Bug#793721: marked as done (signify: please make the mtimes reproducible)

To: Mattia Rizzolo <mattia@debian.org>
Subject: Bug#793721: marked as done (signify: please make the mtimes reproducible)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 23 Dec 2015 16:39:11 +0000
Message-id: <[🔎] handler.793721.D793721.145088848827814.ackdone@bugs.debian.org>
References: <E1aBmNB-0003i6-RT@franck.debian.org> <55B51E45.4020400@gmail.com>

Your message dated Wed, 23 Dec 2015 16:34:45 +0000
with message-id <E1aBmNB-0003i6-RT@franck.debian.org>
and subject line Bug#793721: fixed in signify 1.14-3
has caused the Debian Bug report #793721,
regarding signify: please make the mtimes reproducible
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
793721: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793721
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: signify: please make the mtimes reproducible
From: Maria Valentina Marin <marivalenm@gmail.com>
Date: Sun, 26 Jul 2015 19:52:05 +0200
Message-id: <55B51E45.4020400@gmail.com>

Source: signify
Version: 1.14-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Hi!

While working on the “reproducible builds” effort [1], we have noticed
that signify could not be built reproducibly.

The attached patch sets the mtimes of all files which are modified
during the built to the date of the last changelog entry in order to
produce files with reproducible metadata. Please also consider this
other bug from the reproducible builds team:
https://bugs.debian.org/777062

Cheers,
akira

[1]: https://wiki.debian.org/ReproducibleBuilds

diff -Nru signify-1.14/debian/changelog signify-1.14/debian/changelog
--- signify-1.14/debian/changelog	2004-05-05 14:03:52.000000000 +0200
+++ signify-1.14/debian/changelog	2015-07-26 09:56:44.000000000 +0200
@@ -1,3 +1,10 @@
+signify (1.14-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix mtimes before building binary packages to produce reproducible output
+
+ -- akira <marivalenm@gmail.com>  Sun, 26 Jul 2015 09:53:45 +0200
+
 signify (1.14-1) unstable; urgency=low
 
   * improved handling of existing signify process
diff -Nru signify-1.14/debian/rules signify-1.14/debian/rules
--- signify-1.14/debian/rules	2004-01-18 05:56:26.000000000 +0100
+++ signify-1.14/debian/rules	2015-07-26 09:53:43.000000000 +0200
@@ -6,7 +6,7 @@
 
 package	:= signify
 
-
+export SOURCE_DATE_EPOCH = $(shell date -d "$$(dpkg-parsechangelog --count 1 -SDate)" +%s)
 
 default:
 	@echo "What to do?"
@@ -52,6 +52,8 @@
 	chown -R root.root debian/tmp
 	chmod -R go=rX debian/tmp
 	dpkg-gencontrol -is -ip
+	find debian/tmp -newermt "@$$SOURCE_DATE_EPOCH" -print0 | \
+		xargs -0r touch --no-dereference --date="@$$SOURCE_DATE_EPOCH"
 	dpkg --build debian/tmp
 	dpkg-name -o -s .. debian/tmp.deb

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

To: 793721-close@bugs.debian.org
Subject: Bug#793721: fixed in signify 1.14-3
From: Mattia Rizzolo <mattia@debian.org>
Date: Wed, 23 Dec 2015 16:34:45 +0000
Message-id: <E1aBmNB-0003i6-RT@franck.debian.org>

