Your message dated Fri, 15 Jan 2016 19:18:47 +0000 with message-id <E1aK9tX-0003Jo-TX@franck.debian.org> and subject line Bug#810509: fixed in apt 1.2 has caused the Debian Bug report #810509, regarding apt: please make the build reproducible (randomness) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 810509: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810509 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: please make the build reproducible (randomness)
- From: Mattia Rizzolo <mattia@debian.org>
- Date: Sat, 9 Jan 2016 10:51:58 +0000
- Message-id: <[🔎] 20160109105158.GA26357@chase.mapreri.org>
Source: apt Version: 1.1.10 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: randomness X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Hi! While working on the “reproducible builds” effort [1], we have noticed that apt could not be built reproducibly. The attached patch removes extra randomness from the build system, ensuring a stable file order when linking the built object. This particular issues is currently visible only on our armhf builds due to a limit in our infrastructure, but can be tested by performing the builds using the fuse fs disorderfs. Once applied, apt can be built reproducibly in our current experimental framework. [1]: https://wiki.debian.org/ReproducibleBuilds -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: http://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-From 18405011c3cdb8eff2f41fe674787f746092b27e Mon Sep 17 00:00:00 2001 From: Mattia Rizzolo <mattia@debian.org> Date: Sat, 9 Jan 2016 10:45:34 +0000 Subject: [PATCH] fix reproducibly issue due to readdir() order by sorting the list of sources to be built and linked --- apt-inst/makefile | 4 ++-- apt-pkg/makefile | 4 ++-- apt-private/makefile | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/apt-inst/makefile b/apt-inst/makefile index 2883cbc..5601cd9 100644 --- a/apt-inst/makefile +++ b/apt-inst/makefile @@ -20,7 +20,7 @@ SLIBS=$(PTHREADLIB) -lapt-pkg APT_DOMAIN:=libapt-inst$(MAJOR) LIBRARYDEPENDS=$(LIB)/libapt-pkg.so -SOURCE = $(wildcard *.cc */*.cc) -HEADERS = $(addprefix apt-pkg/,$(notdir $(wildcard *.h */*.h))) +SOURCE = $(sort $(wildcard *.cc */*.cc)) +HEADERS = $(addprefix apt-pkg/,$(notdir $(sort $(wildcard *.h */*.h)))) include $(LIBRARY_H) diff --git a/apt-pkg/makefile b/apt-pkg/makefile index 9236f81..e3e6e20 100644 --- a/apt-pkg/makefile +++ b/apt-pkg/makefile @@ -31,7 +31,7 @@ SLIBS+= -llz4 endif APT_DOMAIN:=libapt-pkg$(LIBAPTPKG_MAJOR) -SOURCE = $(wildcard *.cc */*.cc) -HEADERS = $(addprefix apt-pkg/,$(notdir $(wildcard *.h */*.h))) +SOURCE = $(sort $(wildcard *.cc */*.cc)) +HEADERS = $(addprefix apt-pkg/,$(notdir $(sort $(wildcard *.h */*.h)))) include $(LIBRARY_H) diff --git a/apt-private/makefile b/apt-private/makefile index 9a3fbdb..1934db1 100644 --- a/apt-private/makefile +++ b/apt-private/makefile @@ -15,7 +15,7 @@ MINOR=0 SLIBS=$(PTHREADLIB) -lapt-pkg CXXFLAGS += -fvisibility=hidden -fvisibility-inlines-hidden -SOURCE = $(wildcard *.cc) -HEADERS = $(addprefix apt-private/,$(wildcard *.h)) +SOURCE = $(sort $(wildcard *.cc)) +HEADERS = $(addprefix apt-private/,$(sort $(wildcard *.h))) include $(LIBRARY_H) -- 2.7.0.rc3Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 810509-close@bugs.debian.org
