On 2020-12-12, Simon McVittie wrote: > On Fri, 11 Dec 2020 at 20:45:09 -0800, Vagrant Cascadian wrote: >> If anyone has a better handle on python's tarfile mode handling code, it >> might be worth taking a closer look. I'm not entirely sure how the file >> modes work in this code (they don't appear to use modes similar to those >> used by umask, chmod or python's file functions) > > It looks like they're encoded in the same way as st_mode in a struct > stat_buf: the low bits are Unix permissions (which start making sense > if you print them in octal) and the high bits are file type. See the > documentation for the stat Python module, and in particular stat.S_IMODE > and stat.S_IFMT. > > I think the correct normalization would be something like this (untested!): > > if tarinfo.isdir() or (tarinfo.mode & 0o111) != 0: > tarinfo.mode = stat.S_IFMT(tarinfo.mode) | 0o755 > else: > tarinfo.mode = stat.S_IFMT(tarinfo.mode) | 0o644 > > (that's the same as chmod a+rX,og-w).
Upstream has since fixed the user/uid/group/gid issues, but the umask issues still remain. Updated patch attached based on Simon McVittie's suggestion (only adding "import stat"). With the patch, I managed to produce a bit-for-bit identical skeletonmm.tar.xz with the patch applied, both in a test environment where the umask was varied, and with a fairly "normal" umask which was bit-for-bit identical to the skeletonmm.tar.xz in the mm-common package in the Debian archive. So it should not cause regressions! With this patch applied, mm-common should become reproducible on tests.reproducible-builds.org infrastructure! Would an upload including this patch be considered soon, or would the maintainers be open to an NMU in the near future? Thanks! live well, vagrant
From 22b81b93905fa0c3a8516bd4feb612110f0965f8 Mon Sep 17 00:00:00 2001 From: Simon McVittie <s...@debian.org> Date: Tue, 28 Nov 2023 16:57:13 -0800 Subject: [PATCH] util/meson_aux/skeletonmm-tarball.py: Use consistent mode on files in the generated tarball. Signed-off-by: Vagrant Cascadian <vagr...@reproducible-builds.org> --- util/meson_aux/skeletonmm-tarball.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/util/meson_aux/skeletonmm-tarball.py b/util/meson_aux/skeletonmm-tarball.py index 138184c..a87590e 100755 --- a/util/meson_aux/skeletonmm-tarball.py +++ b/util/meson_aux/skeletonmm-tarball.py @@ -10,6 +10,7 @@ import os import sys import shutil import tarfile +import stat if sys.argv[1] == 'check': # Called from run_command() during setup or configuration. @@ -42,6 +43,10 @@ else: def reset(tarinfo): tarinfo.uid = tarinfo.gid = 0 tarinfo.uname = tarinfo.gname = "root" + if tarinfo.isdir() or (tarinfo.mode & 0o111) != 0: + tarinfo.mode = stat.S_IFMT(tarinfo.mode) | 0o755 + else: + tarinfo.mode = stat.S_IFMT(tarinfo.mode) | 0o644 return tarinfo -- 2.39.2
signature.asc
Description: PGP signature