Source: glibc Severity: normal Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: umask X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org Changes in the experimental packaging cause the umask of the build user to affect the permissions of numerous files that are excluded from the dh_fixperms call: https://tests.reproducible-builds.org/debian/rb-pkg/experimental/arm64/diffoscope-results/glibc.html glibc-source_2.34-0experimental4_all.deb -rw-r--r--···0·root ... ./usr/src/glibc/debian/local/etc/ld.so.conf -rw-r--r--···0·root ... ./usr/src/glibc/debian/patches/any/local-ldconfig-ignore-ld.so.diff vs. -rw-rw-r--···0·root ... ./usr/src/glibc/debian/local/etc/ld.so.conf -rw-rw-r--···0·root ... ./usr/src/glibc/debian/patches/any/local-ldconfig-ignore-ld.so.diff libc-bin_2.34-0experimental4_arm64.deb -rw-r--r--···0·root·········(0)·root·········(0)·······34·2019-07-29·09:56:57.000000·./etc/ld.so.conf drwxr-xr-x···0·root·········(0)·root·········(0)········0·2019-07-29·09:56:57.000000·./etc/ld.so.conf.d/ -rw-r--r--···0·root·········(0)·root·········(0)·······44·2019-07-29·09:56:57.000000·./etc/ld.so.conf.d/libc.conf vs. -rw-rw-r--···0·root·········(0)·root·········(0)·······34·2019-07-29·09:56:57.000000·./etc/ld.so.conf drwxrwxr-x···0·root·········(0)·root·········(0)········0·2019-07-29·09:56:57.000000·./etc/ld.so.conf.d/ -rw-rw-r--···0·root·········(0)·root·········(0)·······44·2019-07-29·09:56:57.000000·./etc/ld.so.conf.d/libc.conf The attached patch fixes this by removing some exclusions from dh_fixperms calls and explicitly marking the desired files as executable. The patch does appear to have some side-effects setting various library files as executable that were not previously: -rw-r--r-- root/root /lib32/libBrokenLocale.so.1 vs. -rwxr-xr-x root/root /lib32/libBrokenLocale.so.1 Weather this is desireable or undesireable I'm not sure... further adjustments could be made to fix this either way, of course. With this patch applied, glibc should become reproducible on tests.reproducible-builds.org again! Thanks for maintaining glibc! live well, vagrant
From fec02c8f2ce43f4987899e842119f7a1bb2e16c0 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Tue, 26 Apr 2022 18:48:16 +0000
Subject: [PATCH] debian/rules.d/debhelper.mk: Fix permissions on libc.so* and
ld.so* without excluding from dh_fixperms.
The dh_fixperms exclude was overly broad, catching /etc/ld.so.conf*
and other files, resulting in different permissions when built with
different umask.
https://tests.reproducible-builds.org/debian/issues/unstable/different_due_to_umask_issue.html
---
debian/rules.d/debhelper.mk | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/debian/rules.d/debhelper.mk b/debian/rules.d/debhelper.mk
index 3762ff85d..1ef90a834 100644
--- a/debian/rules.d/debhelper.mk
+++ b/debian/rules.d/debhelper.mk
@@ -52,11 +52,14 @@ endif
dh_compress -p$(curpass)
# Keep the setuid on pt_chown (non-Linux only).
- # libc.so prints useful version information when executed.
- dh_fixperms -p$(curpass) -Xpt_chown -Xlibc.so. -Xld.so
+ dh_fixperms -p$(curpass) -Xpt_chown
# Use this instead of -X to dh_fixperms so that we can use
# an unescaped regular expression. ld.so must be executable;
+ find debian/$(curpass) -type f -name ld.so -exec chmod a+x '{}' ';'
find debian/$(curpass) -type f -regex '.*/ld.*\.so\.[0-9]' -exec chmod a+x '{}' ';'
+ # libc.so prints useful version information when executed.
+ find debian/$(curpass) -type f -name libc.so -exec chmod a+x '{}' ';'
+ find debian/$(curpass) -type f -regex '.*/libc.*\.so\.[0-9]' -exec chmod a+x '{}' ';'
dh_makeshlibs -Xgconv/ -p$(curpass) -V "$(call xx,shlib_dep)"
# Add relevant udeb: lines in shlibs files
sh ./debian/shlibs-add-udebs $(curpass)
--
2.36.0
Attachment:
signature.asc
Description: PGP signature