Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nftables for openSUSE:Factory checked in at 2026-06-27 18:04:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nftables (Old) and /work/SRC/openSUSE:Factory/.nftables.new.11887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nftables" Sat Jun 27 18:04:01 2026 rev:42 rq:1361758 version:1.1.6 Changes: -------- --- /work/SRC/openSUSE:Factory/nftables/nftables.changes 2025-12-08 11:53:20.607952150 +0100 +++ /work/SRC/openSUSE:Factory/.nftables.new.11887/nftables.changes 2026-06-27 18:04:59.849756554 +0200 @@ -1,0 +2,7 @@ +Thu Jun 25 10:39:03 UTC 2026 - Matthias Gerstner <[email protected]> + +- add support-reproducible-build.patch: this is a cherry pick of + four unreleased upstream commits which are needed to properly + backport the reproducible build feature. + +------------------------------------------------------------------- New: ---- support-reproducible-build.patch ----------(New B)---------- New: - add support-reproducible-build.patch: this is a cherry pick of four unreleased upstream commits which are needed to properly ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nftables.spec ++++++ --- /var/tmp/diff_new_pack.k1bcgi/_old 2026-06-27 18:05:01.005795307 +0200 +++ /var/tmp/diff_new_pack.k1bcgi/_new 2026-06-27 18:05:01.009795441 +0200 @@ -33,6 +33,7 @@ Source2: http://ftp.netfilter.org/pub/%name/%name-%version.tar.xz.sig Source3: %name.keyring Source4: nftables.rpmlintrc +Patch0: support-reproducible-build.patch BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.k1bcgi/_old 2026-06-27 18:05:01.045796648 +0200 +++ /var/tmp/diff_new_pack.k1bcgi/_new 2026-06-27 18:05:01.049796782 +0200 @@ -1,5 +1,5 @@ -mtime: 1764972947 -commit: 1cfdd2758b2ef875741238b6fbcc10a9d1966a07921624c5544c4b3b781f8e41 +mtime: 1782391113 +commit: 7036b674b6457a0a5fb0019fc01194d0103a24a27f7b40cab89f2ad92aa64ed3 url: https://src.opensuse.org/jengelh/nftables revision: master ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-25 14:38:33.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ support-reproducible-build.patch ++++++ >From 2e3c68f26d5bd60c8ea7467fa9018c282a7d8c47 Mon Sep 17 00:00:00 2001 From: Jan Palus <[email protected]> Date: Sat, 6 Dec 2025 00:43:58 +0100 Subject: [PATCH] build: fix ./configure with non-bash shell CONFIG_SHELL=/bin/dash ./configure breaks with: ./config.status: 2044: Syntax error: Bad for loop variable Fixes: 64c07e38f049 ("table: Embed creating nft version into userdata") Signed-off-by: Jan Palus <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 6825474b..dd172e88 100644 --- a/configure.ac +++ b/configure.ac @@ -157,7 +157,7 @@ AC_CONFIG_COMMANDS([nftversion.h], [ echo " ${STABLE_RELEASE}" echo "};" echo "static char nftbuildstamp[[]] = {" - for ((i = 56; i >= 0; i-= 8)); do + for i in `seq 56 -8 0`; do echo " ((uint64_t)MAKE_STAMP >> $i) & 0xff," done echo "};" -- 2.53.0 >From 2a0ec8a7246e5c5eb85270e3d4de43e20a00c577 Mon Sep 17 00:00:00 2001 From: Jeremy Sowden <[email protected]> Date: Wed, 28 Jan 2026 18:31:05 +0000 Subject: [PATCH] build: simplify the instantation of nftversion.h Add an nftversion.h.in autoconf