Source: signify
Source-Version: 1.14-3

We believe that the bug you reported is fixed in the latest version of
signify, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793721@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mattia Rizzolo <mattia@debian.org> (supplier of updated signify package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 23 Dec 2015 12:56:54 +0000
Source: signify
Binary: signify
Architecture: source all
Version: 1.14-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Mattia Rizzolo <mattia@debian.org>
Description:
 signify    - Automatic, semi-random ".signature" rotator/generator
Closes: 777062 793721
Changes:
 signify (1.14-3) unstable; urgency=medium
 .
   * QA upload.
   * Use source format 3.0 (quilt).
     + apparently the package was treated as native, even if it had a debian
       revision number and had an upstream site with an upstream tarball.
       Let's use last .tar.gz from the last upload as orig tarball.
   * Use copyright format 1.0.
   * Rewrite debian/rules using short dh format.
     + Add a build-depends on debhelper.
     + debhelper compat level to 9.
     + This obsolates the reproducible builds patches closes: #777062, #793721.
   * Makefile:
     + Don't set PREFIX if it is already set.
     + Install the manpages in /usr/share, following FHS.
   * fix typo s/writting/writing/ in the manpage.
   * Move website to the Homepage field.
   * Remove several useless files from debian/ and CVS control dirs.
Checksums-Sha1:
 1264e1abe9fcc574bba38c9c7f35280f10f1a90e 1667 signify_1.14-3.dsc
 5f2c809a6a736355afbb14d03c7ca15a0188c145 14372 signify_1.14.orig.tar.gz
 2c626d9f3031bb76b6a591dab46d21f3696f4742 3504 signify_1.14-3.debian.tar.xz
 0ad9852a8b332eb574391e30bdac162d42e38bb7 12866 signify_1.14-3_all.deb
Checksums-Sha256:
 cb704e714e974d48b1b17368bd4b373d204614ff764b93ce70e1beb638a98913 1667 signify_1.14-3.dsc
 16646811623e244c98fb245e7a855dee9a22f4188f614c7e4d6ad5d0bd5b6fed 14372 signify_1.14.orig.tar.gz
 ea49d3f083dd877785c9dfee33aacb1ceecc616ca69692e053e08538d8e08a26 3504 signify_1.14-3.debian.tar.xz
 c7dfd5d6b3a715ae047dac68e932de49b304f30d5fbe75921f9a89faaa484b2c 12866 signify_1.14-3_all.deb
Files:
 a45e582b4cef60bc8ae1a4dd83d095a1 1667 mail optional signify_1.14-3.dsc
 130da2c88d2d98fffeab594724c0dff1 14372 mail optional signify_1.14.orig.tar.gz
 cb35bd82e57ea63bc7890361e8fe0c75 3504 mail optional signify_1.14-3.debian.tar.xz
 20c599a4d32ed3b5a700fbd1a15d83ab 12866 mail optional signify_1.14-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWerhzAAoJEEsEP825REVAegwP/2lZtCDwoPoGbGyrJaM9JOxU
a+Bld0FI5St6Emxt6WdQ216agey+FKUroP2dK0be7j0ZaA5ore15z66Xr/ihqC3M
0ac9zJnD1i6uIcT1wYVw6QPhI0tMBbaEohD1Ms9LKPGrltyb0Soz+xjBdb7PI7PL
LzpmS+s3NPvYeNXVuaBZMyekmU4b2WERpXs8DeSgHc2XQRZzvt+usLfY527NKuZZ
7Y8Ftsr+Bn0BSXb+3HcdItm2N+EVIeCpFxghSFgc7hC+oH7fVIgzzePH5AdX2+lH
uCF+w0lo2t3CDq7xXfipInmBJzKcdPQ1tbFJ7+p7Tm6V2Q2m/qJwGjtMFXsGH+JI
b+RNdEaE6gt+G0VGHl/vN98eHQoDcAKV7TQwAAkM1i4AvN2NsLt65eP9VZ+2fCHJ
QvlghpNRsmhN2t4zETQTO2DB0eZ/2vHRsYeiCzHvS2+9SK35eQXdjQljKllL89gU
lROVPUTCicjY2k2oo9WRxpesjmAEl/vJND+uU+NyhpGdVsLMGHENn/98cMr/o9Fp
V1d+bfPSrnp3e+VTrPvGIepOSTZUfbeDNAFwCRI3gvPI2VYqhtbBFGfd1OjWziaA
/nkUG+5bk7Fh04kVURCxcNSDCI2Pwr+yjDskl69bVMeI0hnOyXHCZH/gkPGldYea
mc17uzVAgS6vJ1v9lUnh
=kmdT
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#777062: marked as done (signify: please make the build reproducible)
Next by Date: signify_1.14-3_amd64.changes ACCEPTED into unstable
Previous by thread: Bug#777062: marked as done (signify: please make the build reproducible)
Next by thread: signify_1.14-3_amd64.changes ACCEPTED into unstable
Index(es):
- Date
- Thread