Source: mandos Version: 1.8.19-1 Severity: normal Tags: patch User: [email protected] Usertag: username
Hi,I investigated why mandos-client shows up as not being reproducible on reproduce.debian.net [1]. I figured out that it is because dh_fixperms is skipped on the examples directory. Rebuilding the binaries with the examples directory dropped from the exclude line in debian/rules resulted in an identical binary package (checked with diffoscope), see 0001-dh_fixperms-don-t-apply-on-examples.patch. I also couldn't figure out why the Rules-Requires-Root was set, dropping that also resulted in identical binaries. See 0002-d-control-don-t-use-Rules-Requires-Root.patch.
Paul[1] https://reproduce.debian.net/amd64/api/v1/builds/253667/artifacts/645832/diffoscope
From 64dac8b3d16789b1b5f5afbbca86742653152a23 Mon Sep 17 00:00:00 2001 From: Paul Gevers <[email protected]> Date: Sun, 17 May 2026 13:51:52 +0200 Subject: [PATCH 1/2] dh_fixperms: don't apply on examples Files in the examples directory are created with owner set to the builder and excluding them from dh_fixperms makes them being installed as such. This causes issues when people try to reproduce the mandos-client binary. --- debian/rules | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index af4e341..6e84d55 100755 --- a/debian/rules +++ b/debian/rules @@ -50,8 +50,7 @@ override_dh_fixperms-arch: --exclude etc/mandos/plugins.d \ --exclude etc/mandos/plugin-helpers \ --exclude usr/lib/$(DEB_HOST_MULTIARCH)/mandos/plugins.d \ - --exclude usr/lib/$(DEB_HOST_MULTIARCH)/mandos/plugin-helpers \ - --exclude usr/share/doc/mandos-client/examples/network-hooks.d/ + --exclude usr/lib/$(DEB_HOST_MULTIARCH)/mandos/plugin-helpers chmod --recursive g-w -- \ "$(CURDIR)/debian/mandos-client/usr/share/doc/mandos-client/examples/network-hooks.d" -- 2.53.0
From 1fdabaf2bab12b4c8c79d50bca5d622a6b0652ec Mon Sep 17 00:00:00 2001 From: Paul Gevers <[email protected]> Date: Sun, 17 May 2026 13:53:41 +0200 Subject: [PATCH 2/2] d/control: don't use Rules-Requires-Root It's unclear why this would be needed and build artifacts are equal without it. --- debian/control | 1 - 1 file changed, 1 deletion(-) diff --git a/debian/control b/debian/control index d706907..2d4f798 100644 --- a/debian/control +++ b/debian/control @@ -25,7 +25,6 @@ Build-Depends-Indep: Vcs-Browser: https://salsa.debian.org/debian/mandos Vcs-Git: https://salsa.debian.org/debian/mandos.git Homepage: https://www.recompile.se/mandos -Rules-Requires-Root: binary-targets Package: mandos Architecture: all -- 2.53.0
OpenPGP_signature.asc
Description: OpenPGP digital signature
