Debian Bug report logs - #978751
milter-greylist: reproducible builds: Embeds username, hostname, build path and build time in /usr/sbin/milter-greylist

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>

To: submit@bugs.debian.org

Subject: milter-greylist: reproducible builds: Embeds username, hostname, build path and build time in /usr/sbin/milter-greylist

Date: Thu, 31 Dec 2020 02:22:57 -0800

[Message part 1 (text/plain, inline)]

Source: milter-greylist
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps username hostname buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The binary /usr/sbin/milter-greylist embeds the username, hostname,
build path and build time:

  https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/milter-greylist.html

  @ionos15-amd64:/build/milter-greylist-4.6.2·Tue·Jan·18·21:45:14·-12·2022
  vs.
  @i-capture-the-hostname:/build/milter-greylist-4.6.2·Thu·Dec·17·17:23:13·+14·2020


The attached patch fixes this by setting an empty BUILD_ENV in
configure.ac.


Thanks for maintaining milter-greylist!


live well,
  vagrant

[0001-configure.ac-Set-empty-BUILD_ENV.patch (text/x-diff, inline)]

From 3ab3aba5691c9fee38cfa3e8063a958b70a035a6 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Thu, 31 Dec 2020 10:10:57 +0000
Subject: [PATCH] configure.ac: Set empty BUILD_ENV.

The BUILD_ENV captures the username, hostname, build path and build
time.
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 8fe0002..606b769 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1298,7 +1298,7 @@ AC_ARG_ENABLE(postfix,
 	])
 
 # Record the build environnement for milter-greylist -r
-AC_DEFINE_UNQUOTED([BUILD_ENV], ["`logname`@`uname -n`:`pwd` `date`"], 
+AC_DEFINE_UNQUOTED([BUILD_ENV], [""],
     [Build environnement]) 
 
 # Options
-- 
2.30.0

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 978751-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 978751-close@bugs.debian.org

Subject: Bug#978751: fixed in milter-greylist 4.6.2-2

Date: Thu, 31 Dec 2020 20:49:23 +0000

Source: milter-greylist
Source-Version: 4.6.2-2
Done: Vagrant Cascadian <vagrant@reproducible-builds.org>

We believe that the bug you reported is fixed in the latest version of
milter-greylist, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 978751@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vagrant Cascadian <vagrant@reproducible-builds.org> (supplier of updated milter-greylist package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 31 Dec 2020 12:42:59 -0800
Source: milter-greylist
Architecture: source
Version: 4.6.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Vagrant Cascadian <vagrant@reproducible-builds.org>
Closes: 739465 784408 978751
Changes:
 milter-greylist (4.6.2-2) unstable; urgency=medium
 .
   * QA upload.
 .
   [ Debian Janitor ]
   * Use secure URI in debian/watch.
   * Set Homepage field in Source rather than Binary package.
   * Update standards version to 4.5.0, no changes needed.
 .
   [ Vagrant Cascadian ]
   * debian/patches: Adjust configure.ac to avoid embedding hostname,
     username, build time and build path in the binaries. (Closes: #978751)
   * debian/control: Set Rules-Requires-Root to "no".
   * debian/control: Update to debhelper-compat 13.
   * debian/control: Update Standards-Version to 4.5.1.
 .
   [ Christian Dröge ]
   * systemd support for milter-greylist (Closes: #739465)
 .
   [ Vagrant Cascadian ]
   * debian/patches: initfile.nosudo: Fix typo in patch to use "su" instead
     of "sudo". (Closes: #784408)
Checksums-Sha1:
 2848290db00f14ec574434bae36a3f89d0ae3b8e 1471 milter-greylist_4.6.2-2.dsc
 be2d91837bfd99b9291dc8a8473db9d8e01a22f4 12520 milter-greylist_4.6.2-2.debian.tar.xz
 d4ceca3f3c81808e62efa85449c0fb13dcc4c413 6641 milter-greylist_4.6.2-2_amd64.buildinfo
Checksums-Sha256:
 4c6dc8821dc9c6ce88ba3ef7091b02f03eb3f4710267a104f1c27e8849dd7eac 1471 milter-greylist_4.6.2-2.dsc
 f32a59bfb72df6c7d1300bdc7efb8a04e3834e4ecf9f9e07b4063e1e6de2342a 12520 milter-greylist_4.6.2-2.debian.tar.xz
 10e80c49ff889de2a80f8158d2909ae21eba0695cacab6058106356cf3b89406 6641 milter-greylist_4.6.2-2_amd64.buildinfo
Files:
 f1978f395e1aa0b57e9303ed9047d47d 1471 mail optional milter-greylist_4.6.2-2.dsc
 9f13fd329dcd53541563c2643a2822ee 12520 mail optional milter-greylist_4.6.2-2.debian.tar.xz
 bdd64272b999792f0d771df7d5e9f983 6641 mail optional milter-greylist_4.6.2-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iJYEARYKAD4WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCX+44tyAcdmFncmFudEBy
ZXByb2R1Y2libGUtYnVpbGRzLm9yZwAKCRDcUY/If5cWqhawAP9KM26N9XT4hIRR
XQGKvfxS2GKcbkRTK64d98s1Zkw3WAEA+GDkpJ6nyxXjn/z1Nv9Vfx1loiRV5laP
PkuMUswOug0=
=3nHV
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.