e0688a8 2123 source-highlight_3.1.9-2.dsc
 9417b16caa97646461544b5c58e86267c668aacf27cd4b1617b1884bc0556059 5960 source-highlight_3.1.9-2.debian.tar.xz
Files:
 38dbf0ab0d999ba90072ec8d735b0a6d 2123 devel optional source-highlight_3.1.9-2.dsc
 ddbd8124fc1e91e4e7a8c054908d473c 5960 devel optional source-highlight_3.1.9-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZaEt9P4xrWusTXauM1X01jtYIcwFAl8i3ZIACgkQM1X01jtY
IcwgRhAAoO7wRr32O6ZTz3T1VJiW4W4jHFP4WiBEqqya41Xe27SR8P+58+hB6gw8
FvO5OyjVSQiqsxoIjQuENUL2rJlJGagPlM+pfVz3YD2F3ReJiKYTdx9gX1VpHbND
AxMIiR0twJO9SDWh5FWjTMkxnrQXZOSVhe3qdZ47Zh+Su+4RuuaM9HiN+JlN9pFf
e04jV57daj4LOHGaQM23uhHKpForVJT8wJTBZ80V9SdDW1f3iQy16Ab1n5rWwTL3
USb5AYm0It+OpRP+duVFtfScQetXs4QqE8pKBhC1Kyg2TruwkIoQRjWPsQvYvbsl
m0tcEULi3fof2oxFSQbrCzaAnZqKX8345nRMvqbKEGXtXeLcDJWgisGVfZgKilHy
NoeE0YnlTpYQG/h7lXDhfLG4T9rgtPjERGKPQlCGNkkaWECdmVN/OF4dLW0SkQx7
3peOAvV5xe90USODfLfkO5s2SVg7y8eU3UQuWNuj6zlbQtymb8TIS/6t0tWi9O8L
4fK4soYfms0M2KZrX+OYCpxE87EqsHbe1kWAEAYvAZ7tZm3+t+R+kmmFCmkoKPqu
v98cYmZdANP5v+rOngrZe5eqDbxoOU7iMoMbqqEL13hslgFaiaRrKY2GgzHa058q
VRWD1GKa4QEq2MagtOWReqC5x9e9rCUBZKJZOeKPyTDJjP0EVOQ=
=pz/N
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.