Debian Bug report logs - #970874
nix: Embeds different paths when built on a usrmerge system

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: nix: Embeds different paths when built on a usrmerge system

Date: Thu, 24 Sep 2020 12:12:52 -0700

[Message part 1 (text/plain, inline)]

Source: nix
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

When built on a system with usrmerge enabled, and a system without
usrmerge usrmerge enabled, A file in the nix-bin package embeds
different paths for bash, bzip2, gzip and tar:

./usr/share/nix/corepkgs/config.nix
Offset 1, 18 lines modified	Offset 1, 18 lines modified
1 	let	1 	let
2 	··fromEnv·=·var:·def:	2 	··fromEnv·=·var:·def:
3 	····let·val·=·builtins.getEnv·var;·in	3 	····let·val·=·builtins.getEnv·var;·in
4 	····if·val·!=·""·then·val·else·def;	4 	····if·val·!=·""·then·val·else·def;
5 	in·rec·{	5 	in·rec·{
6 	··shell·=·"/bin/bash";	6 	··shell·=·"/usr/bin/bash";
7 	··coreutils·=·"/usr/bin:/bin";	7 	··coreutils·=·"/usr/bin:/bin";
8 	··bzip2·=·"/bin/bzip2";	8 	··bzip2·=·"/usr/bin/bzip2";
9 	··gzip·=·"/bin/gzip";	9 	··gzip·=·"/usr/bin/gzip";
10 	··xz·=·"/usr/bin/xz";	10 	··xz·=·"/usr/bin/xz";
11 	··tar·=·"/bin/tar";	11 	··tar·=·"/usr/bin/tar";


I'm not sure if this file is used in a practical way for the installed
package, but if it does, a package built on a usrmerge system will not
correctly run on a non-usrmerge system.

The attached patch hard-codes these to use the compatible paths in /bin
for these binaries, which should be present on both a usrmerge and
non-usrmerge system, resulting in a backwards compatible and
reproducible build.

Another approach might be if this file is not needed during runtime to
exclude it from the package; I'm not familiar enough with nix to know if
that is viable or not.

Thanks for maintaining nix!


live well,
  vagrant

[0001-Add-patch-to-fix-reproducible-builds-on-usrmerge-sys.patch (text/x-diff, inline)]

From 6a5712aeedc3b97dfd8de82432f375bc60b312bb Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Thu, 24 Sep 2020 18:13:51 +0000
Subject: [PATCH] Add patch to fix reproducible builds on usrmerge system.

---
 ...bash-bzip2-gzip-and-tar-to-fix-repro.patch | 41 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 debian/patches/Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch

diff --git a/debian/patches/Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch b/debian/patches/Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch
new file mode 100644
index 00000000..48774dc8
--- /dev/null
+++ b/debian/patches/Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch
@@ -0,0 +1,41 @@
+From 710cbeb21274b555bd72a6c5b2b876e8d036107c Mon Sep 17 00:00:00 2001
+From: Vagrant Cascadian <vagrant@reproducible-builds.org>
+Date: Thu, 24 Sep 2020 18:10:01 +0000
+Subject: [PATCH] Specify path to bash, bzip2, gzip and tar to fix reproducible
+ build when built on usrmerge system.
+
+When built on a system with usrmerge enabled, and a system without
+usrmerge usrmerge enabled, A file in the nix-bin package embeds
+different paths for bash, bzip2, gzip and tar.
+
+This patch hard-codes these binaries to use the paths present on both
+usrmerge and non-usrmerge systems.
+
+---
+ corepkgs/config.nix.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/corepkgs/config.nix.in b/corepkgs/config.nix.in
+index 32ce6b39..7d91ce85 100644
+--- a/corepkgs/config.nix.in
++++ b/corepkgs/config.nix.in
+@@ -3,12 +3,12 @@ let
+     let val = builtins.getEnv var; in
+     if val != "" then val else def;
+ in rec {
+-  shell = "@bash@";
++  shell = "/bin/bash";
+   coreutils = "@coreutils@";
+-  bzip2 = "@bzip2@";
+-  gzip = "@gzip@";
++  bzip2 = "/bin/bzip2";
++  gzip = "/bin/gzip";
+   xz = "@xz@";
+-  tar = "@tar@";
++  tar = "/bin/tar";
+   tarFlags = "@tarFlags@";
+   tr = "@tr@";
+   nixBinDir = fromEnv "NIX_BIN_DIR" "@bindir@";
+-- 
+2.20.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 0f7766da..0eece566 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 fix-service-file-path.patch
 fix-Makefile.patch
 remove_callout_graphics.patch
+Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch
-- 
2.20.1

