Debian Bug report logs - #993675
opensmtpd: stores wrong path to zcat if /usr/bin/zcat or /usr/local/bin/zcat exists

version graph

Package: src:opensmtpd; Maintainer for src:opensmtpd is Ryan Kavanagh <rak@debian.org>;

Reported by: Simon McVittie <smcv@debian.org>

Date: Sat, 4 Sep 2021 17:06:01 UTC

Severity: important

Tags: bookworm, patch, sid

Found in version opensmtpd/6.8.0p2-3

Fixed in version opensmtpd/6.8.0p2-4

Done: Ryan Kavanagh <rak@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Ryan Kavanagh <rak@debian.org>:
Bug#993675; Package src:opensmtpd. (Sat, 04 Sep 2021 17:06:03 GMT) (full text, mbox, link).

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Ryan Kavanagh <rak@debian.org>. (Sat, 04 Sep 2021 17:06:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: opensmtpd: stores wrong path to zcat if /usr/bin/zcat or /usr/local/bin/zcat exists
Date: Sat, 4 Sep 2021 18:03:11 +0100
[Message part 1 (text/plain, inline)]
Source: opensmtpd
Version: 6.8.0p2-3
Severity: important
Tags: patch bookworm sid
User: reproducible-builds@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

If opensmtpd is built on a merged-/usr system (as created by new
installations of Debian >= 10, debootstrap --merged-usr, or installing
the usrmerge package into an existing installation), the path to zcat
is recorded in the binary package as /usr/bin/zcat, rather than the
canonical /bin/zcat.

This can be seen on the reproducible-builds.org infra:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/i386/diffoscope-results/opensmtpd.html

If you have sbuild available, an easy way to reproduce this is to build
twice, once with --add-depends=usrmerge and once without.

I suspect the same thing would happen if opensmtpd was built on a system
where /sbin and /usr/sbin had instead been unified via a symlink farm.

The problematic situation is if the package is *built* on a unified-/usr
system, but *used* on a non-unified-/usr system. In this situation,
/usr/bin/zcat exists on the build system but not on the system where
the package will be used, resulting in the features that use this
executable not working correctly.

Similarly, if there is a /usr/local/bin/zcat visible at build-time,
then that path would likely end up hard-coded into the binary,
causing the relevant feature to fail on all systems that do not have
/usr/local/bin/zcat.

Technical Committee resolution #978636 mandates heading towards a
transition to merged-/usr, and variation between merged-/usr and
non-merged-/usr builds is a problem while that transition is taking
place, because it can lead to partial upgrades behaving incorrectly. It
is likely that this class of bugs will become release-critical later in
the bookworm development cycle.

The attached patch resolves this: with it applied, the package builds
identically with and without --add-depends=usrmerge.

Some developers advocate unifying /bin with /usr/bin via a symlink farm
in /bin instead of merged-/usr, but that strategy would have a similar
practical effect on this particular package, and the same solution would
be required.

A side benefit of fixing this is that this change seems likely to be
sufficient to make the package reproducible (as recommended by Policy
§4.15).

    smcv

[0001-d-rules-Specify-canonical-path-to-zcat.patch (text/x-diff, attachment)]

Reply sent to Ryan Kavanagh <rak@debian.org>:
You have taken responsibility. (Thu, 09 Sep 2021 14:27:07 GMT) (full text, mbox, link).

Notification sent to Simon McVittie <smcv@debian.org>:
Bug acknowledged by developer. (Thu, 09 Sep 2021 14:27:07 GMT) (full text, mbox, link).

