Your message dated Wed, 23 Dec 2015 16:34:45 +0000 with message-id <E1aBmNB-0003i6-RT@franck.debian.org> and subject line Bug#793721: fixed in signify 1.14-3 has caused the Debian Bug report #793721, regarding signify: please make the mtimes reproducible to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 793721: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793721 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: signify: please make the mtimes reproducible
- From: Maria Valentina Marin <marivalenm@gmail.com>
- Date: Sun, 26 Jul 2015 19:52:05 +0200
- Message-id: <55B51E45.4020400@gmail.com>
Source: signify Version: 1.14-1 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Hi! While working on the “reproducible builds” effort [1], we have noticed that signify could not be built reproducibly. The attached patch sets the mtimes of all files which are modified during the built to the date of the last changelog entry in order to produce files with reproducible metadata. Please also consider this other bug from the reproducible builds team: https://bugs.debian.org/777062 Cheers, akira [1]: https://wiki.debian.org/ReproducibleBuildsdiff -Nru signify-1.14/debian/changelog signify-1.14/debian/changelog --- signify-1.14/debian/changelog 2004-05-05 14:03:52.000000000 +0200 +++ signify-1.14/debian/changelog 2015-07-26 09:56:44.000000000 +0200 @@ -1,3 +1,10 @@ +signify (1.14-1.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Fix mtimes before building binary packages to produce reproducible output + + -- akira <marivalenm@gmail.com> Sun, 26 Jul 2015 09:53:45 +0200 + signify (1.14-1) unstable; urgency=low * improved handling of existing signify process diff -Nru signify-1.14/debian/rules signify-1.14/debian/rules --- signify-1.14/debian/rules 2004-01-18 05:56:26.000000000 +0100 +++ signify-1.14/debian/rules 2015-07-26 09:53:43.000000000 +0200 @@ -6,7 +6,7 @@ package := signify - +export SOURCE_DATE_EPOCH = $(shell date -d "$$(dpkg-parsechangelog --count 1 -SDate)" +%s) default: @echo "What to do?" @@ -52,6 +52,8 @@ chown -R root.root debian/tmp chmod -R go=rX debian/tmp dpkg-gencontrol -is -ip + find debian/tmp -newermt "@$$SOURCE_DATE_EPOCH" -print0 | \ + xargs -0r touch --no-dereference --date="@$$SOURCE_DATE_EPOCH" dpkg --build debian/tmp dpkg-name -o -s .. debian/tmp.debAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: 793721-close@bugs.debian.org
- Subject: Bug#793721: fixed in signify 1.14-3
- From: Mattia Rizzolo <mattia@debian.org>
- Date: Wed, 23 Dec 2015 16:34:45 +0000
- Message-id: <E1aBmNB-0003i6-RT@franck.debian.org>
Source: signify Source-Version: 1.14-3 We believe that the bug you reported is fixed in the latest version of signify, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793721@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mattia Rizzolo <mattia@debian.org> (supplier of updated signify package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 23 Dec 2015 12:56:54 +0000 Source: signify Binary: signify Architecture: source all Version: 1.14-3 Distribution: unstable Urgency: medium Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Mattia Rizzolo <mattia@debian.org> Description: signify - Automatic, semi-random ".signature" rotator/generator Closes: 777062 793721 Changes: signify (1.14-3) unstable; urgency=medium . * QA upload. * Use source format 3.0 (quilt). + apparently the package was treated as native, even if it had a debian revision number and had an upstream site with an upstream tarball. Let's use last .tar.gz from the last upload as orig tarball. * Use copyright format 1.0. * Rewrite debian/rules using short dh format. + Add a build-depends on debhelper. + debhelper compat level to 9. + This obsolates the reproducible builds patches closes: #777062, #793721. * Makefile: + Don't set PREFIX if it is already set. + Install the manpages in /usr/share, following FHS. * fix typo s/writting/writing/ in the manpage. * Move website to the Homepage field. * Remove several useless files from debian/ and CVS control dirs. Checksums-Sha1: 1264e1abe9fcc574bba38c9c7f35280f10f1a90e 1667 signify_1.14-3.dsc 5f2c809a6a736355afbb14d03c7ca15a0188c145 14372 signify_1.14.orig.tar.gz 2c626d9f3031bb76b6a591dab46d21f3696f4742 3504 signify_1.14-3.debian.tar.xz 0ad9852a8b332eb574391e30bdac162d42e38bb7 12866 signify_1.14-3_all.deb Checksums-Sha256: cb704e714e974d48b1b17368bd4b373d204614ff764b93ce70e1beb638a98913 1667 signify_1.14-3.dsc 16646811623e244c98fb245e7a855dee9a22f4188f614c7e4d6ad5d0bd5b6fed 14372 signify_1.14.orig.tar.gz ea49d3f083dd877785c9dfee33aacb1ceecc616ca69692e053e08538d8e08a26 3504 signify_1.14-3.debian.tar.xz c7dfd5d6b3a715ae047dac68e932de49b304f30d5fbe75921f9a89faaa484b2c 12866 signify_1.14-3_all.deb Files: a45e582b4cef60bc8ae1a4dd83d095a1 1667 mail optional signify_1.14-3.dsc 130da2c88d2d98fffeab594724c0dff1 14372 mail optional signify_1.14.orig.tar.gz cb35bd82e57ea63bc7890361e8fe0c75 3504 mail optional signify_1.14-3.debian.tar.xz 20c599a4d32ed3b5a700fbd1a15d83ab 12866 mail optional signify_1.14-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWerhzAAoJEEsEP825REVAegwP/2lZtCDwoPoGbGyrJaM9JOxU a+Bld0FI5St6Emxt6WdQ216agey+FKUroP2dK0be7j0ZaA5ore15z66Xr/ihqC3M 0ac9zJnD1i6uIcT1wYVw6QPhI0tMBbaEohD1Ms9LKPGrltyb0Soz+xjBdb7PI7PL LzpmS+s3NPvYeNXVuaBZMyekmU4b2WERpXs8DeSgHc2XQRZzvt+usLfY527NKuZZ 7Y8Ftsr+Bn0BSXb+3HcdItm2N+EVIeCpFxghSFgc7hC+oH7fVIgzzePH5AdX2+lH uCF+w0lo2t3CDq7xXfipInmBJzKcdPQ1tbFJ7+p7Tm6V2Q2m/qJwGjtMFXsGH+JI b+RNdEaE6gt+G0VGHl/vN98eHQoDcAKV7TQwAAkM1i4AvN2NsLt65eP9VZ+2fCHJ QvlghpNRsmhN2t4zETQTO2DB0eZ/2vHRsYeiCzHvS2+9SK35eQXdjQljKllL89gU lROVPUTCicjY2k2oo9WRxpesjmAEl/vJND+uU+NyhpGdVsLMGHENn/98cMr/o9Fp V1d+bfPSrnp3e+VTrPvGIepOSTZUfbeDNAFwCRI3gvPI2VYqhtbBFGfd1OjWziaA /nkUG+5bk7Fh04kVURCxcNSDCI2Pwr+yjDskl69bVMeI0hnOyXHCZH/gkPGldYea mc17uzVAgS6vJ1v9lUnh =kmdT -----END PGP SIGNATURE-----
--- End Message ---