subject:"Bug#834050\: libpam\-ldap\: please make the build reproducible"

Bug#834050: libpam-ldap: please make the build reproducible

2022-11-17 Thread Vagrant Cascadian

On 2022-11-17, Lucas Castro wrote:
> Thanks. = )

Well hi there!

Would you mind me re-uploading without delay or a reduced delay?

live well,
  vagrant

> Em 17/11/2022 16:48, Vagrant Cascadian escreveu:
>> Control: tags 834050 pending
>>
>> On 2017-02-15, Chris Lamb wrote:
>>> Lucas Castro wrote:
>>>
 I suppose the patch hadn't fixed the bug.
>>> Ah, try:
>>>
>>>--- libpam-ldap-186.orig/vers_string
>>>+++ libpam-ldap-186/vers_string
>>>@@ -14,6 +14,10 @@ if ($ENV{'PROGRAM'}) { $PROGRAM = $ENV{'
>>>   
>>> chop($AUTHOR);
>>> chop($DATE=`date -u`);
>>>+if (defined $ENV{SOURCE_DATE_EPOCH}) {
>>>+chop($DATE=`LC_ALL=C date --date="@\${SOURCE_DATE_EPOCH}" -u`);
>>>+$AUTHOR="NO DEVELOPER SET";
>>>+}
>>> chop($CWD=`pwd`);
>>>   
>>> ($PROJECT, $VERSION) = split(/\-/, ());
>> This solved both the timestamp and build user issue!
>>
>> There was another issue where the package and version information is
>> derived from the top-level build directory, but this can be fixed easily
>> by passing PROGRAM to dh_auto_build.
>>
>> Uploaded an NMU to DELAYED/10 which fixes both outstanding issues:
>>
>> diff -Nru libpam-ldap-186/debian/changelog libpam-ldap-186/debian/changelog
>> --- libpam-ldap-186/debian/changelog 2017-05-31 10:19:41.0 -0700
>> +++ libpam-ldap-186/debian/changelog 2022-11-17 11:42:13.0 -0800
>> @@ -1,3 +1,17 @@
>> +libpam-ldap (186-4.1) unstable; urgency=medium
>> +
>> +  * Non-maintainer upload.
>> +
>> +  [ Chris Lamb ]
>> +  * vers_string: Use fixed value for AUTHOR if SOURCE_DATE_EPOCH is
>> +set. (Closes: #834050)
>> +
>> +  [ Vagrant Cascadian ]
>> +  * debian/rules: Pass PROGRAM to dh_auto_build override.
>> +(Closes: #834050)
>> +
>> + -- Vagrant Cascadian   Thu, 17 Nov 2022 
>> 11:42:13 -0800
>> +
>>   libpam-ldap (186-4) unstable; urgency=medium
>>   
>> * Install /usr/share/pam-configs/ldap
>> diff -Nru libpam-ldap-186/debian/patches/series 
>> libpam-ldap-186/debian/patches/series
>> --- libpam-ldap-186/debian/patches/series2017-02-10 20:39:24.0 
>> -0800
>> +++ libpam-ldap-186/debian/patches/series2022-11-17 11:42:13.0 
>> -0800
>> @@ -6,3 +6,4 @@
>>   reproducible_build.patch
>>   configfile_install.patch
>>   configfile_references.patch
>> +vers_string-use-fixed-value-for-author-i.patch
>> diff -Nru 
>> libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch
>>  
>> libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch
>> --- 
>> libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch
>> 1969-12-31 16:00:00.0 -0800
>> +++ 
>> libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch
>> 2022-11-17 11:42:13.0 -0800
>> @@ -0,0 +1,21 @@
>> +From: Chris Lamb 
>> +Date: Wed, 15 Feb 2017 17:12:58 +1300
>> +X-Dgit-Generated: 186-4.1 98efdb0f8a716ed9c1403523c90f3b0b6ff8c493
>> +Subject: vers_string: Use fixed value for AUTHOR if SOURCE_DATE_EPOCH is 
>> set.
>> +
>> +(Closes: #834050)
>> +
>> +---
>> +
>> +diff --git a/vers_string b/vers_string
>> +index 11af68a..5a072f3 100755
>> +--- a/vers_string
>>  b/vers_string
>> +@@ -16,6 +16,7 @@ chop($AUTHOR);
>> + chop($DATE=`date -u`);
>> + if (defined $ENV{SOURCE_DATE_EPOCH}) {
>> +chop($DATE=`LC_ALL=C date --date="@\${SOURCE_DATE_EPOCH}" -u`);
>> ++   $AUTHOR="NO DEVELOPER SET";
>> + }
>> + chop($CWD=`pwd`);
>> +
>> diff -Nru libpam-ldap-186/debian/rules libpam-ldap-186/debian/rules
>> --- libpam-ldap-186/debian/rules 2017-05-31 10:19:28.0 -0700
>> +++ libpam-ldap-186/debian/rules 2022-11-17 11:42:13.0 -0800
>> @@ -4,6 +4,8 @@
>>   
>>   export DEB_BUILD_MAINT_OPTIONS= hardening=+bindnow
>>   
>> +include /usr/share/dpkg/pkg-info.mk
>> +
>>   %:
>>  dh $@ --with autoreconf
>>   
>> @@ -17,3 +19,6 @@
>>  dh_install
>>  install -D -m 644 debian/libpam-ldap.pam-auth-update \
>>  debian/libpam-ldap/usr/share/pam-configs/ldap
>> +
>> +override_dh_auto_build:
>> +dh_auto_build -- PROGRAM=$(DEB_SOURCE)-$(DEB_VERSION_UPSTREAM)
>>
>>
>>
>> live well,
>>vagrant


