Your message dated Sun, 17 Jul 2016 01:48:29 +0000
with message-id <e1bobc1-0001og...@franck.debian.org>
and subject line Bug#830075: fixed in golang-github-kr-binarydist 
0.0~git20120828.0.9955b0a-2
has caused the Debian Bug report #830075,
regarding golang-github-kr-binarydist: please make the build reproducible
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
830075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830075
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-github-kr-binarydist
Version: 0.0~git20120828.0.9955b0a-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: locale
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org

Hi,

While working on the "reproducible builds" effort [1], we have noticed
that golang-github-kr-binarydist could not be built reproducibly.

When building the package, some test functions are run that generate
random test files.  The randomness for those test files is provided by
the kernel (through the crypto/rand go package).

The attached patch fixes this by generating deterministic pseudorandom
test files instead (by means of the rand go package and setting a fixed
seed).  The function that creates this test files is only used for
testing purposes, and as such, I believe there's no security concern.
But I'm not familiar with the package, so please, double check it.
Also, consider sending this patch upstream :)

Once applied, golang-github-kr-binarydist can be built reproducibly in
our current experimental framework.

 [1]: https://wiki.debian.org/ReproducibleBuilds

Regards,
-- 
Dhole
diff -Nru 
golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/changelog 
golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/changelog
--- golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/changelog      
2016-06-29 22:09:09.000000000 +0200
+++ golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/changelog      
2016-07-04 01:21:45.000000000 +0200
@@ -1,3 +1,10 @@
+golang-github-kr-binarydist (0.0~git20120828.0.9955b0a-1.1) UNRELEASED; 
urgency=medium
+
+  * Non-maintainer upload.
+  * Make test files deterministic to make the package build reproducible. 
+
+ -- Eduard Sanou <dh...@openmailbox.org>  Mon, 04 Jul 2016 01:21:16 +0200
+
 golang-github-kr-binarydist (0.0~git20120828.0.9955b0a-1) unstable; 
urgency=medium
 
   * Initial release (Closes: 823342)
diff -Nru 
golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/patches/deterministic-test-files.patch
 
golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/patches/deterministic-test-files.patch
--- 
golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/patches/deterministic-test-files.patch
 1970-01-01 01:00:00.000000000 +0100
+++ 
golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/patches/deterministic-test-files.patch
 2016-07-04 01:23:15.000000000 +0200
@@ -0,0 +1,56 @@
+Description: Deterministic test files
+ Make the files written during tests deterministic to make this package build
+ reproducible.
+Author: Eduard Sanou <dh...@openmailbox.org>
+
+--- golang-github-kr-binarydist-0.0~git20120828.0.9955b0a.orig/common_test.go
++++ golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/common_test.go
+@@ -1,10 +1,10 @@
+ package binarydist
+ 
+ import (
+-      "crypto/rand"
+       "io"
+       "io/ioutil"
+       "os"
++      "rand"
+ )
+ 
+ func mustOpen(path string) *os.File {
+@@ -67,8 +67,9 @@ func fileCmp(a, b *os.File) int64 {
+       return -1
+ }
+ 
+-func mustWriteRandFile(path string, size int) *os.File {
++func mustWriteRandFile(path string, size int, seed int64) *os.File {
+       p := make([]byte, size)
++      rand.Seed(seed)
+       _, err := rand.Read(p)
+       if err != nil {
+               panic(err)
+--- golang-github-kr-binarydist-0.0~git20120828.0.9955b0a.orig/diff_test.go
++++ golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/diff_test.go
+@@ -13,8 +13,8 @@ var diffT = []struct {
+       new *os.File
+ }{
+       {
+-              old: mustWriteRandFile("test.old", 1e3),
+-              new: mustWriteRandFile("test.new", 1e3),
++              old: mustWriteRandFile("test.old", 1e3, 1),
++              new: mustWriteRandFile("test.new", 1e3, 2),
+       },
+       {
+               old: mustOpen("testdata/sample.old"),
+--- golang-github-kr-binarydist-0.0~git20120828.0.9955b0a.orig/patch_test.go
++++ golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/patch_test.go
+@@ -8,8 +8,8 @@ import (
+ )
+ 
+ func TestPatch(t *testing.T) {
+-      mustWriteRandFile("test.old", 1e3)
+-      mustWriteRandFile("test.new", 1e3)
++      mustWriteRandFile("test.old", 1e3, 1)
++      mustWriteRandFile("test.new", 1e3, 2)
+ 
+       got, err := ioutil.TempFile("/tmp", "bspatch.")
+       if err != nil {
diff -Nru 
golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/patches/series 
golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/patches/series
--- golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/patches/series 
1970-01-01 01:00:00.000000000 +0100
+++ golang-github-kr-binarydist-0.0~git20120828.0.9955b0a/debian/patches/series 
2016-07-04 01:22:10.000000000 +0200
@@ -0,0 +1 @@
+deterministic-test-files.patch