Message #10 received at 993675-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 993675-close@bugs.debian.org
Subject: Bug#993675: fixed in opensmtpd 6.8.0p2-4
Date: Thu, 09 Sep 2021 14:24:19 +0000
Source: opensmtpd
Source-Version: 6.8.0p2-4
Done: Ryan Kavanagh <rak@debian.org>

We believe that the bug you reported is fixed in the latest version of
opensmtpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 993675@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryan Kavanagh <rak@debian.org> (supplier of updated opensmtpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Sep 2021 09:35:41 -0400
Source: opensmtpd
Architecture: source
Version: 6.8.0p2-4
Distribution: unstable
Urgency: medium
Maintainer: Ryan Kavanagh <rak@debian.org>
Changed-By: Ryan Kavanagh <rak@debian.org>
Closes: 993675
Changes:
 opensmtpd (6.8.0p2-4) unstable; urgency=medium
 .
   * Fix typo in gecos fields
   * Bump standards version to 4.6.0
   * Build identical packages, regardless of whether the build environment uses
     usrmerge (Closes: #993675)
Checksums-Sha1:
 fb81409e80697b12d5354118da60fc019862808c 1955 opensmtpd_6.8.0p2-4.dsc
 b0f588d2231ff4340a300579607aaf058d5848f7 24852 opensmtpd_6.8.0p2-4.debian.tar.xz
 51b449e17710b7c6165d6bcdaf8d8da62cab8ebc 6644 opensmtpd_6.8.0p2-4_amd64.buildinfo
Checksums-Sha256:
 d29690dfaf870ed586ce660bfeac7281409fa8f559211a2810f04d1bb94649b3 1955 opensmtpd_6.8.0p2-4.dsc
 8cf4aee9c29683f40fca97ea32d3382533971d2e941ffac8f92f34c68163bf72 24852 opensmtpd_6.8.0p2-4.debian.tar.xz
 2516b0505d5c739c9c3ee3809b0e8129e62b96490c08ed3cc2220fc1fd3d7000 6644 opensmtpd_6.8.0p2-4_amd64.buildinfo
Files:
 71e23d7c04114a8fd8c70033da55ddb6 1955 mail optional opensmtpd_6.8.0p2-4.dsc
 e077aa0d2b7a65f6318f8cc13f608b8c 24852 mail optional opensmtpd_6.8.0p2-4.debian.tar.xz
 5ae531362e735f08dfc466eff9e31af6 6644 mail optional opensmtpd_6.8.0p2-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEP7FHOW9as2zJ9q6CWXuniu1D+jAFAmE6EDkPHHJha0BkZWJp
YW4ub3JnAAoJEFl7p4rtQ/ow6doP/29uG4ukFN/qOMllc1Iqr+3r38kGQAY7ezxW
e5ZLknf26CItxyZvPpEF5hIFYd9ekvXMx+1yGbJXIx193NJDpGYbB012pniGXbxV
8D1K5Iwdtb1ClY6aXQNckZLZ3EugEdoW8Eloi63WDe1fPaD7qm2eFdqQ6kYQz8Du
T/9FzfCF0n7m34uVsBThFfgY6xP4MM5+I3Vg8wD7jDSdAf6x8O5eQ9mhcIvebWl2
8Z3cetO5Jxa5XJNlRqjfjI40ngflgh6FDyy7dHY0tv5ky5lehy4qLicxR9fczB0i
fAIcERxQp1voB5v5nVQa26GS2s4fgugVuyUDK1RF9qleq3MzJ1PLh8w1v5k0Fuxx
xUqIfqwqub9p4rNjy0uK5Vy7Hgx5tZ08LDJFuCfNhrhU4O3eHtPdKQx81T694Bi/
wConV2suMhUWBzUnTnv+vkIg6oQo3dggQ4aWmitis6lS6x6GJ1Ruc166xCqU1hs/
nAweQpZiRBjQ3ZUjmkWwfptED3c4v/W8GTqs6BKAeV/gXOXDmSQPhLHLWReg8V3n
77CqEHUq/hraknWFkB3k692yUsSPr0NLUQIcKFeiahzc4znTVXpWMd8FJl/OZ3W5
BHDwXWr/Mgl5Cc17epwXit0vLp55KdPGYVZmq/G871deJS1XzWoXj4CUrgMaP/uO
ypSGwne9
=HIUK
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 16 Oct 2021 07:28:01 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 12:12:56 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.