signature.asc
Description: PGP signature

Bug#834050: libpam-ldap: please make the build reproducible

2022-11-17 Thread Lucas Castro


Thanks. = )

Em 17/11/2022 16:48, Vagrant Cascadian escreveu:

Control: tags 834050 pending

On 2017-02-15, Chris Lamb wrote:

Lucas Castro wrote:


I suppose the patch hadn't fixed the bug.

Ah, try:

   --- libpam-ldap-186.orig/vers_string
   +++ libpam-ldap-186/vers_string
   @@ -14,6 +14,10 @@ if ($ENV{'PROGRAM'}) { $PROGRAM = $ENV{'
  
chop($AUTHOR);

chop($DATE=`date -u`);
   +if (defined $ENV{SOURCE_DATE_EPOCH}) {
   +chop($DATE=`LC_ALL=C date --date="@\${SOURCE_DATE_EPOCH}" -u`);
   +$AUTHOR="NO DEVELOPER SET";
   +}
chop($CWD=`pwd`);
  
($PROJECT, $VERSION) = split(/\-/, ());

This solved both the timestamp and build user issue!

There was another issue where the package and version information is
derived from the top-level build directory, but this can be fixed easily
by passing PROGRAM to dh_auto_build.

Uploaded an NMU to DELAYED/10 which fixes both outstanding issues:

diff -Nru libpam-ldap-186/debian/changelog libpam-ldap-186/debian/changelog
--- libpam-ldap-186/debian/changelog2017-05-31 10:19:41.0 -0700
+++ libpam-ldap-186/debian/changelog2022-11-17 11:42:13.0 -0800
@@ -1,3 +1,17 @@
+libpam-ldap (186-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Chris Lamb ]
+  * vers_string: Use fixed value for AUTHOR if SOURCE_DATE_EPOCH is
+set. (Closes: #834050)
+
+  [ Vagrant Cascadian ]
+  * debian/rules: Pass PROGRAM to dh_auto_build override.
+(Closes: #834050)
+
+ -- Vagrant Cascadian   Thu, 17 Nov 2022 
11:42:13 -0800
+
  libpam-ldap (186-4) unstable; urgency=medium
  
