A new build will be uploaded to Debian shortly; I can carry the patch
in the packaging, but It should be considered upstream.


---------- Forwarded message ---------
From: Chris Lamb <la...@debian.org>
Date: Mon, 21 Apr 2025 at 18:57
Subject: Bug#1103800: openvpn3-client: please make the build reproducible
To: <sub...@bugs.debian.org>


Source: openvpn3-client
Version: 24+dfsg-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
openvpn3-client could not be built reproducibly.

This is because it embedded both the build path and the current date.
Here's the date bit:

      ├── ./usr/share/bash-completion/completions/openvpn2
      │ @@ -1,12 +1,12 @@
      │  #
      │ -#  Copyright (C) 2017 - 2025  OpenVPN Inc <sa...@openvpn.net>
      │ +#  Copyright (C) 2017 - 2026  OpenVPN Inc <sa...@openvpn.net>

The absolute build path was embedded via a utility that was called via
its full path by meson, which then emitted its own path via printing
argv[0] ... which was saved to a file that was shipped in the .deb.

Patch attached that fixes both issues.

 [0] https://reproducible-builds.org/


Regards,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-





-- 
g. Marc

GPG: 827C FD74 BA46 8152 A041 F3A0 7A6A 4F17 5995 A65B
--- a/debian/patches/0003_reproducible-build.patch      1969-12-31 
16:00:00.000000000 -0800
--- b/debian/patches/0003_reproducible-build.patch      2025-04-21 
09:36:45.981672305 -0700
@@ -0,0 +1,55 @@
+Description: Make the build reproducible
+Author: Chris Lamb <la...@debian.org>
+Last-Update: 2025-04-21
+
+--- openvpn3-client-24+dfsg.orig/src/python/openvpn3/gen-python-constants.cpp
++++ openvpn3-client-24+dfsg/src/python/openvpn3/gen-python-constants.cpp
+@@ -29,6 +29,8 @@
+ #include "netcfg/netcfg-changetype.hpp"
+ #include "sessionmgr/sessionmgr-events.hpp"
+ 
++#include <openvpn/common/path.hpp>
++
+ 
+ enum class FlagType
+ {
+@@ -117,7 +119,7 @@ int main(int argc, char **argv)
+ {
+ 
+     std::cout << "#" << std::endl
+-              << "# Generated by " << argv[0] << std::endl
++              << "# Generated by " << openvpn::path::basename(argv[0]) << 
std::endl
+               << "# as part of the project build." << std::endl
+               << "#" << std::endl
+               << "# This file is part of openvpn3-linux, licensed" << 
std::endl
+--- 
openvpn3-client-24+dfsg.orig/src/shell/bash-completion/gen-openvpn2-completion.py
++++ 
openvpn3-client-24+dfsg/src/shell/bash-completion/gen-openvpn2-completion.py
+@@ -17,9 +17,12 @@
+ import importlib
+ import sys
+ import argparse
+-from datetime import date
++import os
++import time
++import datetime
+ from jinja2 import Template
+ 
++
+ completion_template = """#  OpenVPN 3 Linux client -- Next generation OpenVPN 
client
+ #
+ #  SPDX-License-Identifier: AGPL-3.0-only
+@@ -122,8 +125,13 @@ if __name__ == '__main__':
+         else:
+             valid_args[opt] = '%s' % values[0]
+ 
++    build_date = datetime.datetime.fromtimestamp(
++        int(os.environ.get('SOURCE_DATE_EPOCH', time.time())),
++        tz=datetime.timezone.utc,
++    )
++
+     ctpl = Template(completion_template)
+     script = ctpl.render(valid_args=valid_args, option_list=option_list,
+-                         year=date.today().year)
++                         year=build_date.year)
+ 
+     print(script)
--- a/debian/patches/series     2025-04-21 09:00:49.148735599 -0700
--- b/debian/patches/series     2025-04-21 09:24:09.687941086 -0700
@@ -1,2 +1,3 @@
 0001_import-unicode-impl-from-llvm.patch
 0002_fix-openvpn-to-_openvpn.patch
+0003_reproducible-build.patch
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to