- Subject: Bug#810509: fixed in apt 1.2
- From: Julian Andres Klode <jak@debian.org>
- Date: Fri, 15 Jan 2016 19:18:47 +0000
- Message-id: <E1aK9tX-0003Jo-TX@franck.debian.org>
Source: apt Source-Version: 1.2 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 810509@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julian Andres Klode <jak@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Jan 2016 19:52:19 +0100 Source: apt Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source Version: 1.2 Distribution: unstable Urgency: medium Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Julian Andres Klode <jak@debian.org> Description: apt - commandline package manager apt-doc - documentation for APT apt-transport-https - https download transport for APT apt-utils - package management related utility programs libapt-inst2.0 - deb package format runtime library libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - documentation for APT development libapt-pkg5.0 - package management runtime library Closes: 734922 810046 810509 810622 810796 Changes: apt (1.2) unstable; urgency=medium . [ Julian Andres Klode ] * Do not break apt-file (<< 3.0~exp1~), 2.X works fine * Version the build-depends on liblz4-dev to >= 0.0~r126 * search: Handle packages without description (Closes: #810622) * Only enable pipelining if server is HTTP/1.1 (Closes: #810796) . [ Mattia Rizzolo ] * Sort the list of sources to be built and linked (Closes: #810509) . [ Michael Vogt ] * Do not show multiple identical apt-cache showsrc entries (Closes: #734922) . [ David Kalnischkies ] * evaluate sourceslist-list-format entity in vendors sources.list. Thanks to Niels Thykier for reporting on IRC * update symbols file * fix M-A:foreign provides creation for unknown archs * revert file-hash based action-merging in acquire (Closes: 810046) * return correct position in APT::StringView::(r)find . [ Zhou Mo ] * po: update simplified chinese programs translation Checksums-Sha1: 66b20a6b69fa612a4e8cdd33168cf7009d6f480f 2331 apt_1.2.dsc 491c976997a267bb94178ffba50c6063054941ab 2014968 apt_1.2.tar.xz Checksums-Sha256: cb9c95772ae1d0e62a0eeea427c49dc3826b443bf5e52ee789befb2a570dd37a 2331 apt_1.2.dsc 8e330c9ceee328075d527108997fc0395dc10603d30eedc0d322783058674ed0 2014968 apt_1.2.tar.xz Files: 4b617d2e1cb2eb0d666cbfa11879ac96 2331 admin important apt_1.2.dsc 9104ce061470a43addf30ab976181adc 2014968 admin important apt_1.2.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWmUBpAAoJENc8OeVlgLOGxjsQAJCePOHpUKcH94yxoKfHKeLt dQ3Jn4FrSjNPquW3Mu+O5eWM6eVFxCA8eY+4ZxsNMcupxBlvjDg+86gMBgqlOMFd EyqTw4XndzfC4gV6QBpBqxdW0kecSi3G2Xc64vjtmMYY+OmWgyxP7wblMcSxDHRS U+vgxfFHG6padgLr2nj3XpG+2HDqULxFa9C4rC8oXx1bmBmByfKWv4ztF5uymjAe JT99kbkXLqkOEkvOsi3/+nA7uwCmUJjtiEKus97/t4scvz3/SvhiKf7DLDGMoKqE dru5F8SQDFqOxNZ8Kv9DaWhqlGWq4O6IVTa2ip9TqKCSzmjKeRRrIEjJw+z9Y3w5 laENnuRXOLvi0mtWAnVxTHdwhGVP37fsYGhBdCKzq53XfrWkWsI5FYhbkvlKxBxI kmSqM+pFEJas5LSJZ3aFeQJJub4A3T6tBJTAbklp+ZEAI5uCr2HjWcEheZMa9Jzq IgsQuZ1czj/Ki6jsS2TJqn7U/xl+/sGPgy2LsEeU20gUasnq5nxL7tyln9ptYDqB UmSJXXxcPOPIZWEl+hbuO7TF1LueMUSw//Z0Pg6BzoqeJnOAcr/PV+y2ZCe/DGji 5fY5mmMV8g78YTCDYPwgf8HTJpNYb6BiJwLvUaHmEt1Up+q8bQWH7eRRljTyf65M i9Fr4dBEygFLFW/BLx2D =xrCH -----END PGP SIGNATURE-----
--- End Message ---