Bug#1033958: marked as done (binutils: reproducible builds: files in source tarball in arbitrary order)

[Debian Bug Tracking System]

Your message dated Fri, 02 Jun 2023 10:51:42 +0000
with message-id <e1q52ni-005nni...@fasolo.debian.org>
and subject line Bug#1033958: fixed in binutils 2.40.50.20230602-1
has caused the Debian Bug report #1033958,
regarding binutils: reproducible builds: files in source tarball in arbitrary 
order
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033958: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033958
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: binutils
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The files in the binutils tarball appear to be in arbitrary order,
possibly affected by locale or filesystem differences:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/armhf/diffoscope-results/binutils.html

  /usr/src/binutils/binutils-2.40.tar.xz

  e.g. the first file in the bfd directory listed in these two builds are:

  
hrw-r--r--···0········0········0········0·2023-01-14·00:00:00.000000·binutils-2.40/bfd/elf32-m68hc1x.h
  vs.
  
hrw-r--r--···0········0········0········0·2023-01-14·00:00:00.000000·binutils-2.40/bfd/elf32-score7.c


The attached patch to debian/rules fixes this by passing the --sort=name
argument to tar.


Unfortunately, this patch alone does not solve all reproducibility
issues with binutils, but applying this patch should significantly reduce
the differences, making it easier to debug remaining issues.


Thanks for maintaining binutils!


live well,
  vagrant

From 6dce3b6b223419c31fb1aaa59b658652b0fe953d Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagr...@reproducible-builds.org>
Date: Tue, 4 Apr 2023 16:10:53 -0700
Subject: [PATCH 1/2] debian/rules: Pass argument to tar to sort the files in
 the binutils source tarball.

Locale or filesystem differences may result in the generated tarball
embedding files in arbitrary order.

https://reproducible-builds.org/docs/archives/
https://tests.reproducible-builds.org/debian/issues/unstable/random_order_in_tarball_issue.html
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 0a3ff6ec..a697df43 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1484,7 +1484,7 @@ endif # ifndef BACKPORT
 		xargs -0r touch --no-dereference --date='$(BUILD_DATE)' && \
 		find $(source_files) -type f -print0 | LC_ALL=C sort -z | \
 		XZ_OPT=-9 tar --null -T - -c --xz --mode=go=rX,u+rw,a-s \
-		--owner=0 --group=0 --numeric-owner \
+		--owner=0 --group=0 --numeric-owner --sort=name \
 		--xform='s=^[^/]*\/=binutils-$(VERSION)/=' \
 		-f $(pwd)/$(d_src)/$(PF)/src/binutils/binutils-$(VERSION).tar.xz \
 		$(source_files)
-- 
2.39.2

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: binutils
Source-Version: 2.40.50.20230602-1
Done: Matthias Klose <d...@debian.org>

We believe that the bug you reported is fixed in the latest version of
binutils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <d...@debian.org> (supplier of updated binutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 02 Jun 2023 10:10:27 +0200
Source: binutils
Architecture: source
Version: 2.40.50.20230602-1
Distribution: experimental
Urgency: medium
Maintainer: Matthias Klose <d...@debian.org>
Changed-By: Matthias Klose <d...@debian.org>
Closes: 1033958
Changes:
 binutils (2.40.50.20230602-1) experimental; urgency=medium
 .
   * New upstream snapshot, taken from the trunk.
   * debian/rules: Pass argument to tar to sort the files in the binutils
     source tarball (Vagrant Cascadian). Closes: #1033958.
Checksums-Sha1:
 46a8c284571d0c1a28d0b4e8d74601582f521433 11919 binutils_2.40.50.20230602-1.dsc
 add8fe4aad29e8aee5301ea50706aa97d12056ba 23229300 
binutils_2.40.50.20230602.orig.tar.xz
 72747c7cf51d15832346de81a03047fa2fc465df 102048 
binutils_2.40.50.20230602-1.debian.tar.xz
 98130d3a525bb458adafcb4158cbd921e03cb13d 7776 
binutils_2.40.50.20230602-1_source.buildinfo
Checksums-Sha256:
 e734efe93c09e82eebd7096db4e7226b8ca1d832c3b17ea967c5190c2d51e9be 11919 
binutils_2.40.50.20230602-1.dsc
 67d3378bec47014c3177ab819575ff353c083fc4307c7db92ada337b666d07b6 23229300 
binutils_2.40.50.20230602.orig.tar.xz
 6fadad08a006cc7e97481c37604c6839e61127fbbf8cac518da5d04b76c1f9ee 102048 
binutils_2.40.50.20230602-1.debian.tar.xz
 025e5fc73ff67df6cd182b6ba9e8c035d44f1cdf5381279cafa24e9aa8e7fcd1 7776 
binutils_2.40.50.20230602-1_source.buildinfo
Files:
 4ea40242198df7fdde9745fd8ce3e0ed 11919 devel optional 
binutils_2.40.50.20230602-1.dsc
 3822112864a8d22d588cad91dada26d1 23229300 devel optional 
binutils_2.40.50.20230602.orig.tar.xz
 9f5465be73f0e1f04f5cd7a8048d6a9c 102048 devel optional 
binutils_2.40.50.20230602-1.debian.tar.xz
 2eb285450df6a1ecd4067ba9b84676c2 7776 devel optional 
binutils_2.40.50.20230602-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmR5xisQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9f72D/46JHf1hRMwdCOAvEFp1JwE+KgGNZ+IcHAn
2BndWQJoZECTX5/ANgPUHHl03cRFCGgAHKZVG14j7JhFsWmpEkMc7bSduvlv0rSi
W2cGkvxGg9Pw3+tXZLyaJ5ORC1UOwsbQF5ZM8c59CCr662pwGOketF5pYCAGm4uN
HrX4fRkyt9tuoTH17xmfYPYqPnb3tr90tftoLlaZ/uFPq0m0NvEn1UwJS03SGgxb
fcpE1BoyBgMN5uMnq0ZdpV8eu7TjxpAK7KPgCOpilPeTXCs5VK6ONRq6KkQfpn0g
u7b7lzePXDTfPZV9QfbmWISANHK+jU9OSkBVcmWJkRVCCpiU3UDWXDKjWzoBILdO
n97iNoXp74B3WTN2cyns5ZZo2xSbS/gpjPiTt6RLMm8MSvUlxKQ3zPXaDAsKg3Zu
kL7hOBP7WOhYJr+9OAa5/5IEPNht0yfDlqmYX0Kk8VMXPTs+xYtrnx7Omr4w7o4G
OsHgjKCgD7NTtoKvPPY7y+VZTpbM9NOG0He2ai4/Kp/d85yxVGOS6uUuTHLae/GD
B3Z5MQEHkVGaloZyoV/Hbl8oNKwa+mEAiWFRrisdM7ewA2E+eGTClU3Blncz+NmO
nk/UccAsUqdWdUm9fhKIwjX8kvqxIMVh/wHYO7+a2wAHwrik2alWedIQl02SwM/I
MwWuqj3kGg==
=hN3h
-----END PGP SIGNATURE-----

--- End Message ---