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 970874-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 970874-close@bugs.debian.org

Subject: Bug#970874: fixed in nix 2.3.10+dfsg1-1

Date: Fri, 26 Mar 2021 09:03:27 +0000

Source: nix
Source-Version: 2.3.10+dfsg1-1
Done: Thomas Koch <thomas@koch.ro>

We believe that the bug you reported is fixed in the latest version of
nix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 970874@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Koch <thomas@koch.ro> (supplier of updated nix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 26 Mar 2021 08:11:19 +0100
Source: nix
Architecture: source
Version: 2.3.10+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Thomas Koch <thomas@koch.ro>
Changed-By: Thomas Koch <thomas@koch.ro>
Closes: 970874
Changes:
 nix (2.3.10+dfsg1-1) unstable; urgency=medium
 .
   * new upstream version
   * Fix different bin paths on usrmerge and non-usrmerge systems
     Thanks to Vagrant Cascadian. (Closes: #970874)
   * update Standards-Version 4.5.0->4.5.1, no changes
Checksums-Sha1:
 18d2bdf20f32e0203b5e33661c301a470562ba08 2342 nix_2.3.10+dfsg1-1.dsc
 388b816a8d88d25eed4d2448e4ca415fa25eb78d 598756 nix_2.3.10+dfsg1.orig.tar.xz
 3d9d198044a4d110c2f6a44a0cb61184f2cbb384 12336 nix_2.3.10+dfsg1-1.debian.tar.xz
 ee51ae95b9ab69df87f3bf6a3b8c7accb316d379 8390 nix_2.3.10+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 f1a3bf1bd7b0120668317b9ac6bd6fe8d9844e3b49bc2e619173d6b3e0ef213f 2342 nix_2.3.10+dfsg1-1.dsc
 4eb01fe40ca05b531e3a081c5b70f8006e71f5a2c062602cf801e1e8c935f6e6 598756 nix_2.3.10+dfsg1.orig.tar.xz
 da3be44cb70f2682ae3ae15231cb4113a7d3ce3c79b6d3540897484db372cb1f 12336 nix_2.3.10+dfsg1-1.debian.tar.xz
 30dc7aff5a00cac61b424335723fea83cbf61b9d6de6d5f1ae8d4469c33f5ab5 8390 nix_2.3.10+dfsg1-1_amd64.buildinfo
Files:
 f9300333900fc9baaed37786f08beca9 2342 devel optional nix_2.3.10+dfsg1-1.dsc
 3b73df293f571659b672640396475f78 598756 devel optional nix_2.3.10+dfsg1.orig.tar.xz
 26180c393d070c90d59414f951d8a11f 12336 devel optional nix_2.3.10+dfsg1-1.debian.tar.xz
 1cf4d567942d61236aec059847a4fb52 8390 devel optional nix_2.3.10+dfsg1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdgQCBVl/ppbxMTvKB/xIkQQrploFAmBdoNcACgkQB/xIkQQr
ploA9BAAqz5GOruzE3d/WzJyeNE9m9xK0oqsXoJosj0/AyYXs3Cr7rmAZu+w+hNa
zKec+lq5qbsKqbEgXncEF5y4tlFaVGmPmRTfKrUYvbbilfRLMl2YmsVbdo12iGh1
gVvZB55klynyhtwLabbU3ENj7NhKCnPH1KXYSchycB9Xgf8zzrjkopAXOLNkIJ5p
LdSz3artFcFW0mjkeH2+xPle6jrihBUXEtWVrq6RjGQpa55weaQwJLd6JrEqwq55
PDDpM39OkPwIB5rhirpD1mV0/rceXyM77ikmjEef+glNOfImtLH0mWZkGmTuxk9z
9z3hiNM3kMDiWph/A8MDc0WGu/oMWklZ8tRv9steuG4z3A1yUhmHIBZtbc+NK2IJ
1it/NNdf++mzsV45wldk5eg8xdFdL9xw6B4RCUCIiYaLjK22/Ugfh/Gxy79wcZUE
oFGoigXI1MPZYh+bASCbyB3biyU+tF0HnAF9DH5c1nQfrbwhQQ1RGJlT0d/MINfp
w7fmnf9tmOeiP1v+ZLzjY9+cuZCkBM05qgwh71khKMYQ1YeT0Yz8bWWZA6gmQNGL
Ur1Oc8/6JtAl1qDbyRtaiAbEbwIvGHPs5jO+N6Kst2+C+8NIh3Xn4dZOf99US0eg
UY2V/u/3Ss9ffTOy/twN2pvemvqJO2low4R66P1HUX5UsT2F9zY=
=GG/c
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.