[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#810509: marked as done (apt: please make the build reproducible (randomness))

Your message dated Fri, 15 Jan 2016 19:18:47 +0000
with message-id <E1aK9tX-0003Jo-TX@franck.debian.org>
and subject line Bug#810509: fixed in apt 1.2
has caused the Debian Bug report #810509,
regarding apt: please make the build reproducible (randomness)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
810509: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810509
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: apt
Version: 1.1.10
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: randomness
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Hi!

While working on the “reproducible builds” effort [1], we have noticed
that apt could not be built reproducibly.

The attached patch removes extra randomness from the build system,
ensuring a stable file order when linking the built object.
This particular issues is currently visible only on our armhf builds due
to a limit in our infrastructure, but can be tested by performing the
builds using the fuse fs disorderfs.

Once applied, apt can be built reproducibly in our current experimental
framework.

 [1]: https://wiki.debian.org/ReproducibleBuilds

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  http://mapreri.org                              : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

From 18405011c3cdb8eff2f41fe674787f746092b27e Mon Sep 17 00:00:00 2001
From: Mattia Rizzolo <mattia@debian.org>
Date: Sat, 9 Jan 2016 10:45:34 +0000
Subject: [PATCH] fix reproducibly issue due to readdir() order by sorting the
 list of sources to be built and linked

---
 apt-inst/makefile    | 4 ++--
 apt-pkg/makefile     | 4 ++--
 apt-private/makefile | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/apt-inst/makefile b/apt-inst/makefile
index 2883cbc..5601cd9 100644
--- a/apt-inst/makefile
+++ b/apt-inst/makefile
@@ -20,7 +20,7 @@ SLIBS=$(PTHREADLIB) -lapt-pkg
 APT_DOMAIN:=libapt-inst$(MAJOR)
 LIBRARYDEPENDS=$(LIB)/libapt-pkg.so
 
-SOURCE = $(wildcard *.cc */*.cc)
-HEADERS = $(addprefix apt-pkg/,$(notdir $(wildcard *.h */*.h)))
+SOURCE = $(sort $(wildcard *.cc */*.cc))
+HEADERS = $(addprefix apt-pkg/,$(notdir $(sort $(wildcard *.h */*.h))))
 
 include $(LIBRARY_H)
diff --git a/apt-pkg/makefile b/apt-pkg/makefile
index 9236f81..e3e6e20 100644
--- a/apt-pkg/makefile
+++ b/apt-pkg/makefile
@@ -31,7 +31,7 @@ SLIBS+= -llz4
 endif
 APT_DOMAIN:=libapt-pkg$(LIBAPTPKG_MAJOR)
 
-SOURCE = $(wildcard *.cc */*.cc)
-HEADERS = $(addprefix apt-pkg/,$(notdir $(wildcard *.h */*.h)))
+SOURCE = $(sort $(wildcard *.cc */*.cc))
+HEADERS = $(addprefix apt-pkg/,$(notdir $(sort $(wildcard *.h */*.h))))
 
 include $(LIBRARY_H)
diff --git a/apt-private/makefile b/apt-private/makefile
index 9a3fbdb..1934db1 100644
--- a/apt-private/makefile
+++ b/apt-private/makefile
@@ -15,7 +15,7 @@ MINOR=0
 SLIBS=$(PTHREADLIB) -lapt-pkg
 CXXFLAGS += -fvisibility=hidden -fvisibility-inlines-hidden
 
-SOURCE = $(wildcard *.cc)
-HEADERS = $(addprefix apt-private/,$(wildcard *.h))
+SOURCE = $(sort $(wildcard *.cc))
+HEADERS = $(addprefix apt-private/,$(sort $(wildcard *.h)))
 
 include $(LIBRARY_H)
-- 
2.7.0.rc3

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: apt
Source-Version: 1.2

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810509@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Jan 2016 19:52:19 +0100
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.2
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 734922 810046 810509 810622 810796
Changes:
 apt (1.2) unstable; urgency=medium
 .
   [ Julian Andres Klode ]
   * Do not break apt-file (<< 3.0~exp1~), 2.X works fine
   * Version the build-depends on liblz4-dev to >= 0.0~r126
   * search: Handle packages without description (Closes: #810622)
   * Only enable pipelining if server is HTTP/1.1 (Closes: #810796)
 .
   [ Mattia Rizzolo ]
   * Sort the list of sources to be built and linked (Closes: #810509)
 .
   [ Michael Vogt ]
   * Do not show multiple identical apt-cache showsrc entries (Closes: #734922)
 .
   [ David Kalnischkies ]
   * evaluate sourceslist-list-format entity in vendors sources.list.
     Thanks to Niels Thykier for reporting on IRC
   * update symbols file
   * fix M-A:foreign provides creation for unknown archs
   * revert file-hash based action-merging in acquire (Closes: 810046)
   * return correct position in APT::StringView::(r)find
 .
   [ Zhou Mo ]
   * po: update simplified chinese programs translation
Checksums-Sha1:
 66b20a6b69fa612a4e8cdd33168cf7009d6f480f 2331 apt_1.2.dsc
 491c976997a267bb94178ffba50c6063054941ab 2014968 apt_1.2.tar.xz
Checksums-Sha256:
 cb9c95772ae1d0e62a0eeea427c49dc3826b443bf5e52ee789befb2a570dd37a 2331 apt_1.2.dsc
 8e330c9ceee328075d527108997fc0395dc10603d30eedc0d322783058674ed0 2014968 apt_1.2.tar.xz
Files:
 4b617d2e1cb2eb0d666cbfa11879ac96 2331 admin important apt_1.2.dsc
 9104ce061470a43addf30ab976181adc 2014968 admin important apt_1.2.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWmUBpAAoJENc8OeVlgLOGxjsQAJCePOHpUKcH94yxoKfHKeLt
dQ3Jn4FrSjNPquW3Mu+O5eWM6eVFxCA8eY+4ZxsNMcupxBlvjDg+86gMBgqlOMFd
EyqTw4XndzfC4gV6QBpBqxdW0kecSi3G2Xc64vjtmMYY+OmWgyxP7wblMcSxDHRS
U+vgxfFHG6padgLr2nj3XpG+2HDqULxFa9C4rC8oXx1bmBmByfKWv4ztF5uymjAe
JT99kbkXLqkOEkvOsi3/+nA7uwCmUJjtiEKus97/t4scvz3/SvhiKf7DLDGMoKqE
dru5F8SQDFqOxNZ8Kv9DaWhqlGWq4O6IVTa2ip9TqKCSzmjKeRRrIEjJw+z9Y3w5
laENnuRXOLvi0mtWAnVxTHdwhGVP37fsYGhBdCKzq53XfrWkWsI5FYhbkvlKxBxI
kmSqM+pFEJas5LSJZ3aFeQJJub4A3T6tBJTAbklp+ZEAI5uCr2HjWcEheZMa9Jzq
IgsQuZ1czj/Ki6jsS2TJqn7U/xl+/sGPgy2LsEeU20gUasnq5nxL7tyln9ptYDqB
UmSJXXxcPOPIZWEl+hbuO7TF1LueMUSw//Z0Pg6BzoqeJnOAcr/PV+y2ZCe/DGji
5fY5mmMV8g78YTCDYPwgf8HTJpNYb6BiJwLvUaHmEt1Up+q8bQWH7eRRljTyf65M
i9Fr4dBEygFLFW/BLx2D
=xrCH
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: