Bug#722166: bobcat: Please do not write timestamps in gzip files
Dear J??r??my Bobbio, you wrote: Control: tags -1 + patch tony mancill: Thanks for the suggestion and for looking into the cause of the issue with the bobcat build. I'm suspect that Frank, the upstream developer, will be willing to address this in a future upstream release. Of course I am. Could somebody please enlighten me what the problem actually is? This is the first time in my l-o-o-o-o-ng life that I learn about a thing called a `timestamp of a gzip file' and that it may cause problems. I'll adapt the upstream sources later this week. Cheers, -- Frank B. Brokken Center for Information Technology, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl Key Fingerprint: DF32 13DE B156 7732 E65E 3B4D 7DB2 A8BE EAE4 D8AA -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722166: bobcat: Please do not write timestamps in gzip files
Hi Frank, Frank B. Brokken: Of course I am. Could somebody please enlighten me what the problem actually is? This is the first time in my l-o-o-o-o-ng life that I learn about a thing called a `timestamp of a gzip file' and that it may cause problems. In Debian context, it currently can pause problem for multiarch: http://lintian.debian.org/tags/gzip-file-is-not-multi-arch-same-safe.html Some people are also working on having byte-by-byte reproducible builds [1]. This adds a way to verify that a given source produces the same binary. When done by multiple independent people, this would give Debian some resistance against targatted attacks on its developers. For the latter to work, we need to eliminate any variations coming from external factors, like timestamps. [1] http://wiki.debian.org/ReproducibleBuilds Hope that helps, -- Lunar.''`. lu...@debian.org: :Ⓐ : # apt-get install anarchism `. `'` `- signature.asc Description: Digital signature
Bug#722166: bobcat: Please do not write timestamps in gzip files
Dear J?r?my Bobbio, you wrote: ... For the latter to work, we need to eliminate any variations coming from external factors, like timestamps. Hope that helps, Absolutely, Thanks for the speedy clarification! Cheers, -- Frank B. Brokken Center for Information Technology, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl Key Fingerprint: DF32 13DE B156 7732 E65E 3B4D 7DB2 A8BE EAE4 D8AA -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722166: bobcat: Please do not write timestamps in gzip files
On Mon, Sep 09, 2013 at 08:47:49AM +0200, Frank B. Brokken wrote: Dear J?r?my Bobbio, you wrote: ... For the latter to work, we need to eliminate any variations coming from external factors, like timestamps. Hope that helps, Absolutely, Thanks for the speedy clarification! Cheers, Hi Frank, There is a ready-to-go patch against icmake/install in the debian/patches/ folder on Alioth. I went ahead and uploaded an updated Debian version last night, so there's no need for you to do a new upstream release just for this change, but please do include it with the next regularly scheduled upstream release. Cheers, tony -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722166: bobcat: Please do not write timestamps in gzip files
Package: bobcat Version: 3.15.00-1 Severity: wishlist Hi! In the effort of making Debian binary package build reproducible [1], I have noticed that your package currently ship gz compressed files with a timestamp. Adding the `-n` or `--no-name` flag to the various calls to `gzip` made in `icmake/install` would happily solve the problem. [1] http://wiki.debian.org/ReproducibleBuilds Thanks, -- Lunar.''`. lu...@debian.org: :Ⓐ : # apt-get install anarchism `. `'` `- signature.asc Description: Digital signature
Bug#722166: bobcat: Please do not write timestamps in gzip files
On 09/08/2013 10:30 AM, Jérémy Bobbio wrote: Package: bobcat Version: 3.15.00-1 Severity: wishlist Hi! In the effort of making Debian binary package build reproducible [1], I have noticed that your package currently ship gz compressed files with a timestamp. Adding the `-n` or `--no-name` flag to the various calls to `gzip` made in `icmake/install` would happily solve the problem. [1] http://wiki.debian.org/ReproducibleBuilds Thanks, Hi Jeremy, Thanks for the suggestion and for looking into the cause of the issue with the bobcat build. I'm suspect that Frank, the upstream developer, will be willing to address this in a future upstream release. Cheers, tony signature.asc Description: OpenPGP digital signature
Bug#722166: bobcat: Please do not write timestamps in gzip files
Control: tags -1 + patch
tony mancill:
Thanks for the suggestion and for looking into the cause of the issue
with the bobcat build. I'm suspect that Frank, the upstream developer,
will be willing to address this in a future upstream release.
Great! Attached is a patch that indeed did the trick. :)
--
Lunar.''`.
lu...@debian.org: :Ⓐ : # apt-get install anarchism
`. `'`
`-
--- r2/bobcat-3.15.00/icmake/install 2012-02-08 20:56:04.0 +
+++ r1/bobcat-3.15.00/icmake/install 2013-09-08 17:32:26.867701666 +
@@ -10,7 +10,7 @@
for (idx = sizeof(man); idx--; )
{
file = element(idx, man);
-run(gzip -9 + src + file ++ dest + file + .gz);
+run(gzip -n -9 + src + file ++ dest + file + .gz);
}
}
@@ -26,7 +26,7 @@
for (idx = sizeof(files); idx--; )
{
file = element(idx, files);
-run(gzip -9 + file ++ dest + file + .gz);
+run(gzip -n -9 + file ++ dest + file + .gz);
}
}
@@ -59,7 +59,7 @@
rungzip9(tmp/man/man3/, dev + MAN + /man3/);
-run(gzip -9 tmp/man/man7/bobcat.7 +
+run(gzip -n -9 tmp/man/man7/bobcat.7 +
dev + MAN + /man7/bobcat.7.gz);
#endif
signature.asc
Description: Digital signature
