Bug#783513: cdrkit: please allow dates in PVD to be set
Package: cdrkit Version: 9:1.1.11-3 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: toolchain timestamps Hi! While working on the “reproducible builds” effort [1], we have noticed that ISO images created by genisoimages could not be reproduced at a later time. The times written the PVD are always set to the current clock time. Same goes for RR relocations and files created on the fly like the boot catalog. The attached patch adds a “-creation-date” option to which can be given an arbitrary epoch that will further be used in the PVD and for the aforementioned files. [1]: https://wiki.debian.org/ReproducibleBuilds -- Lunar lu...@torproject.org diff --git a/genisoimage/.eltorito.c.swp b/genisoimage/.eltorito.c.swp new file mode 100644 index 000..a49fcbd Binary files /dev/null and b/genisoimage/.eltorito.c.swp differ diff --git a/genisoimage/genisoimage.1 b/genisoimage/genisoimage.1 index d05b24a..d69a1d4 100644 --- a/genisoimage/genisoimage.1 +++ b/genisoimage/genisoimage.1 @@ -976,6 +976,12 @@ in the .I .genisoimagerc file. .TP +.BI \-creation-date epoch +Specifies the date to be used as creation, modification and effective +date in the volume descriptor and for files and relocations created +on the fly. Specified as a number of second since +1970-01-01 00:00:00 + (UTC); if 0, the current time is used. +.TP .B \-print\-size Print estimated filesystem size in multiples of the sector size (2048 bytes) and exit. This option is needed for diff --git a/genisoimage/genisoimage.c b/genisoimage/genisoimage.c index cfd079a..58397e9 100644 --- a/genisoimage/genisoimage.c +++ b/genisoimage/genisoimage.c @@ -169,6 +169,7 @@ char *abstract = ABSTRACT_DEFAULT; char *volset_id = VOLSET_ID_DEFAULT; char *volume_id = VOLUME_ID_DEFAULT; char *system_id = SYSTEM_ID_DEFAULT; +time_t creation_date = 0; char *boot_catalog = BOOT_CATALOG_DEFAULT; char *boot_image = BOOT_IMAGE_DEFAULT; char *genboot_image = BOOT_IMAGE_DEFAULT; @@ -405,6 +406,8 @@ struct ld_option { #define OPTION_ALLOW_LEADING_DOTS 1070 #define OPTION_PUBLISHER 1071 +#define OPTION_CREATION_DATE1072 + #ifdef JIGDO_TEMPLATE #define OPTION_JTT_OUTPUT 1101 #define OPTION_JTJ_OUTPUT 1102 @@ -522,6 +525,8 @@ static const struct ld_option ld_options[] = '\0', FILE, Check all ISO9660 names from previous session, ONE_DASH}, {{copyright, required_argument, NULL, OPTION_COPYRIGHT}, '\0', FILE, Set Copyright filename, ONE_DASH}, + {{creation-date, required_argument, NULL, OPTION_CREATION_DATE}, + '\0', NULL, Set volume creation date, ONE_DASH}, {{debug, no_argument, NULL, OPTION_DEBUG}, '\0', NULL, Set debug flag, ONE_DASH}, {{eltorito-boot, required_argument, NULL, 'b'}, @@ -1721,6 +1726,22 @@ int main(int argc, char *argv[]) #endif } break; + case OPTION_CREATION_DATE: + { + char *end = 0; + + creation_date = strtol(optarg, end, 10); + if (!end || *end != 0) { +#ifdef USE_LIBSCHILY +comerrno(EX_BAD, Bad epoch for -creation-date\n); +#else +fprintf(stderr, Bad epoch for -creation-date\n); +exit(1); +#endif + } + break; + } + case OPTION_DEBUG: debug++; break; diff --git a/genisoimage/genisoimage.h b/genisoimage/genisoimage.h index bbedfb0..c49576c 100644 --- a/genisoimage/genisoimage.h +++ b/genisoimage/genisoimage.h @@ -650,6 +650,7 @@ extern char *appid; extern char *volset_id; extern char *system_id; extern char *volume_id; +extern time_t creation_date; extern char *boot_catalog; extern char *boot_image; extern char *genboot_image; diff --git a/genisoimage/tree.c b/genisoimage/tree.c index 7805888..f17a662 100644 --- a/genisoimage/tree.c +++ b/genisoimage/tree.c @@ -783,7 +783,11 @@ generate_reloc_directory() struct directory_entry *s_entry; /* Create an entry for our internal tree */ - time(current_time); + if (creation_date == 0) { + time(current_time); + } else { + current_time = creation_date; + } reloc_dir = (struct directory *) e_malloc(sizeof (struct directory)); memset(reloc_dir, 0, sizeof (struct directory)); @@ -2680,7 +2684,11 @@ init_fstatbuf() time_t current_time; if (fstatbuf.st_ctime == 0) { - time(current_time); + if (creation_date == 0) { + time(current_time); + } else { + current_time = creation_date; + } if (rationalize_uid) fstatbuf.st_uid = uid_to_use; else diff --git a/genisoimage/write.c b/genisoimage/write.c index a423ab1..f63507c 100644 --- a/genisoimage/write.c +++ b/genisoimage/write.c @@ -1885,12 +1885,17 @@ pvd_write(FILE *outfile) int should_write; struct tm local; struct tm gmt; + time_t pvd_date; time(begun); - local = *localtime(begun); - gmt = *gmtime(begun); + if (creation_date == 0) { + creation_date = begun; + } + + local = *localtime(creation_date); + gmt = *gmtime(creation_date); /* * There was a comment here about breaking in the year 2000. signature.asc Description
Bug#782905: seabios: please make seabios build reproducible
Source: seabios Version: 1.7.5-1 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps hostname Hi! While working on the “reproducible builds” effort [1], we have noticed that seabios could not be built reproducibly. The attached patch adds a way to configure the time and the hostname in the version string through environment variables. These variables are then set in debian/rules. Once applied, seabios can be built reproducibly in our current experimental framework. [1]: https://wiki.debian.org/ReproducibleBuilds -- Lunar lu...@torproject.org diff -Nru seabios-1.7.5/debian/changelog seabios-1.7.5/debian/changelog --- seabios-1.7.5/debian/changelog 2014-05-31 08:29:25.0 + +++ seabios-1.7.5/debian/changelog 2015-04-19 17:00:54.0 + @@ -1,3 +1,14 @@ +seabios (1.7.5-1.0~reproducible1) UNRELEASED; urgency=low + + * make the build reproducible: +- add a patch to allow the build time and hostname embedded in + the version string to optionally be set through environment + variable +- set these variables to the latest debian/changelog entry for + the build time and debian for the hostname in debian/rules + + -- Jérémy Bobbio lu...@debian.org Sun, 19 Apr 2015 16:53:11 + + seabios (1.7.5-1) unstable; urgency=medium * new upstream release diff -Nru seabios-1.7.5/debian/patches/allow_external_time_and_hostname_for_version.patch seabios-1.7.5/debian/patches/allow_external_time_and_hostname_for_version.patch --- seabios-1.7.5/debian/patches/allow_external_time_and_hostname_for_version.patch 1970-01-01 00:00:00.0 + +++ seabios-1.7.5/debian/patches/allow_external_time_and_hostname_for_version.patch 2015-04-19 16:53:02.0 + @@ -0,0 +1,46 @@ +Description: short summary of the patch + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + seabios (1.7.5-1) unstable; urgency=medium + . + * new upstream release + * dropped all patches taken from upstream + * disabled more features (XEN USB_UAS) from the 128k bios build to fit + * set upstream source URL (Closes: #740471) +Author: Michael Tokarev m...