Debian Bug report logs -
#973845
cmake: tar subcommand has no way to disable storing uid/gid in PKZIP format archive
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian CMake Team <pkg-cmake-team@lists.alioth.debian.org>:
Bug#973845; Package cmake.
(Thu, 05 Nov 2020 22:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Thorsten Glaser <tg@mirbsd.de>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian CMake Team <pkg-cmake-team@lists.alioth.debian.org>.
(Thu, 05 Nov 2020 22:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cmake
Version: 3.18.4-1
Severity: wishlist
Tags: upstream
User: reproducible-builds@lists.alioth.debian.org
Usertags: toolchain, username
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
The musescore3 source package uses the following construct…
COMMAND "${CMAKE_COMMAND}" -E tar cf "${PATH_OUT_ABS}" --format=zip -- ${FILES_IN}
… to create PKZIP-format archives at build time. The cmake-
builtin “tar” command has options to clamp(? set?) the mtime,
but not to prevent inclusion of the uid/gid into the archive,
producing the following diffoscope output:
··The·central-directory·extra·field·contains: ··The·central-directory·extra·field·contains:
··-·A·subfield·with·ID·0x5455·(universal·time)·and·13·data·bytes. ··-·A·subfield·with·ID·0x5455·(universal·time)·and·13·data·bytes.
····The·local·extra·field·has·UTC/GMT·modification/access/creation·times. ····The·local·extra·field·has·UTC/GMT·modification/access/creation·times.
··-·A·subfield·with·ID·0x7875·(Unix·UID/GID·(any·size))·and·11·data·bytes: ··-·A·subfield·with·ID·0x7875·(Unix·UID/GID·(any·size))·and·11·data·bytes:
····01·04·57·04·00·00·04·57·04·00·00. ····01·04·ae·08·00·00·04·ae·08·00·00.
Basically, the UID changed from 0x0457 to 0x08AE (AFAICT).
Now “zip” from info-zip has the following option:
-X Do not save extra file attributes (Extended Attributes
on OS/2, uid/gid and file times on Unix).
This functionality would be useful to have here, for reproducible
builds. (We also must be able to detect it, so building with older
cmake versions doesn’t fail.) Then I can ask upstream to include
it. (Changing the build to use info-zip is not an option, as upstream
also builds on commercial OSes; extra dependencies are unwanted.)
bye,
//mirabilos
--
Stéphane, I actually don’t block Googlemail, they’re just too utterly
stupid to successfully deliver to me (or anyone else using Greylisting
and not whitelisting their ranges). Same for a few other providers such
as Hotmail. Some spammers (Yahoo) I do block.
Added indication that 973845 affects src:musescore3
Request was from Thorsten Glaser <tg@mirbsd.de>
to control@bugs.debian.org.
(Thu, 05 Nov 2020 22:51:02 GMT) (full text, mbox, link).
Added indication that 973845 affects src:musescore-snapshot
Request was from Thorsten Glaser <tg@mirbsd.de>
to control@bugs.debian.org.
(Thu, 05 Nov 2020 22:51:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed May 17 12:51:28 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.