* Install /usr/share/pam-configs/ldap

diff -Nru libpam-ldap-186/debian/patches/series 
libpam-ldap-186/debian/patches/series
--- libpam-ldap-186/debian/patches/series   2017-02-10 20:39:24.0 
-0800
+++ libpam-ldap-186/debian/patches/series   2022-11-17 11:42:13.0 
-0800
@@ -6,3 +6,4 @@
  reproducible_build.patch
  configfile_install.patch
  configfile_references.patch
+vers_string-use-fixed-value-for-author-i.patch
diff -Nru 
libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch 
libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch
--- 
libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch   
1969-12-31 16:00:00.0 -0800
+++ 
libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch   
2022-11-17 11:42:13.0 -0800
@@ -0,0 +1,21 @@
+From: Chris Lamb 
+Date: Wed, 15 Feb 2017 17:12:58 +1300
+X-Dgit-Generated: 186-4.1 98efdb0f8a716ed9c1403523c90f3b0b6ff8c493
+Subject: vers_string: Use fixed value for AUTHOR if SOURCE_DATE_EPOCH is set.
+
+(Closes: #834050)
+
+---
+
+diff --git a/vers_string b/vers_string
+index 11af68a..5a072f3 100755
+--- a/vers_string
 b/vers_string
+@@ -16,6 +16,7 @@ chop($AUTHOR);
+ chop($DATE=`date -u`);
+ if (defined $ENV{SOURCE_DATE_EPOCH}) {
+   chop($DATE=`LC_ALL=C date --date="@\${SOURCE_DATE_EPOCH}" -u`);
++  $AUTHOR="NO DEVELOPER SET";
+ }
+ chop($CWD=`pwd`);
+
diff -Nru libpam-ldap-186/debian/rules libpam-ldap-186/debian/rules
--- libpam-ldap-186/debian/rules2017-05-31 10:19:28.0 -0700
+++ libpam-ldap-186/debian/rules2022-11-17 11:42:13.0 -0800
@@ -4,6 +4,8 @@
  
  export DEB_BUILD_MAINT_OPTIONS= hardening=+bindnow
  
+include /usr/share/dpkg/pkg-info.mk

+
  %:
dh $@ --with autoreconf
  
@@ -17,3 +19,6 @@

dh_install
install -D -m 644 debian/libpam-ldap.pam-auth-update \
debian/libpam-ldap/usr/share/pam-configs/ldap
+
+override_dh_auto_build:
+   dh_auto_build -- PROGRAM=$(DEB_SOURCE)-$(DEB_VERSION_UPSTREAM)



live well,
   vagrant


OpenPGP_signature
Description: OpenPGP digital signature

Bug#834050: libpam-ldap: please make the build reproducible

2022-11-17 Thread Vagrant Cascadian

Control: tags 834050 pending

On 2017-02-15, Chris Lamb wrote:
> Lucas Castro wrote:
>
>> I suppose the patch hadn't fixed the bug.
>
> Ah, try:
>
>   --- libpam-ldap-186.orig/vers_string
>   +++ libpam-ldap-186/vers_string
>   @@ -14,6 +14,10 @@ if ($ENV{'PROGRAM'}) { $PROGRAM = $ENV{'
>  
>chop($AUTHOR);
>chop($DATE=`date -u`);
>   +if (defined $ENV{SOURCE_DATE_EPOCH}) {
>   +   chop($DATE=`LC_ALL=C date --date="@\${SOURCE_DATE_EPOCH}" -u`);
>   +   $AUTHOR="NO DEVELOPER SET";
>   +}
>chop($CWD=`pwd`);
>  
>($PROJECT, $VERSION) = split(/\-/, ());

This solved both the timestamp and build user issue!

There was another issue where the package and version information is
derived from the top-level build directory, but this can be fixed easily
by passing PROGRAM to dh_auto_build.

Uploaded an NMU to DELAYED/10 which fixes both outstanding issues:

diff -Nru libpam-ldap-186/debian/changelog libpam-ldap-186/debian/changelog
--- libpam-ldap-186/debian/changelog2017-05-31 10:19:41.0 -0700
+++ libpam-ldap-186/debian/changelog2022-11-17 11:42:13.0 -0800
@@ -1,3 +1,17 @@
+libpam-ldap (186-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Chris Lamb ]
+  * vers_string: Use fixed value for AUTHOR if SOURCE_DATE_EPOCH is
+set. (Closes: #834050)
+
+  [ Vagrant Cascadian ]
+  * debian/rules: Pass PROGRAM to dh_auto_build override.
+(Closes: #834050)
+
+ -- Vagrant Cascadian   Thu, 17 Nov 2022 
11:42:13 -0800
+
 libpam-ldap (186-4) unstable; urgency=medium
 
   * Install /usr/share/pam-configs/ldap
diff -Nru libpam-ldap-186/debian/patches/series 
libpam-ldap-186/debian/patches/series
--- libpam-ldap-186/debian/patches/series   2017-02-10 20:39:24.0 
-0800
+++ libpam-ldap-186/debian/patches/series   2022-11-17 11:42:13.0 
-0800
@@ -6,3 +6,4 @@
 reproducible_build.patch
 configfile_install.patch
 configfile_references.patch
+vers_string-use-fixed-value-for-author-i.patch
diff -Nru 
libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch 
libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch
--- 
libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch   
1969-12-31 16:00:00.0 -0800
+++ 
libpam-ldap-186/debian/patches/vers_string-use-fixed-value-for-author-i.patch   
2022-11-17 11:42:13.0 -0800
@@ -0,0 +1,21 @@
+From: Chris Lamb 
+Date: Wed, 15 Feb 2017 17:12:58 +1300
+X-Dgit-Generated: 186-4.1 98efdb0f8a716ed9c1403523c90f3b0b6ff8c493
+Subject: vers_string: Use fixed value for AUTHOR if SOURCE_DATE_EPOCH is set.
+
+(Closes: #834050)
+
+---
+
+diff --git a/vers_string b/vers_string
+index 11af68a..5a072f3 100755
+--- a/vers_string
 b/vers_string
+@@ -16,6 +16,7 @@ chop($AUTHOR);
+ chop($DATE=`date -u`);
+ if (defined $ENV{SOURCE_DATE_EPOCH}) {
+   chop($DATE=`LC_ALL=C date --date="@\${SOURCE_DATE_EPOCH}" -u`);
++  $AUTHOR="NO DEVELOPER SET";
+ }
+ chop($CWD=`pwd`);
+ 
diff -Nru libpam-ldap-186/debian/rules libpam-ldap-186/debian/rules
--- libpam-ldap-186/debian/rules2017-05-31 10:19:28.0 -0700
+++ libpam-ldap-186/debian/rules2022-11-17 11:42:13.0 -0800
@@ -4,6 +4,8 @@
 
 export DEB_BUILD_MAINT_OPTIONS= hardening=+bindnow
 
+include /usr/share/dpkg/pkg-info.mk
+
 %:
dh $@ --with autoreconf
 
@@ -17,3 +19,6 @@
dh_install
install -D -m 644 debian/libpam-ldap.pam-auth-update \
debian/libpam-ldap/usr/share/pam-configs/ldap
+
+override_dh_auto_build:
+   dh_auto_build -- PROGRAM=$(DEB_SOURCE)-$(DEB_VERSION_UPSTREAM)



live well,
  vagrant


signature.asc
Description: PGP signature

Bug#834050: libpam-ldap: please make the build reproducible

2020-09-02 Thread Lucas Castro




On 9/2/20 7:52 PM, Chris Lamb wrote:

Hi Lucas,


I'm little busy this days,

If someone could make patch, please make a NMU.

I think I will personally refrain from doing an NMU for such an
important security-related package for this issue, but thank you for
the 'go ahead'.

Indeed, given the importance of this package, is it ridiculous to suggest 
seeking a co-maintainer on debian-devel?

Of course not.

Regards,

--
   ,''`.
  : :'  : Chris Lamb
  `. `'`  la...@debian.org  chris-lamb.co.uk
`-


--
Lucas Castro

Bug#834050: libpam-ldap: please make the build reproducible

2020-09-02 Thread Chris Lamb

Hi Lucas,

> I'm little busy this days,
>
> If someone could make patch, please make a NMU.

I think I will personally refrain from doing an NMU for such an
important security-related package for this issue, but thank you for
the 'go ahead'.

Indeed, given the importance of this package, is it ridiculous to suggest 
seeking a co-maintainer on debian-devel?


Regards,

--
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org  chris-lamb.co.uk
   `-

Bug#834050: libpam-ldap: please make the build reproducible

2020-09-01 Thread Lucas Castro


I'm little busy this days,

If someone could make patch, please make a NMU.


On 9/1/20 7:53 PM, Chris Lamb wrote:

Chris Lamb wrote:


[..]

Gentle ping on this?


Regards,


--
Lucas Castro

Bug#834050: libpam-ldap: please make the build reproducible

2020-09-01 Thread Chris Lamb

Chris Lamb wrote:

> [..]

Gentle ping on this?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#834050: libpam-ldap: please make the build reproducible

2017-02-14 Thread Chris Lamb

Lucas Castro wrote:

> I suppose the patch hadn't fixed the bug.

Ah, try:

  --- libpam-ldap-186.orig/vers_string
  +++ libpam-ldap-186/vers_string
  @@ -14,6 +14,10 @@ if ($ENV{'PROGRAM'}) { $PROGRAM = $ENV{'
 
   chop($AUTHOR);
   chop($DATE=`date -u`);
  +if (defined $ENV{SOURCE_DATE_EPOCH}) {
  + chop($DATE=`LC_ALL=C date --date="@\${SOURCE_DATE_EPOCH}" -u`);
  + $AUTHOR="NO DEVELOPER SET";
  +}
   chop($CWD=`pwd`);
 
   ($PROJECT, $VERSION) = split(/\-/, ());


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#834050: libpam-ldap: please make the build reproducible

2017-02-14 Thread Lucas Castro

Hello,
I suppose the patch hadn't fixed the bug.

It can be check on [1].


[1]
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/libpam-ldap.html


Em 04-02-2017 20:54, Lucas Castro escreveu:
>
> Sorry, I hadn't noticed the report.
>
> Tomorrow I'm going to take a loot at it.
>
>
> --
> Lucas Castro
> Em 04-02-2017 18:00, Chris Lamb escreveu:
>>>  this patch and uploading?
>> Friendly ping on this :)
>>
>>
>> Best wishes,
>



signature.asc
Description: OpenPGP digital signature

Bug#834050: libpam-ldap: please make the build reproducible

2017-02-04 Thread Lucas Castro

Sorry, I hadn't noticed the report.

Tomorrow I'm going to take a loot at it.


--
Lucas Castro
Em 04-02-2017 18:00, Chris Lamb escreveu:
>>  this patch and uploading?
> Friendly ping on this :)
>
>
> Best wishes,



signature.asc
Description: OpenPGP digital signature

Bug#834050: libpam-ldap: please make the build reproducible

2017-02-04 Thread Chris Lamb

> Would you consider applying this patch and uploading?

Friendly ping on this :)


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#834050: libpam-ldap: please make the build reproducible

2016-10-17 Thread Chris Lamb

Dear Maintainer,

> Source: libpam-ldap
> Version: 184-8.5
> Tags: patch

There hasn't seem to be any update on this bug in 66 days, in which
time the Reproducible Builds effort has come on a long way. :)

Would you consider applying this patch and uploading?


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#834050: libpam-ldap: please make the build reproducible

2016-08-11 Thread Chris Lamb

Source: libpam-ldap
Version: 186-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org

Hi,

Whilst working on the "reproducible builds" effort [0], we noticed
that libpam-ldap could not be built reproducibly.

Patch attached.

 [0] https://wiki.debian.org/ReproducibleBuilds


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- a/debian/patches/reproducible_build.patch   1970-01-01 01:00:00.0 
+0100
--- b/debian/patches/reproducible_build.patch   2016-08-11 17:24:10.813698405 
+0100
@@ -0,0 +1,16 @@
+Description: Make the build reproducible
+Author: Chris Lamb 
+Last-Update: 2016-08-11
+
+--- libpam-ldap-186.orig/vers_string
 libpam-ldap-186/vers_string
+@@ -14,6 +14,9 @@ if ($ENV{'PROGRAM'}) { $PROGRAM = $ENV{'
+ 
+ chop($AUTHOR);
+ chop($DATE=`date -u`);
++if (defined $ENV{SOURCE_DATE_EPOCH}) {
++  chop($DATE=`LC_ALL=C date --date="@\${SOURCE_DATE_EPOCH}" -u`);
++}
+ chop($CWD=`pwd`);
+ 
+ ($PROJECT, $VERSION) = split(/\-/, ());
--- a/debian/patches/series 2016-08-11 17:18:11.882715439 +0100
--- b/debian/patches/series 2016-08-11 17:24:09.565688068 +0100
@@ -3,3 +3,4 @@
 log_shadowlastchange_failure
 username_for_memberuid
 manpage_fix_spell.patch
+reproducible_build.patch

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

Bug#834050: libpam-ldap: please make the build reproducible

13 matches

Site Navigation

Mail list logo

Footer information