Bug#978044: wily: reproducible builds: Embeds user, group and umask in tarballs

To: submit@bugs.debian.org
Subject: Bug#978044: wily: reproducible builds: Embeds user, group and umask in tarballs
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Thu, 24 Dec 2020 17:49:47 -0800
Message-id: <[🔎] 87k0t6ods4.fsf@yucca>
Reply-to: Vagrant Cascadian <vagrant@reproducible-builds.org>, 978044@bugs.debian.org

Source: wily
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: username umask
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The tarballs /usr/share/doc/wily/wily.tar.gz and
/usr/share/doc/wily/tute.tar.gz contain the username, user id, group
name, group id and umask of the build environment in which they were
produced:

  https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/wily.html

  drwxr-xr-x···0·pbuilder1··(1111)·pbuilder1··(1111)········0·2019-08-21·10:11:18.000000·tute/
  vs.
  drwxrwxr-x···0·pbuilder2··(2222)·pbuilder2··(2222)········0·2019-08-21·10:11:18.000000·tute/


The attached patch fixes this by passing arguments to tar in
debian/rules to avoid embedding this metadata.


Thanks for maintaining wily!


live well,
  vagrant

From 8ee7445fb8376fec85b2f05b929a8881ce6b3d4b Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 25 Dec 2020 00:01:32 +0000
Subject: [PATCH 1/8] debian/rules: Pass options to tar to generate
 reproducible tarballs.

Pass additional options to tar to ensure sort order, user id, group id
and pax headers are consistent between builds.

See "Full example":

   https://reproducible-builds.org/docs/archives/
---
 debian/rules | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/debian/rules b/debian/rules
index 7d38575..f21f401 100755
--- a/debian/rules
+++ b/debian/rules
@@ -53,10 +53,16 @@ install-stamp: build-stamp
 	install -m644 Doc/changes.txt debian/wily/usr/share/doc/wily/html
 	install -m644 Doc/*.html debian/wily/usr/share/doc/wily/html
 	install -m644 Doc/*.gif debian/wily/usr/share/doc/wily/html
-	cd Doc && GZIP="-9n" tar -czhf \
-		../debian/wily/usr/share/doc/wily/tute.tar.gz tute --mtime="@$(SOURCE_DATE_EPOCH)"
-	cd misc && GZIP="-9n" tar -czhf \
-		../debian/wily/usr/share/doc/wily/wily.tar.gz wily --mtime="@$(SOURCE_DATE_EPOCH)"
+	cd Doc && GZIP="-9n" tar --sort=name \
+		--mtime="@${SOURCE_DATE_EPOCH}" \
+		--owner=0 --group=0 --numeric-owner \
+		--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+		-czhf ../debian/wily/usr/share/doc/wily/tute.tar.gz tute
+	cd misc && GZIP="-9n" tar --sort=name \
+		--mtime="@${SOURCE_DATE_EPOCH}" \
+		--owner=0 --group=0 --numeric-owner \
+		--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+		-czhf ../debian/wily/usr/share/doc/wily/wily.tar.gz wily
 	touch install-stamp
 
 binary-indep: build install
-- 
2.20.1

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#978044: marked as done (wily: reproducible builds: Embeds user, group and umask in tarballs)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: gnome-mime-data_2.18.0-2.1_source.changes ACCEPTED into unstable
Next by Date: Bug#978044: marked as done (wily: reproducible builds: Embeds user, group and umask in tarballs)
Previous by thread: gnome-mime-data_2.18.0-2.1_source.changes ACCEPTED into unstable
Next by thread: Bug#978044: marked as done (wily: reproducible builds: Embeds user, group and umask in tarballs)
Index(es):
- Date
- Thread