Source: apparmor Version: 2.10-1 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: locale X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
Hi! While working on the "reproducible builds" effort [1], we have noticed that apparmor could not be built reproducibly. The CAPABILITIES list, which is used for compiling apparmor_parser and the apparmor.vim file, has a different order depending on the locale. The attached patch fixes this by sorting with the locale set to C. Regards, Reiner [1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/patches/series b/debian/patches/series index f5229dc..6469e8b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -24,6 +24,7 @@ add-chromium-browser.patch pass-compiler-flags.patch raise-test-timeout.patch non-linux.patch +sort-capabilities.patch # # Patches backported from upstream commits diff --git a/debian/patches/sort-capabilities.patch b/debian/patches/sort-capabilities.patch new file mode 100644 index 0000000..539b972 --- /dev/null +++ b/debian/patches/sort-capabilities.patch @@ -0,0 +1,16 @@ +Author: Reiner Herrmann <rei...@reiner-h.de> +Description: Sort capabilities independent of configured locale + +Index: apparmor-2.10/common/Make.rules +=================================================================== +--- apparmor-2.10.orig/common/Make.rules ++++ apparmor-2.10/common/Make.rules +@@ -82,7 +82,7 @@ pod_clean: + # ===================== + + # emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2" +-CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort) ++CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | LC_ALL=C sort) + + .PHONY: list_capabilities + list_capabilities:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
