Bug#1122219: marked as done (golang-github-theupdateframework-go-tuf: please make the build reproducible)

[Debian Bug Tracking System]

Your message dated Sat, 03 Jan 2026 11:53:36 +0000
with message-id <e1vc0co-00000003i13-3...@fasolo.debian.org>
and subject line Bug#1122219: fixed in golang-github-theupdateframework-go-tuf 
2.3.0+0.7.0-1
has caused the Debian Bug report #1122219,
regarding golang-github-theupdateframework-go-tuf: please make the build 
reproducible
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1122219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122219
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: golang-github-theupdateframework-go-tuf
Version: 2.0.2+0.7.0-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: nocheck
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
golang-github-theupdateframework-go-tuf could not be built reproducibly.

This is because the call to remove some tests were in the wrong
debian/rules target. Whilst it was in override_dh_auto_test, this target
is not called if the tests are skipped — meaning that if the tests
are *not* run, then the package contains those files.

Patch attached.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

--- a/debian/rules      2025-12-08 14:04:32.861883410 -0800
--- b/debian/rules      2025-12-08 14:16:00.920482259 -0800
@@ -15,7 +15,7 @@
 override_dh_auto_install:
        dh_auto_install -- --no-binaries
 
-execute_before_dh_auto_test:
+execute_after_dh_auto_build:
 #--- FAIL: TestDownLoadFile (0.00s)
 #    --- FAIL: TestDownLoadFile/success (0.00s)
 #    --- PASS: TestDownLoadFile/invalid_url (0.00s)

--- End Message ---

--- Begin Message ---

Source: golang-github-theupdateframework-go-tuf
Source-Version: 2.3.0+0.7.0-1
Done: Simon Josefsson <si...@josefsson.org>

We believe that the bug you reported is fixed in the latest version of
golang-github-theupdateframework-go-tuf, which is due to be installed in the 
Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1122...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Josefsson <si...@josefsson.org> (supplier of updated 
golang-github-theupdateframework-go-tuf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 29 Dec 2025 09:46:57 +0100
Source: golang-github-theupdateframework-go-tuf
Architecture: source
Version: 2.3.0+0.7.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Simon Josefsson <si...@josefsson.org>
Closes: 1122219
Changes:
 golang-github-theupdateframework-go-tuf (2.3.0+0.7.0-1) unstable; 
urgency=medium
 .
   [ Simon Josefsson ]
   * Add Salsa CI
   * New upstream version 2.3.0
   * Re-add v0/
   * Add B-D/D golang-github-cenkalti-backoff-dev
   * Use watch v5
   * Bump debian/* copyright years
   * Standards-Version: 4.7.3
   * Drop Rules-Requires-Root: no
   * Silence Salsa CI lintian
   * Improve d/copyright adding lrc.config
 .
   [ Chris Lamb ]
   * Fix reproducibility (Closes: #1122219)
Checksums-Sha1:
 a4836dee7488bbd686b7226d8e7e2fc293370b99 3038 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1.dsc
 9b2ff907e8da20251b728b6ae1c1160299329b89 514184 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0.orig.tar.xz
 af84d2c2752d253c89d13315f0a2b61c535d7d4b 4948 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1.debian.tar.xz
 397b385a4a8fb8862cbc792fd465cfee4bd682b0 884052 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1.git.tar.xz
 e1f001467e789cf97ec57b1eeb6749d33c1400f5 17287 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1_source.buildinfo
Checksums-Sha256:
 95bc715bb7d3a89824de46ee817f7436f981c05503610c21e07888d052e448d5 3038 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1.dsc
 861dab307626a820ba559c9f8aec79017d3ea681c392834e4019043124151b1a 514184 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0.orig.tar.xz
 2d316810f50db097ea572e165f5f7ab5c616bc95404bc6dc6a26ec7b692a1644 4948 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1.debian.tar.xz
 b54406c79279eb52864f15d96f4fd23a3f9a68cbe66679cf1a009685a0ea136d 884052 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1.git.tar.xz
 f9352b3115d2b87b781eea064d858663051184c00b1bf68123792ca6a57bb605 17287 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1_source.buildinfo
Files:
 97daeacfbfd491b79308bbe938532626 3038 golang optional 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1.dsc
 3bd2a394a5d41bb91ab559da639371ac 514184 golang optional 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0.orig.tar.xz
 ef81f6bec7b248830fda31a30e9be5bc 4948 golang optional 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1.debian.tar.xz
 ce38781fc7fd0a371d14a9a4472a2cd8 884052 golang optional 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1.git.tar.xz
 ad4ba8cb6885b204642922fda0e857af 17287 golang optional 
golang-github-theupdateframework-go-tuf_2.3.0+0.7.0-1_source.buildinfo
Git-Tag-Info: tag=390b57a945332f8df1556057b320e7dcbe4178bb 
fp=a3cc9c870b9d310abad4cf2f51722b08fe4745a2
Git-Tag-Tagger: Simon Josefsson <si...@josefsson.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmlY/J8ACgkQYG0ITkaD
wHmqjA//ejp4DhemNj4bnso6VtE6vEKKxzIAazCyvTNcgkPcyMkSVmlHBPB2ju2s
bilwU3VuTQGrXm6WEejcIUk1ZR6Zyk1fW1gAyjdLalMXLC0KIKBEQqUcrBr3S6kU
UmYpp8+szRxBlXA8aK24/4J2MQvNkY/dEXUCmLuDF2tTNYKEaWzzFz6wdjDNWMcQ
pf1MDf9UtPvFhtMFYAIFEAGjyuQ0jVOH0FhcfnhqDwxXFLsXV+OOFy0E68yQfLIU
xjn4XeAwBa6nSpzughCrZGYyigMLSBTmAelZpSfK5amfJr5ZYmhLwBETzjR+6Lnv
cuMfg0Ur51Qa8ifITzAoUGkCHKLe6afAnKU6ZPOcEsWvrP4Byrbq1sZdlCaF1cLv
1qy69Ire0yBjwXWEpyIUC9muuzkA+UmM5X7dU/0SFUeB+ZGvUVRe1hhalHTgSehN
IXm8EHMuUVKYH4aW/8UdgaYncXWhKnLbCEEi6Va8gYHvKIvowLzXfqqViVeanpg6
Rv5VhrOnMJRacwToruFkz8ptkaxwTarLnLJZMUTX5GcKYgNXPR/yxPf5n3pzsKhO
IFi/I+eAr9MiVmvIHbLSKX1S15qOOizGK7NMy05QR/FQT4gsQVyxho8+Zwdz+uv0
MmiSczlR85VaK90sOv3hVjEFEv9n1E1GfE70SHHFcI8E2P0m73I=
=xLBN
-----END PGP SIGNATURE-----

pgpy0bIp0266T.pgp
Description: PGP signature

--- End Message ---