[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#805321: marked as done (debian-installer: builds unreproducible netboot images)

Your message dated Sun, 22 Nov 2015 15:50:19 +0000
with message-id <E1a0WuB-0005jB-WD@franck.debian.org>
and subject line Bug#805321: fixed in debian-installer 20150422+kbsd8u2
has caused the Debian Bug report #805321,
regarding debian-installer: builds unreproducible netboot images
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
805321: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805321
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: debian-installer
Version: 20150422
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertag: timestamps fileordering infrastructure
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
X-Debbugs-Cc: debian-bsd@lists.debian.org

Hi!

The debian-installer package build produces netboot.tar.gz and
the mini.iso netboot install media.  It doesn't do this in an easily
reproducible way:

  * the d-i initrd/mfsroot is a filesystem image, having variable
    mtime/ctime/atime timestamps from package build time;
  * likewise in the generated mini.iso;
  * netboot.tar.gz also has varying timestamps;  the order of files
    may also vary depending on the filesystem;
  * likewise in the cd info tarball;
  * likewise in the debian-installer-images tarball;
  * all gzipped outfile files have a timestamp in the header.

I have a patch aimed at jessie-kfreebsd that should fix all of the
above.  It should be possible to do the same in sid with much less
code, due to new GNU tar features and other reproducible builds work.

I've 'clamped' timestamps to be no later than the most recent
debian/changelog entry date.  That way, the non-useful timestamps
from during the build are adjusted to a constant value.  Older
timestamps, actually indicating how old a file is, are untouched.
The BUILD_DATE, actually the package version number, is unchanged.

Specifically on kfreebsd, the generated mfsroot is a ffs filesystem
having file atimes, and another timestamp in the filesystem superblock.
I intend to patch makefs so that it can clamp timestamps to a given
SOURCE_DATE_EPOCH.

Besides a file ordering issue in makefs, all output files including
netboot.tar.gz and mini.iso then seem to be reproducible for
jessie-kfreebsd, at least.  :)

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: debian-installer
Source-Version: 20150422+kbsd8u2

We believe that the bug you reported is fixed in the latest version of
debian-installer, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 805321@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steven Chamberlain <steven@pyro.eu.org> (supplier of updated debian-installer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 10 Nov 2015 21:38:46 +0000
Source: debian-installer
Binary: debian-installer
Architecture: source
Version: 20150422+kbsd8u2
Distribution: jessie-kfreebsd
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Steven Chamberlain <steven@pyro.eu.org>
Description:
 debian-installer - Debian installer
Closes: 805321
Changes:
 debian-installer (20150422+kbsd8u2) jessie-kfreebsd; urgency=medium
 .
   * Improve reproducibility of debian-installer netboot images
     (Closes: #805321):
   * Add a new utility build/util/gen-tarball to make reproducible
     tarballs, and use it for:
     - netboot.tar.gz
     - debian-cd_info.tar.gz
     - the overall debian-installer-images tar.gz file.
   * Inhibit gzip timestamp in initrd.gz
   * Ensure SOURCE_DATE_EPOCH is exported throughout the build system,
     define it if unset, or fall back to 'now' if build/Makefile is
     directly invoked.
   * On kfreebsd, use the new makefs -T parameter to clamp mfsroot
     timestamps to a reproducible maximum value;  raise Build-Depends: on
     makefs to version (>= 20100306-5+kbsd8u1~).
Checksums-Sha1:
 20d0c1469d35324e3d761c1f3a34f3912cdca376 3204 debian-installer_20150422+kbsd8u2.dsc
 74e958f413c43fd7d72190ef1ae44d5c0917d4e9 22241041 debian-installer_20150422+kbsd8u2.tar.gz
Checksums-Sha256:
 b93487bcb7dfd3d5a615ccc48b2352a6fb0675f3d78cbcb1fe25e33c414607f6 3204 debian-installer_20150422+kbsd8u2.dsc
 de56454f75b5abb1be1b0e723947d91d1e7a4b41529e41bbebc4e76a7c488bfa 22241041 debian-installer_20150422+kbsd8u2.tar.gz
Files:
 7a9d105bd813ae55e4a469db6e1ae0b7 3204 devel optional debian-installer_20150422+kbsd8u2.dsc
 a83270501b40492b72dbd96f8e00b16f 22241041 devel optional debian-installer_20150422+kbsd8u2.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJWUdyqAAoJELrpzbaMAu5TosQH/1XJbKkaI4bzQKotV+dH16M9
2CYMMTMWOVxmTyQBeifhmRUdnP52hFn23U8kwFxpIH1fbkqeaAzGFFsqu3/MQklB
03ilOLAcv8SUewN5tenOALsEIxyFzEdTiFn49WDaOZQQ8oPzTQgsd1FY+LfnuGB5
FdnjsG+CZXdOF0nGG0A3nwAUhJX+MiAC5ASWuMKcw5VHeLCzYLMrheD7FuSTsqXm
eBD7Wc3fVo8u4J2puIS1/BpsRWnQ8GHYW+3yJJr38vnfxFjpebx/LzjHA7y7R2NQ
EI2sVp2o1eIKSNmjQ20e6cktzdVoEKfXBBmUv3ZvgJDNwIRqTsz12uD7YTWNTGA=
=3oET
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: