Bug#1010233: marked as done (glibc: reproducible builds: different file permissions on ld.so.conf* and others)

To: Aurelien Jarno <aurel32@debian.org>
Subject: Bug#1010233: marked as done (glibc: reproducible builds: different file permissions on ld.so.conf* and others)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 08 Aug 2022 13:54:03 +0000
Message-id: <[🔎] handler.1010233.D1010233.165996666830824.ackdone@bugs.debian.org>
Reply-to: 1010233@bugs.debian.org
References: <E1oL39t-008God-U1@fasolo.debian.org> <87pml3aay8.fsf@contorta>

Your message dated Mon, 08 Aug 2022 13:51:05 +0000
with message-id <E1oL39t-008God-U1@fasolo.debian.org>
and subject line Bug#1010233: fixed in glibc 2.34-2
has caused the Debian Bug report #1010233,
regarding glibc: reproducible builds: different file permissions on ld.so.conf* and others
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1010233: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010233
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: glibc: reproducible builds: different file permissions on ld.so.conf* and others
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Tue, 26 Apr 2022 12:42:07 -0700
Message-id: <87pml3aay8.fsf@contorta>

Source: glibc
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: umask
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

Changes in the experimental packaging cause the umask of the build user
to affect the permissions of numerous files that are excluded from the
dh_fixperms call:

  https://tests.reproducible-builds.org/debian/rb-pkg/experimental/arm64/diffoscope-results/glibc.html

  glibc-source_2.34-0experimental4_all.deb

  -rw-r--r--···0·root ... ./usr/src/glibc/debian/local/etc/ld.so.conf
  -rw-r--r--···0·root ... ./usr/src/glibc/debian/patches/any/local-ldconfig-ignore-ld.so.diff
vs.
  -rw-rw-r--···0·root ... ./usr/src/glibc/debian/local/etc/ld.so.conf
  -rw-rw-r--···0·root ... ./usr/src/glibc/debian/patches/any/local-ldconfig-ignore-ld.so.diff

  libc-bin_2.34-0experimental4_arm64.deb

  -rw-r--r--···0·root·········(0)·root·········(0)·······34·2019-07-29·09:56:57.000000·./etc/ld.so.conf
  drwxr-xr-x···0·root·········(0)·root·········(0)········0·2019-07-29·09:56:57.000000·./etc/ld.so.conf.d/
  -rw-r--r--···0·root·········(0)·root·········(0)·······44·2019-07-29·09:56:57.000000·./etc/ld.so.conf.d/libc.conf
vs.  
  -rw-rw-r--···0·root·········(0)·root·········(0)·······34·2019-07-29·09:56:57.000000·./etc/ld.so.conf
  drwxrwxr-x···0·root·········(0)·root·········(0)········0·2019-07-29·09:56:57.000000·./etc/ld.so.conf.d/
  -rw-rw-r--···0·root·········(0)·root·········(0)·······44·2019-07-29·09:56:57.000000·./etc/ld.so.conf.d/libc.conf


The attached patch fixes this by removing some exclusions from
dh_fixperms calls and explicitly marking the desired files as
executable.

The patch does appear to have some side-effects setting various library
files as executable that were not previously:

  -rw-r--r--  root/root   /lib32/libBrokenLocale.so.1
vs.
  -rwxr-xr-x  root/root   /lib32/libBrokenLocale.so.1

Weather this is desireable or undesireable I'm not sure... further
adjustments could be made to fix this either way, of course.


With this patch applied, glibc should become reproducible on
tests.reproducible-builds.org again!


Thanks for maintaining glibc!


live well,
  vagrant

From fec02c8f2ce43f4987899e842119f7a1bb2e16c0 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Tue, 26 Apr 2022 18:48:16 +0000
Subject: [PATCH] debian/rules.d/debhelper.mk: Fix permissions on libc.so* and
 ld.so* without excluding from dh_fixperms.

The dh_fixperms exclude was overly broad, catching /etc/ld.so.conf*
and other files, resulting in different permissions when built with
different umask.

https://tests.reproducible-builds.org/debian/issues/unstable/different_due_to_umask_issue.html
---
 debian/rules.d/debhelper.mk | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/debian/rules.d/debhelper.mk b/debian/rules.d/debhelper.mk
index 3762ff85d..1ef90a834 100644
--- a/debian/rules.d/debhelper.mk
+++ b/debian/rules.d/debhelper.mk
@@ -52,11 +52,14 @@ endif
 
 	dh_compress -p$(curpass)
 	# Keep the setuid on pt_chown (non-Linux only).
-	# libc.so prints useful version information when executed.
-	dh_fixperms -p$(curpass) -Xpt_chown -Xlibc.so. -Xld.so
+	dh_fixperms -p$(curpass) -Xpt_chown
 	# Use this instead of -X to dh_fixperms so that we can use
 	# an unescaped regular expression.  ld.so must be executable;
+	find debian/$(curpass) -type f -name ld.so -exec chmod a+x '{}' ';'
 	find debian/$(curpass) -type f -regex '.*/ld.*\.so\.[0-9]' -exec chmod a+x '{}' ';'
+	# libc.so prints useful version information when executed.
+	find debian/$(curpass) -type f -name libc.so -exec chmod a+x '{}' ';'
+	find debian/$(curpass) -type f -regex '.*/libc.*\.so\.[0-9]' -exec chmod a+x '{}' ';'
 	dh_makeshlibs -Xgconv/ -p$(curpass) -V "$(call xx,shlib_dep)"
 	# Add relevant udeb: lines in shlibs files
 	sh ./debian/shlibs-add-udebs $(curpass)
-- 
2.36.0

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 1010233-close@bugs.debian.org
Subject: Bug#1010233: fixed in glibc 2.34-2
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 08 Aug 2022 13:51:05 +0000
Message-id: <E1oL39t-008God-U1@fasolo.debian.org>
Reply-to: Aurelien Jarno <aurel32@debian.org>

Source: glibc
Source-Version: 2.34-2
Done: Aurelien Jarno <aurel32@debian.org>

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010233@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 08 Aug 2022 15:24:00 +0200
Source: glibc
Architecture: source
Version: 2.34-2
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 1010233
Changes:
 glibc (2.34-2) unstable; urgency=medium
 .
   [ Aurelien Jarno ]
   * debian/patches/git-updates.diff: update from upstream stable branch.
   * debian/control.in/libc: provides libc-dev as versioned.
   * debian/control.in/libc: Add breaks in libc6-dev against catch (<=
     1.12.2-0.1).  See: #993515.
   * debian/rules.d/debhelper.mk: Do not exclude libc.so and ld.so from
     dh_fixperms, explicitly change the permissions afterwards.  Closes:
     #1010233.
   * debian/control.in/libc: temporary remove the breaks against
     heimdal-multidev to break the build-dependency loop between heimdal and
     openldap.
   * debian/debhelper.in/libc-udeb.install: ship the dynamic linker in
     libc6-udeb.
 .
   [ Samuel Thibault ]
   * debian/testsuite-xfail-debian.mk: Update hurd-i386 xfails.
Checksums-Sha1:
 c65bf9c71866ac17d7d42470828e62ab78e1349d 9673 glibc_2.34-2.dsc
 3356fe8acdeb44ec930699d26b56a58282029f87 995120 glibc_2.34-2.debian.tar.xz
 ff6297083d353f45fc4a869dfdcc29d0005697df 9470 glibc_2.34-2_source.buildinfo
Checksums-Sha256:
 e3afc547d31fe91cc0d4845f9d5ebdfe3fee26e0020e4780b957578c8eaf8c42 9673 glibc_2.34-2.dsc
 8643c40d033c1146182e2895e5a86ae516bd6dc339846f85ea9bf035b968f02d 995120 glibc_2.34-2.debian.tar.xz
 f37c2940800fc69ed52c3c82ae6f16aa9753728c5598663537febd72c643ac3c 9470 glibc_2.34-2_source.buildinfo
Files:
 8b29f2b38a849f07b62c392ca0868110 9673 libs required glibc_2.34-2.dsc
 ce43c61363a01e6383cd45b5a64f48ba 995120 libs required glibc_2.34-2.debian.tar.xz
 6e74c6ee13a872a901b46402d37edd68 9470 libs required glibc_2.34-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmLxEHEACgkQE4jA+Jno
M2tJRg/+OdFzSWrNn7IxYh5NNmApsmx9iAJmwNzYmJDqe+42LjJKUUNCqrDSW6kg
waApYaRD6MLJZtSLi+h0I0bSeMiMTus6tOYL+LEOGQUaH2RV8gmxzWUOEcH1wRQ8
lM7U4IKUaiJlBMt3wjMnx2Kla0gGDFeC+5CHGWrfr+iC3S7VTmdFinG3OwpRyjeB
GBigLARdssFpqnv2TC+/gC2JgxJ4TMP+iuEoFRo0qdbFppgCHoCvenroUnN+O8xz
eSch9/wx3cHWn6+hJd4OtTr0XNOEzOdQk99x4lGXmNgEC9PSmnJ7WGFW6v4NnXfV
cpZsWHeTOzD6C3PwtltVhLFYSUlEV3MJVg8JkJVCkB+1YvHDsGlSDqIkSehRG55a
F6f1oOw2lSEVaYmlU1NTkyUjpq6t1rqU6bwAO6Noqou48FRei8/se3+Y0Ha8MI5C
lFxQTrUNJRraJfqPQr4nWzKrcrEDiZVYnNMe7snS/DZwmrTG8OwTqPeH8oPKzqVD
TfIX2NHCbwzM8zBrpUS8CiXAH8B0pbjNuD3NagRZN3jopu/tCcppE23UQx4l6toz
1vdKu3ZJmT59e2qRHqs9HMjLe3MmAJE5JSW1l1qxBj9j7XlwgkU0Bx7h//iXd8Ru
vqcmFfX/S4x8eZLU5AUMvXU1wjeiC+z/K+a2w0RoS6N7IPARL40=
=tS27
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processing of glibc_2.34-2_source.changes
Next by Date: glibc_2.34-2_source.changes ACCEPTED into unstable
Previous by thread: Processing of glibc_2.34-2_source.changes
Next by thread: glibc_2.34-2_source.changes ACCEPTED into unstable
Index(es):
- Date
- Thread