[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1010378: marked as done (leds-alix: reproducible builds: source tarball embeds timestamps and umask)

Your message dated Fri, 29 Apr 2022 22:49:49 +0000
with message-id <E1nkZQr-0002nm-OZ@fasolo.debian.org>
and subject line Bug#1010378: fixed in leds-alix 0.0.1-3
has caused the Debian Bug report #1010378,
regarding leds-alix: reproducible builds: source tarball embeds timestamps and umask
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1010378: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010378
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: leds-alix
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps umask
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

leds-alix-source embeds the timestamp and file permissions determined by
umask in the leds-alix source tarball:

  https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/diffoscope-results/leds-alix.html

  /usr/src/leds-alix.tar.bz2

  -rw-r--r--···0·root·········(0)·root·········(0)·····3610·2022-04-15·23:37:31.000000·modules/leds-alix/leds-alix.c
vs.
  -rw-rw-r--···0·root·········(0)·root·········(0)·····3610·2023-05-19·06:01:18.000000·modules/leds-alix/leds-alix.c

The attached patch fixes this by passing arguments to tar in
debian/rules to ensure consistent timestamp, file permissions, sort
order, user, group, uid and gid in the generated tarball.


With this patch applied, leds-alix should become reproducible on
tests.reproducible-builds.org!


live well,
  vagrant

From 7f79cf28e70fdc2c0832f10517f29f7a9be3b61e Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 29 Apr 2022 21:35:18 +0000
Subject: [PATCH 1/2] debian/rules: Generate tarball reproducibly.

Pass arguments to tar to set sort order, timestamps, owner, group and
mode.
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 1068a59..59012aa 100755
--- a/debian/rules
+++ b/debian/rules
@@ -48,7 +48,7 @@ install: build
 	dh_installdirs -p$(psource)  usr/src/modules/$(sname)/debian
 	cp Makefile leds-alix.c $(DESTDIR)
 	cp debian/*modules.in* debian/control debian/rules debian/changelog debian/copyright debian/README.Debian $(DESTDIR)/debian
-	cd debian/$(psource)/usr/src && tar c modules | bzip2 -9 > $(sname).tar.bz2 && rm -rf modules
+	cd debian/$(psource)/usr/src && tar --sort=name --mtime="@$(SOURCE_DATE_EPOCH)" --owner=0 --group=0 --numeric-owner --mode=go=rX,u+rw,a-s --create modules | bzip2 -9 > $(sname).tar.bz2 && rm -rf modules
 	dh_install
 
 binary-indep: build install
-- 
2.30.2

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: leds-alix
Source-Version: 0.0.1-3
Done: Vagrant Cascadian <vagrant@reproducible-builds.org>

We believe that the bug you reported is fixed in the latest version of
leds-alix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010378@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vagrant Cascadian <vagrant@reproducible-builds.org> (supplier of updated leds-alix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Apr 2022 15:28:19 -0700
Source: leds-alix
Architecture: source
Version: 0.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Vagrant Cascadian <vagrant@reproducible-builds.org>
Closes: 1010378
Changes:
 leds-alix (0.0.1-3) unstable; urgency=medium
 .
   * QA upload.
   * debian/rules: Generate tarball reproducibly (Closes: #1010378).
   * debian/control: Set Rules-Requires-Root to no.
Checksums-Sha1:
 91705a87380d14d7aa08a94a3d73a43ec393a593 1285 leds-alix_0.0.1-3.dsc
 21edea84a5d736b6aac6dc0010289619a9d72e24 3836 leds-alix_0.0.1-3.debian.tar.xz
 25f06896ba308d47ed1413b6e433e018bd591dcb 5228 leds-alix_0.0.1-3_amd64.buildinfo
Checksums-Sha256:
 c641597ad2a731b1368f764c8056b7f6a3b80436eb9f57b46b1c52961fac41b3 1285 leds-alix_0.0.1-3.dsc
 4747ef20e49e02d9d7c65dd7480303d433ba97d1e04004d24be74fcad3e9743f 3836 leds-alix_0.0.1-3.debian.tar.xz
 f261815c6a2f551bc9d555736c09e51836ba949769f30551047d894c8806c454 5228 leds-alix_0.0.1-3_amd64.buildinfo
Files:
 d12c639e3b84915aa49c2138ff729273 1285 utils optional leds-alix_0.0.1-3.dsc
 d300159a4e14875508008db2ff2db5ff 3836 utils optional leds-alix_0.0.1-3.debian.tar.xz
 5f8f71d61e00d16b5e57833d2013886f 5228 utils optional leds-alix_0.0.1-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iJYEARYKAD4WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYmxoZCAcdmFncmFudEBy
ZXByb2R1Y2libGUtYnVpbGRzLm9yZwAKCRDcUY/If5cWquvpAP0UqBhQt8kq0KB5
JeOxUV7kidaxdH4el9rrdtmmhIfkfwD+Prsu00LDfDM1XbURmhx6xZDbjEMIIboU
li70z0Kf+w8=
=boqQ
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: