[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#990246: vlc: reproducible builds: Embeds build username and hostname in binaries

On 2021-10-03, Vagrant Cascadian wrote:
> On 2021-08-26, Sebastian Ramacher wrote:
>> On 2021-08-25 10:08:07 -0700, Vagrant Cascadian wrote:
>>> On 2021-08-25, Sebastian Ramacher wrote:
>>> > On 2021-06-23 13:16:47, Vagrant Cascadian wrote:
>>> >> The build username and build system hostname are embedded in binaries
>>> >> shipped in vlc:
...
>> A package version doesn't tell me if it's the same version but built by
>> Debian, built by Ubuntu, built by Devuan, etc. And given that we receive
>> bug reports from downstream distributions also in the Debian BTS, that's
>> something I want to know when triaging those reports.
>>
>> I'd be fine if that says for example, $DIST $ARCH buildd. That would
>> only leave custom built debs.
>
> Attached is a patch that was merged upstream, allowing overriding
> VLC_COMPILE_BY and VLC_COMPILE_HOST from configure.
>
> The second patch modifies Debian rules to pass information about the
> build host (DEB_VENDOR, DEB_HOST_ARCH, DEB_HOST_GNU_TYPE) via
> VLC_COMPILE_BY and VLC_COMPILE_HOST passed to configure.
>
> Hopefully this is sufficient to address the concerns of uniquely
> identifying a build...

Promised patches attached, really. :)

live well,
  vagrant


From eb977a8054db3b7ff665687dfc81647f2fc76943 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@debian.org>
Date: Sun, 3 Oct 2021 23:21:41 -0700
Subject: [PATCH 1/2] debian/patches: Allow passing VLC_COMPILE_BY and
 VLC_COMPILE_HOST to configure.

---
 ...ow-passing-VLC_COMPILE_BY-and-VLC_CO.patch | 42 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 43 insertions(+)
 create mode 100644 debian/patches/0004-configure.ac-Allow-passing-VLC_COMPILE_BY-and-VLC_CO.patch

diff --git a/debian/patches/0004-configure.ac-Allow-passing-VLC_COMPILE_BY-and-VLC_CO.patch b/debian/patches/0004-configure.ac-Allow-passing-VLC_COMPILE_BY-and-VLC_CO.patch
new file mode 100644
index 0000000000..32479abfeb
--- /dev/null
+++ b/debian/patches/0004-configure.ac-Allow-passing-VLC_COMPILE_BY-and-VLC_CO.patch
@@ -0,0 +1,42 @@
+From: Vagrant Cascadian <vagrant@reproducible-builds.org>
+Date: Wed, 29 Sep 2021 23:18:26 +0000
+Subject: [PATCH] configure.ac: Allow passing VLC_COMPILE_BY and
+ VLC_COMPILE_HOST.
+Origin: https://code.videolan.org/videolan/vlc/-/commit/9e7ed0247dd298fe8597431ae0738882e734011b
+Bug: https://code.videolan.org/videolan/vlc/-/issues/26035
+Bug-Debian: https://bugs.debian.org/990246
+
+This allows passing a specific value instead of inheriting these
+values from the build environment.
+
+Fixes #26035
+
+Backported from upstream commit 9e7ed0247dd298fe8597431ae0738882e734011b
+---
+ configure.ac | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 7db5256a84..614edbc461 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -4324,8 +4324,14 @@ AC_SUBST(VERSION_MINOR)
+ AC_SUBST(VERSION_REVISION)
+ AC_SUBST(VERSION_EXTRA)
+ AC_SUBST(COPYRIGHT_YEARS)
+-AC_DEFINE_UNQUOTED(VLC_COMPILE_BY, "`whoami|sed -e 's/\\\/\\\\\\\/g'`", [user who ran configure])
+-AC_DEFINE_UNQUOTED(VLC_COMPILE_HOST, "`hostname -f 2>/dev/null || hostname`", [host which ran configure])
++if [ -z "$VLC_COMPILE_BY" ]; then
++   VLC_COMPILE_BY=`whoami|sed -e 's/\\\/\\\\\\\/g'`
++fi
++AC_DEFINE_UNQUOTED(VLC_COMPILE_BY, "$VLC_COMPILE_BY", [user who ran configure])
++if [ -z "$VLC_COMPILE_HOST" ]; then
++   VLC_COMPILE_HOST=`hostname -f 2>/dev/null || hostname`
++fi
++AC_DEFINE_UNQUOTED(VLC_COMPILE_HOST, "$VLC_COMPILE_HOST", [host which ran configure])
+ AC_DEFINE_UNQUOTED(VLC_COMPILER, "`$CC -v 2>&1 | tail -n 1 | sed -e 's/ *$//'`", [compiler])
+ dnl
+ dnl  Handle substvars that use $(top_srcdir)
+-- 
+2.30.2
+
diff --git a/debian/patches/series b/debian/patches/series
index 4ac56b9c17..c263fa5c89 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 0001-configure-fix-linking-on-RISC-V-ISA.patch
 0002-Revert-configure-Require-libmodplug-0.8.9.patch
 0003-Do-not-generate-cache-during-build.patch
+0004-configure.ac-Allow-passing-VLC_COMPILE_BY-and-VLC_CO.patch
-- 
2.30.2


From c2eb314b786afef88a225bbfb39f6ceeed85638a Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Wed, 29 Sep 2021 23:13:07 +0000
Subject: [PATCH 2/2] debian/rules: Pass VLC_COMPILE_HOST and VLC_COMPILE_BY to
 configure. (Closes: #990246)

---
 debian/rules | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/debian/rules b/debian/rules
index 92ec896223..b43e06ec1b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -254,6 +254,9 @@ confflags += --disable-altivec
 removeplugins += altivec
 endif
 
+confflags += VLC_COMPILE_HOST=$(DEB_VENDOR)-$(DEB_HOST_ARCH)-$(DEB_HOST_GNU_TYPE)
+confflags += VLC_COMPILE_BY=$(DEB_VENDOR)
+
 # PowerPCSPE specific optimizations
 ifeq (,$(filter-out powerpcspe,$(DEB_HOST_ARCH)))
 DEB_CFLAGS_MAINT_APPEND += -mtune=8548
-- 
2.30.2

Attachment: signature.asc
Description: PGP signature

Reply to: