Your message dated Sun, 07 Aug 2022 21:25:10 +0000 with message-id <e1oknlm-0050ql...@fasolo.debian.org> and subject line Bug#915955: fixed in vm 8.2.0b-8 has caused the Debian Bug report #915955, regarding vm: may embed undesired paths when built in local environment to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 915955: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915955 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: vm Version: 8.2.0b-4 Severity: normal Tags: patch unreproducible Dear Maintainer, I heard you think it's important for a package to build reproducibly in an unclean local environment. Your package fails that. You can reproduce this by doing: ln -s /bin/rm /usr/local/bin/rm ln -s /bin/ls /usr/local/bin/ls ln -s /usr/bin/install /usr/local/bin/install if ! echo $PATH | grep -q /usr/local/bin ; then export PATH=/usr/local/bin:$PATH ; fi debian/rules binary Please see attached patch fixing this issue. For bonus points: You might want to double-check all AC_PROG_* and AC_PATH_PROG commands in configure.ac to make sure no others gets their path embedded in the shipped files. You might also want to dig even deeper into your package to make sure no absolute paths are looked up at build-time and embedded in the shipped files. You might also want to investigate that the result doesn't differ when the build system has more things installed when the build environment has more programs installed than what gets pulled in by build-dependencies. Even more importantly you want to look at what lintian has to say about your package. Regards, Andreas Henrikssondiff -u vm-8.2.0b/debian/changelog vm-8.2.0b/debian/changelog --- vm-8.2.0b/debian/changelog +++ vm-8.2.0b/debian/changelog @@ -1,3 +1,12 @@ +vm (8.2.0b-4.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Explicitly pass paths of rm, ls and install to configure + - this avoids embedding a path that works at build-time but might not + work at run-time, eg. /usr/local/bin/install. + + -- Andreas Henriksson <andr...@fatal.se> Sat, 08 Dec 2018 14:45:53 +0100 + vm (8.2.0b-4) unstable; urgency=medium * Do not rm version.txt (Closes: #914818). diff -u vm-8.2.0b/debian/rules vm-8.2.0b/debian/rules --- vm-8.2.0b/debian/rules +++ vm-8.2.0b/debian/rules @@ -47,7 +47,9 @@ override_dh_auto_configure: - dh_auto_configure -- --verbose --sysconfdir=/etc \ + dh_auto_configure -- \ + RM=/bin/rm LS=/bin/ls INSTALL="/usr/bin/install -c" \ + --verbose --sysconfdir=/etc \ --with-pixmapdir=$(P_PIXMAPDIR) override_dh_auto_install:
--- End Message ---
--- Begin Message ---Source: vm Source-Version: 8.2.0b-8 Done: Ian Jackson <ijack...@chiark.greenend.org.uk> We believe that the bug you reported is fixed in the latest version of vm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 915...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ian Jackson <ijack...@chiark.greenend.org.uk> (supplier of updated vm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 07 Aug 2022 21:56:55 +0100 Source: vm Architecture: source Version: 8.2.0b-8 Distribution: unstable Urgency: medium Maintainer: Ian Jackson <ijack...@chiark.greenend.org.uk> Changed-By: Ian Jackson <ijack...@chiark.greenend.org.uk> Closes: 915955 992783 1013860 Changes: vm (8.2.0b-8) unstable; urgency=medium . * No longer embed paths from build environment into shipped files in .deb. Closes:#915955. [Simon McVittie; report from Andreas Henriksson] * d/control: Move debhelper and its autotools addon to Build-Depends. Closes: #992783. [Simon McVittie] * Drop xemacs21 from flavour list in postinst (but not prerm). Prompted by (and reduces the severity of) #914945. * Drop dependency on install-info (and alternative). Closes: #1013860. [Suggested by Hilmar Preuße] Checksums-Sha1: 7dce56f886c1a1a27636868fa65872cf53ee001a 1555 vm_8.2.0b-8.dsc df30909dbbd84dd6c2c2d889f6a8063b957836ba 105132 vm_8.2.0b-8.diff.gz Checksums-Sha256: 4da91aac256ac960d05ccb4a5b3673fd2e5fd0fdb3cc9fbd9b8a13b1639b2160 1555 vm_8.2.0b-8.dsc 25b033a1de3bde3dccd88498491068af5bc989e7aed3c9585917618195efd18d 105132 vm_8.2.0b-8.diff.gz Files: b651f11d17353d354f1ca427fab15aab 1555 mail optional vm_8.2.0b-8.dsc d0c5e726e47708b144d934f947d3f694 105132 mail optional vm_8.2.0b-8.diff.gz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAmLwJ3IACgkQ4+M5I0i1 DTlu/wf8D93wNSIoSLdHR6EE7DM7iI4SystJLuxx38mzlP0YLRW4viXjJs3NHSg7 P+Qc6khmJQZANAjm1pfh8TgP+6/4yhHEV7D5Up544wTrnE+SiKCewFRsd8h14ikw JPi4kag3zitwapTVGIyxufFXaK051lR7I1lryWJ0Ew4IBGbjvh/w8Iz0FHAl1R/B f6kLnzkPpoFrBgQ9FFlwPAhSVRkZCzSi7tBUP3BNpTvJiFPSqUXQL5GTzhliQ7Oy c8WT+n14MKI9aKmb8/1eQrQb2/l13KbjC8dM0pxXE0OXJ8BU0e7Bu9BXWdM/wt9V BYQD3V9xl0ArPfTMwxP3dtb7v7lIpg== =3rt3 -----END PGP SIGNATURE-----
--- End Message ---
