Your message dated Mon, 29 Dec 2025 17:36:18 +0000
with message-id <[email protected]>
and subject line Bug#1122231: fixed in sigstore-go 0.7.3-1
has caused the Debian Bug report #1122231,
regarding sigstore-go: please make the build reproducible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122231: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122231
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sigstore-go
Version: 0.7.1-2
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: nocheck
X-Debbugs-Cc: [email protected]
Hi,
Whilst working on the Reproducible Builds effort [0], we noticed that
sigstore-go could not be built reproducibly.
This is because the call to remove some tests were in the wrong
debian/rules target. Whilst it was in override_dh_auto_test, this target
is not called if the tests are skipped — meaning that if the tests
are *not* run, then the package contains those files.
Patch attached.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
--- a/debian/rules 2025-12-08 15:39:48.604788663 -0800
--- b/debian/rules 2025-12-08 15:44:16.576649601 -0800
@@ -11,7 +11,7 @@
%:
dh $@ --builddirectory=_build --buildsystem=golang
-execute_before_dh_auto_test:
+execute_after_dh_auto_build:
rm -fv _build/src/github.com/sigstore/sigstore-go/pkg/verify/sct_test.go
execute_after_dh_auto_install:
--- End Message ---
--- Begin Message ---
Source: sigstore-go
Source-Version: 0.7.3-1
Done: Simon Josefsson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sigstore-go, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Josefsson <[email protected]> (supplier of updated sigstore-go package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Dec 2025 18:04:21 +0100
Source: sigstore-go
Architecture: source
Version: 0.7.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Simon Josefsson <[email protected]>
Closes: 1122231
Changes:
sigstore-go (0.7.3-1) unstable; urgency=medium
.
[ Simon Josefsson ]
* Modernize Salsa CI
* New upstream version 0.7.3
* Use watch v5
* Standards-Version: 4.7.3
* Drop Rules-Requires-Root: no
* Patch to cope with modern TUF
.
[ Chris Lamb ]
* Fix reproducibility (Closes: #1122231)
Checksums-Sha1:
28f655d2ac4cfb1850e4e33ce7bb5ddf527bc717 3187 sigstore-go_0.7.3-1.dsc
0dbed66a886b2fbc20e4edca3f3b56802c7cf497 130884 sigstore-go_0.7.3.orig.tar.xz
581374734132946c52ecb5d93ab3331ad31aea65 4988 sigstore-go_0.7.3-1.debian.tar.xz
2a66f5ed8a6726f8d1bd022e79706acff3be5214 366300 sigstore-go_0.7.3-1.git.tar.xz
3ae26a8503c6f7c7a5e811b9b889ac435e24c372 17151
sigstore-go_0.7.3-1_source.buildinfo
Checksums-Sha256:
4019f5d9a1bd3dbb1e20d835bf08ca75142c140c9d698068cf87058580e40e94 3187
sigstore-go_0.7.3-1.dsc
ae49f16e06a29ac4d9e4b7117e70fcf8165c63f42e4ed65f8c52c615744bcbfc 130884
sigstore-go_0.7.3.orig.tar.xz
92e137d04b9975aa5350450748fd2e5ec60f5306e8328e676c5065a71bf90b2d 4988
sigstore-go_0.7.3-1.debian.tar.xz
794761513325d818e3197a0b6cfccafefedc03a90061049f1bb903115d423fc7 366300
sigstore-go_0.7.3-1.git.tar.xz
9072d59053cf40eaad781cb949870449d039dcbecbe82057ef1349bbe8d68326 17151
sigstore-go_0.7.3-1_source.buildinfo
Files:
3c387b033f6fcad06f645993e7aae826 3187 golang optional sigstore-go_0.7.3-1.dsc
12b95f5d3ba42df91e453c83e1c41aca 130884 golang optional
sigstore-go_0.7.3.orig.tar.xz
586dc77b367294e1d432bb70df84497a 4988 golang optional
sigstore-go_0.7.3-1.debian.tar.xz
b1a1fc6117cf0b43b7055b56615f3103 366300 golang optional
sigstore-go_0.7.3-1.git.tar.xz
54f746e6ecfa7cf445478fb292125d85 17151 golang optional
sigstore-go_0.7.3-1_source.buildinfo
Git-Tag-Info: tag=3c78587ccfcaba73c95a6047b5eb65c035783c83
fp=a3cc9c870b9d310abad4cf2f51722b08fe4745a2
Git-Tag-Tagger: Simon Josefsson <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmlStsoACgkQYG0ITkaD
wHmxJQ/+LczH0zWVfwGWgBrN1Opxkypn0CHti+fnbz3B8yPZaMgUHQFN+l+d8JcV
yf5BZDxpqORY+hzuq520QPyE5BjT0g4H+BGJBZrYE3BLxdjH84jb28VeVYSNmSDU
Mwhs0LrYyC+R+m3im7rswBMWEc0AGs/fpYhDAPTe8Vm+SD3660Q5uF/MaRArsR3n
Mnkh8xfO2mWUONTZQCoKEqaDxFFUwV03ZV9lCV6n+hd+lm2LfJ1Sexp/GG+rBw+O
c/bIToMB3aSzBO8vSO/0reiRejsyrmcVPEGrhweS/3PNB6U7iOVECuoVEAfkpwtB
YIsQU+kUwemDCBuIy8K9moiQw2TgTQaU4WMpi5PSaIvSpWZKOsx/stKrFYtcFA86
u5kyTYx5k/GGhJK+uu1m4QP7szjjdz7i77Xdzq6NpoeFNB+28dTOUpgPuW76ywZU
4BC+RcgPQyeal6W1j+MEVbgtVWd4enTXFh2DtRt/TN4s9pVChKK3LpqSN1c7Odbt
NiQk73FOu99t3v7+nEnOzw4PWvW0BCwmrp691usBbSpJdseVuJDO793xD6aDsYCM
cp6nmQPz/ZsiqACVM6hXQpId3Qh+k0Dg4BU1yInAetHvCCBq1NHv6t1707R4WuwJ
y9a6w9Wn0HINGLdyWkEdQVW0+Mrsccu2l5kig0bE8E+WvAf7nvE=
=7BGM
-----END PGP SIGNATURE-----
pgpZnC0cTPYgV.pgp
Description: PGP signature
--- End Message ---
