Bug#978044: marked as done (wily: reproducible builds: Embeds user, group and umask in tarballs)

To: Vagrant Cascadian <vagrant@reproducible-builds.org>
Subject: Bug#978044: marked as done (wily: reproducible builds: Embeds user, group and umask in tarballs)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 25 Dec 2020 05:21:04 +0000
Message-id: <[🔎] handler.978044.D978044.160887352731010.ackdone@bugs.debian.org>
Reply-to: 978044@bugs.debian.org
References: <E1ksfV0-0006Fv-D8@fasolo.debian.org> <[🔎] 87k0t6ods4.fsf@yucca>

Your message dated Fri, 25 Dec 2020 05:18:46 +0000
with message-id <E1ksfV0-0006Fv-D8@fasolo.debian.org>
and subject line Bug#978044: fixed in wily 0.13.41-9
has caused the Debian Bug report #978044,
regarding wily: reproducible builds: Embeds user, group and umask in tarballs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
978044: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978044
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: wily: reproducible builds: Embeds user, group and umask in tarballs
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Thu, 24 Dec 2020 17:49:47 -0800
Message-id: <[🔎] 87k0t6ods4.fsf@yucca>

Source: wily
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: username umask
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The tarballs /usr/share/doc/wily/wily.tar.gz and
/usr/share/doc/wily/tute.tar.gz contain the username, user id, group
name, group id and umask of the build environment in which they were
produced:

  https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/wily.html

  drwxr-xr-x···0·pbuilder1··(1111)·pbuilder1··(1111)········0·2019-08-21·10:11:18.000000·tute/
  vs.
  drwxrwxr-x···0·pbuilder2··(2222)·pbuilder2··(2222)········0·2019-08-21·10:11:18.000000·tute/


The attached patch fixes this by passing arguments to tar in
debian/rules to avoid embedding this metadata.


Thanks for maintaining wily!


live well,
  vagrant

From 8ee7445fb8376fec85b2f05b929a8881ce6b3d4b Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 25 Dec 2020 00:01:32 +0000
Subject: [PATCH 1/8] debian/rules: Pass options to tar to generate
 reproducible tarballs.

Pass additional options to tar to ensure sort order, user id, group id
and pax headers are consistent between builds.

See "Full example":

   https://reproducible-builds.org/docs/archives/
---
 debian/rules | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/debian/rules b/debian/rules
index 7d38575..f21f401 100755
--- a/debian/rules
+++ b/debian/rules
@@ -53,10 +53,16 @@ install-stamp: build-stamp
 	install -m644 Doc/changes.txt debian/wily/usr/share/doc/wily/html
 	install -m644 Doc/*.html debian/wily/usr/share/doc/wily/html
 	install -m644 Doc/*.gif debian/wily/usr/share/doc/wily/html
-	cd Doc && GZIP="-9n" tar -czhf \
-		../debian/wily/usr/share/doc/wily/tute.tar.gz tute --mtime="@$(SOURCE_DATE_EPOCH)"
-	cd misc && GZIP="-9n" tar -czhf \
-		../debian/wily/usr/share/doc/wily/wily.tar.gz wily --mtime="@$(SOURCE_DATE_EPOCH)"
+	cd Doc && GZIP="-9n" tar --sort=name \
+		--mtime="@${SOURCE_DATE_EPOCH}" \
+		--owner=0 --group=0 --numeric-owner \
+		--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+		-czhf ../debian/wily/usr/share/doc/wily/tute.tar.gz tute
+	cd misc && GZIP="-9n" tar --sort=name \
+		--mtime="@${SOURCE_DATE_EPOCH}" \
+		--owner=0 --group=0 --numeric-owner \
+		--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+		-czhf ../debian/wily/usr/share/doc/wily/wily.tar.gz wily
 	touch install-stamp
 
 binary-indep: build install
-- 
2.20.1

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 978044-close@bugs.debian.org
Subject: Bug#978044: fixed in wily 0.13.41-9
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 25 Dec 2020 05:18:46 +0000
Message-id: <E1ksfV0-0006Fv-D8@fasolo.debian.org>
Reply-to: Vagrant Cascadian <vagrant@reproducible-builds.org>

Source: wily
Source-Version: 0.13.41-9
Done: Vagrant Cascadian <vagrant@reproducible-builds.org>

We believe that the bug you reported is fixed in the latest version of
wily, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 978044@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vagrant Cascadian <vagrant@reproducible-builds.org> (supplier of updated wily package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 24 Dec 2020 20:52:49 -0800
Source: wily
Architecture: source
Version: 0.13.41-9
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Vagrant Cascadian <vagrant@reproducible-builds.org>
Closes: 978044
Changes:
 wily (0.13.41-9) unstable; urgency=medium
 .
   * QA upload.
   * debian/rules: Pass options to tar to generate reproducible tarballs.
     (Closes: #978044)
   * Remove dead link to image in documentation.
   * Patch tools/win/Makefile.in to pass additional include directory.
   * debian/menu: Update to use the "Applications" section.
   * debian/rules: Switch to "dh".
   * Switch to debhelper compat 13.
   * Use debian/wily.install and debian/wily.manpages instead of installing
     manually from debian/rules.
   * debian/rules: Generated tarballs from dh_installdocs override.
   * debian/source/format: Set to "1.0".
   * debian/control: Update Standards-Version to 4.5.1.
   * debian/source/lintian-overrides: Override
     configure-generated-file-in-source, removed in clean target.
   * debian/control: Set Vcs headers.
Checksums-Sha1:
 889a5f34836ce4065309628af7daf10ab74a65e8 1322 wily_0.13.41-9.dsc
 3c3f9c5d0d60c1d322721ad2bcd7bf91e8a9116d 26711 wily_0.13.41-9.diff.gz
Checksums-Sha256:
 a4889f4c7e0f814bb4c1d9009197cc9167de3c981678f0df3f0d0ee54fb8aed5 1322 wily_0.13.41-9.dsc
 e0ad1e925c893596f5176e58a556d557b79816b03ca36d23514508133ecc449b 26711 wily_0.13.41-9.diff.gz
Files:
 1f4cf9d61ebe52ba73422c7fdfbf96e4 1322 editors optional wily_0.13.41-9.dsc
 ef394053fe3b8b1d59b02438e7311a14 26711 editors optional wily_0.13.41-9.diff.gz

-----BEGIN PGP SIGNATURE-----

iJYEARYKAD4WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCX+VyOCAcdmFncmFudEBy
ZXByb2R1Y2libGUtYnVpbGRzLm9yZwAKCRDcUY/If5cWqitwAP47VQGf22v8+5tD
6e+i/aPr/QhMQOWLhkcpKjHoPtjq7QD/ScobV38fQtRT60jbrCCHJj/BYNIMuG9D
lmOCUTfNEQ8=
=3Cyx
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#978044: wily: reproducible builds: Embeds user, group and umask in tarballs
  - From: Vagrant Cascadian <vagrant@reproducible-builds.org>

Prev by Date: Bug#978044: wily: reproducible builds: Embeds user, group and umask in tarballs
Next by Date: Processing of wily_0.13.41-9_source.changes
Previous by thread: Bug#978044: wily: reproducible builds: Embeds user, group and umask in tarballs
Next by thread: Processing of wily_0.13.41-9_source.changes
Index(es):
- Date
- Thread