input file which configure uses to instantiate nftversion.h in the usual way. Signed-off-by: Jeremy Sowden <[email protected]> Signed-off-by: Phil Sutter <[email protected]> --- configure.ac | 19 +++---------------- nftversion.h.in | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+), 16 deletions(-) create mode 100644 nftversion.h.in diff --git a/configure.ac b/configure.ac index dd172e88..2c61072e 100644 --- a/configure.ac +++ b/configure.ac @@ -147,22 +147,8 @@ AM_CONDITIONAL([BUILD_SERVICE], [test "x$unitdir" != x]) AC_ARG_WITH([stable-release], [AS_HELP_STRING([--with-stable-release], [Stable release number])], [], [with_stable_release=0]) -AC_CONFIG_COMMANDS([stable_release], - [STABLE_RELEASE=$stable_release], - [stable_release=$with_stable_release]) -AC_CONFIG_COMMANDS([nftversion.h], [ -( - echo "static char nftversion[[]] = {" - echo " ${VERSION}," | tr '.' ',' - echo " ${STABLE_RELEASE}" - echo "};" - echo "static char nftbuildstamp[[]] = {" - for i in `seq 56 -8 0`; do - echo " ((uint64_t)MAKE_STAMP >> $i) & 0xff," - done - echo "};" -) >nftversion.h -]) +AC_SUBST([STABLE_RELEASE],[$with_stable_release]) +AC_SUBST([NFT_VERSION], [$(echo "${VERSION}" | tr '.' ',')]) # Current date should be fetched exactly once per build, # so have 'make' call date and pass the value to every 'gcc' call AC_SUBST([MAKE_STAMP], ["\$(shell date +%s)"]) @@ -175,6 +161,7 @@ AM_CONDITIONAL([BUILD_DISTCHECK], [test "x$enable_distcheck" = "xyes"]) AC_CONFIG_FILES([ \ Makefile \ libnftables.pc \ + nftversion.h \ ]) AC_OUTPUT diff --git a/nftversion.h.in b/nftversion.h.in new file mode 100644 index 00000000..6f897719 --- /dev/null +++ b/nftversion.h.in @@ -0,0 +1,19 @@ +#ifndef NFTABLES_NFTVERSION_H +#define NFTABLES_NFTVERSION_H + +static char nftversion[] = { + @NFT_VERSION@, + @STABLE_RELEASE@ +}; +static char nftbuildstamp[] = { + ((uint64_t)MAKE_STAMP >> 56) & 0xff, + ((uint64_t)MAKE_STAMP >> 48) & 0xff, + ((uint64_t)MAKE_STAMP >> 40) & 0xff, + ((uint64_t)MAKE_STAMP >> 32) & 0xff, + ((uint64_t)MAKE_STAMP >> 24) & 0xff, + ((uint64_t)MAKE_STAMP >> 16) & 0xff, + ((uint64_t)MAKE_STAMP >> 8) & 0xff, + ((uint64_t)MAKE_STAMP >> 0) & 0xff, +}; + +#endif /* !defined(NFTABLES_NFTVERSION_H) */ -- 2.53.0 >From b92571cc59ce49fdd9fe2daac9350529adfb2424 Mon Sep 17 00:00:00 2001 From: Jeremy Sowden <[email protected]> Date: Wed, 28 Jan 2026 18:31:06 +0000 Subject: [PATCH] build: generate build time-stamp once at configure The existing implementation tries to generate a time-stamp once when make is run. However, it doesn't work and generates one for every compilation. Getting this right portably in automake is not straightforward. Instead, do it when configure is run. Rename the time-stamp variable since it is no longer generated by make. Fixes: 64c07e38f049 ("table: Embed creating nft version into userdata") Signed-off-by: Jeremy Sowden <[email protected]> Signed-off-by: Phil Sutter <[email protected]> --- Makefile.am | 2 -- configure.ac | 4 +--- nftversion.h.in | 18 ++++++++++-------- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/Makefile.am b/Makefile.am index 5c7c197f..c60c2e63 100644 --- a/Makefile.am +++ b/Makefile.am @@ -159,8 +159,6 @@ AM_CFLAGS = \ \ $(GCC_FVISIBILITY_HIDDEN) \ \ - -DMAKE_STAMP=$(MAKE_STAMP) \ - \ $(NULL) AM_YFLAGS = -d -Wno-yacc diff --git a/configure.ac b/configure.ac index 2c61072e..9859072e 100644 --- a/configure.ac +++ b/configure.ac @@ -149,9 +149,7 @@ AC_ARG_WITH([stable-release], [AS_HELP_STRING([--with-stable-release], [], [with_stable_release=0]) AC_SUBST([STABLE_RELEASE],[$with_stable_release]) AC_SUBST([NFT_VERSION], [$(echo "${VERSION}" | tr '.' ',')]) -# Current date should be fetched exactly once per build, -# so have 'make' call date and pass the value to every 'gcc' call -AC_SUBST([MAKE_STAMP], ["\$(shell date +%s)"]) +AC_SUBST([BUILD_STAMP], [$(date +%s)]) AC_ARG_ENABLE([distcheck], AS_HELP_STRING([--enable-distcheck], [Build for distcheck]), diff --git a/nftversion.h.in b/nftversion.h.in index 6f897719..325b9dcc 100644 --- a/nftversion.h.in +++ b/nftversion.h.in @@ -1,19 +1,21 @@ #ifndef NFTABLES_NFTVERSION_H #define NFTABLES_NFTVERSION_H +#define BUILD_STAMP @BUILD_STAMP@ + static char nftversion[] = { @NFT_VERSION@, @STABLE_RELEASE@ }; static char nftbuildstamp[] = { - ((uint64_t)MAKE_STAMP >> 56) & 0xff, - ((uint64_t)MAKE_STAMP >> 48) & 0xff, - ((uint64_t)MAKE_STAMP >> 40) & 0xff, - ((uint64_t)MAKE_STAMP >> 32) & 0xff, - ((uint64_t)MAKE_STAMP >> 24) & 0xff, - ((uint64_t)MAKE_STAMP >> 16) & 0xff, - ((uint64_t)MAKE_STAMP >> 8) & 0xff, - ((uint64_t)MAKE_STAMP >> 0) & 0xff, + ((uint64_t)BUILD_STAMP >> 56) & 0xff, + ((uint64_t)BUILD_STAMP >> 48) & 0xff, + ((uint64_t)BUILD_STAMP >> 40) & 0xff, + ((uint64_t)BUILD_STAMP >> 32) & 0xff, + ((uint64_t)BUILD_STAMP >> 24) & 0xff, + ((uint64_t)BUILD_STAMP >> 16) & 0xff, + ((uint64_t)BUILD_STAMP >> 8) & 0xff, + ((uint64_t)BUILD_STAMP >> 0) & 0xff, }; #endif /* !defined(NFTABLES_NFTVERSION_H) */ -- 2.53.0 >From ca86f206c92704170a295b8dc7a41f6448835dde Mon Sep 17 00:00:00 2001 From: Jeremy Sowden <[email protected]> Date: Wed, 28 Jan 2026 18:31:07 +0000 Subject: [PATCH] build: support `SOURCE_DATE_EPOCH` for build time-stamp In order to support reproducible builds, set the build time-stamp to the value of the environment variable, `SOURCE_DATE_EPOCH`, if set, and fall back to calling `date`, otherwise. Link: https://reproducible-builds.org/docs/source-date-epoch/ Fixes: 64c07e38f049 ("table: Embed creating nft version into userdata") Reported-by: Arnout Engelen <[email protected]> Closes: https://github.com/NixOS/nixpkgs/issues/478048 Suggested-by: Philipp Bartsch <[email protected]> Signed-off-by: Jeremy Sowden <[email protected]> Signed-off-by: Phil Sutter <[email protected]> --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 9859072e..02260862 100644 --- a/configure.ac +++ b/configure.ac @@ -149,7 +149,7 @@ AC_ARG_WITH([stable-release], [AS_HELP_STRING([--with-stable-release], [], [with_stable_release=0]) AC_SUBST([STABLE_RELEASE],[$with_stable_release]) AC_SUBST([NFT_VERSION], [$(echo "${VERSION}" | tr '.' ',')]) -AC_SUBST([BUILD_STAMP], [$(date +%s)]) +AC_SUBST([BUILD_STAMP], [${SOURCE_DATE_EPOCH:-$(date +%s)}]) AC_ARG_ENABLE([distcheck], AS_HELP_STRING([--enable-distcheck], [Build for distcheck]), -- 2.53.0