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: golang-github-kr-binarydist
Source-Version: 0.0~git20120828.0.9955b0a-2

We believe that the bug you reported is fixed in the latest version of
golang-github-kr-binarydist, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 830...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicolas Braud-Santoni <nico...@braud-santoni.eu> (supplier of updated 
golang-github-kr-binarydist package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 06 Jul 2016 17:37:09 +0200
Source: golang-github-kr-binarydist
Binary: golang-github-kr-binarydist-dev
Architecture: source all
Version: 0.0~git20120828.0.9955b0a-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 
<pkg-go-maintainers@lists.alioth.debian.org>
Changed-By: Nicolas Braud-Santoni <nico...@braud-santoni.eu>
Description:
 golang-github-kr-binarydist-dev - Go implementation of the bspatch algorithm
Closes: 830075
Changes:
 golang-github-kr-binarydist (0.0~git20120828.0.9955b0a-2) unstable; 
urgency=medium
 .
   [ Eduard Sanou ]
   * Make test files deterministic.
     Makes the build reproducible (Closes: #830075).
 .
   [ Nicolas Braud-Santoni ]
   * Adjust Dhole's patch to build without errors.
Checksums-Sha1:
 d49482587c9025bc0feb876c8a08a28225052520 2334 
golang-github-kr-binarydist_0.0~git20120828.0.9955b0a-2.dsc
 b1862e2768535ba501b4376e072d08fa7f9f328d 2896 
golang-github-kr-binarydist_0.0~git20120828.0.9955b0a-2.debian.tar.xz
 08bd0a09ab62c1601f463c22b28e7c9029012c4d 16016 
golang-github-kr-binarydist-dev_0.0~git20120828.0.9955b0a-2_all.deb
Checksums-Sha256:
 481b07fc8b780470989166367899066e8ae8bc43a9c3e6f93a9d6b0ab665aa03 2334 
golang-github-kr-binarydist_0.0~git20120828.0.9955b0a-2.dsc
 9a613b9ad1957af3b5ea40904d63c6fb6778d57efdf671735d082aad8cf8c6bf 2896 
golang-github-kr-binarydist_0.0~git20120828.0.9955b0a-2.debian.tar.xz
 9935b6d65146017dc27fe8ffdf2c4052bae315629218044a11cc6e786eea095e 16016 
golang-github-kr-binarydist-dev_0.0~git20120828.0.9955b0a-2_all.deb
Files:
 acccb9ae5dd186c3d5c9456e0cbd4189 2334 devel extra 
golang-github-kr-binarydist_0.0~git20120828.0.9955b0a-2.dsc
 8741583276d371606454614e69313e9c 2896 devel extra 
golang-github-kr-binarydist_0.0~git20120828.0.9955b0a-2.debian.tar.xz
 2055aaa66e34a4c2c49da0c2a22fc7b2 16016 devel extra 
golang-github-kr-binarydist-dev_0.0~git20120828.0.9955b0a-2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXiuCAAAoJENqCgw48zDo6RcYP/i3OSrebSbZ1E5ewXwEHm5vl
SWtz1YV9yoY9cT0Mmxv0znOK0Su+yCmXQRwQpahD6+6erEMmBhO8v8UQUZvpGuhH
9hTSyG3yezUscCLXqvVWAnDSD7Vo5EClx7GvmnB2ZSXvOwwX+eAfp7A77tHI+66j
tFZ+ReYSySOCRkZgfCM7OCGUgWomQCXRghgJQfotbMZFKqeA95mtMu+ofPBbN/HX
+la+FcQNDA4jvJTsOSipoUZwFKzp6x0rgcKuxU5yOEkaMwiEI378UtNt7dzNxIE2
/LXobtPqDWFD6alSI4pQMCwVuimwxHZEzkOsEd6dRrxoXmmBgeN0xtpfI4150S/V
ML18KMpopk3/HziGTgbObIo4c9B7P4a6XQDfp8bheh+7tmM+PjfIJrGBaGISvzXp
86w5S51MWcmdQBPypVMlHx+f9ZGgB92SzI62D3yTFHiaUkgcbPsMEftwxjfwRmLx
W3Vfb8RTBrEC5AKvl2/N352K9zWOeMB3Cx/g6FIgqM4PuCerki0nBNuhZ5BipnmV
MIrNMZBrFeLa1l3Qwbk0K0cueafYZATC4nmVJU2l+xK7xXC6YyAjpCYDnl+XmF3M
A+KIsJdUB7yvcE3g1MAqRAsfMYPPEVZ6vIG36c39DT1c4epAq488oRnMwzBZQM9+
bW7n53DKhaM3dz17Po4q
=lGWm
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-go-maintainers mailing list
Pkg-go-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers

Reply via email to