@tls.msk.ru +Bug-Debian: https://bugs.debian.org/740471 + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: vendor|upstream|other, url of original patch +Bug: url in upstream bugtracker +Bug-Debian: https://bugs.debian.org/bugnumber +Bug-Ubuntu: https://launchpad.net/bugs/bugnumber +Forwarded: no|not-needed|url proving that it has been forwarded +Reviewed-By: name and email of someone who approved the patch +Last-Update: -MM-DD + +--- seabios-1.7.5.orig/scripts/buildversion.sh seabios-1.7.5/scripts/buildversion.sh +@@ -11,7 +11,13 @@ elif [ -f .version ]; then + else + VERSION=? + fi +-VERSION=${VERSION}-`date +%Y%m%d_%H%M%S`-`hostname` ++if ! [ $BUILD_TIME ]; then ++BUILD_TIME=`date +%Y%m%d_%H%M%S` ++fi ++if ! [ $HOSTNAME ]; then ++HOSTNAME=`hostname` ++fi ++VERSION=${VERSION}-${BUILD_TIME}-${HOSTNAME} + echo Version: ${VERSION} + + # Build header file diff -Nru seabios-1.7.5/debian/patches/series seabios-1.7.5/debian/patches/series --- seabios-1.7.5/debian/patches/series 1970-01-01 00:00:00.0 + +++ seabios-1.7.5/debian/patches/series 2015-04-19 16:58:15.0 + @@ -0,0 +1 @@ +allow_external_time_and_hostname_for_version.patch diff -Nru seabios-1.7.5/debian/rules seabios-1.7.5/debian/rules --- seabios-1.7.5/debian/rules 2014-05-31 08:20:17.0 + +++ seabios-1.7.5/debian/rules 2015-04-19 16:52:59.0 + @@ -10,6 +10,12 @@ DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +# Set reproducible values for scripts/buildversion.sh +BUILD_TIME = $(shell dpkg-parsechangelog -S Date | date -u -f - +%Y%m%d_%H%M%S) +export BUILD_TIME +HOSTNAME = debian +export HOSTNAME + VGABIOSES = cirrus stdvga vmware qxl isavga VGABIOS_TARGETS = $(addprefix build/vgabios-, $(addsuffix .bin, $(VGABIOSES))) BUILD_TARGETS = build/bios.bin build/bios-256k.bin \ signature.asc Description: Digital signature
Bug#765044: debbindiff: assumes all .a are ELF files
Package: debbindiff Version: 3 Severity: normal debbindiff currently assumes that all .a are ELF files. This does not work when they are actually made of Mach-O symbols. -- Lunar lu...@torproject.org signature.asc Description: Digital signature
Bug#761796: torsocks: DNS complains
Control: retitle -1 Add an option to whitelist networks Control: severity -1 wishlist Control: forwarded -1 https://bugs.torproject.org/13184 tester: doing an update , flash need to download, source and build WARNING torsocks[12360]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons. (in tsocks_connect() at connect.c:177) It refused localhost is my DNS going through tor, this work fine on an earlier build of torsocks That's a security feature. What's missing is a way to whitelist your particular DNS resolver, as there is no way for torsocks to know that it's safe to use. -- Lunar.''`. lu...@debian.org: :Ⓐ : # apt-get install anarchism `. `'` `- signature.asc Description: Digital signature
Bug#750688: ooniprobe package recommends lists a non existent package
Control: tag -1 + pending Arturo Filastò: Package: ooniprobe Version: 1.0.2-1 In the install recommends of ooniprobe there is a dependency named python-dumpnet. That should be python-dumbnet instead. Fixed in 33b5b7d. -- Lunar.''`. lu...@debian.org: :Ⓐ : # apt-get install anarchism `. `'` `- signature.asc Description: Digital signature
Bug#320670: anarchism: Missing append4.html
Package: anarchism Version: 11.1-1 Severity: important The file append4.html does not exist in the html/ directory, but is referenced by at least index.html. The append4.txt exists in the text/ directory, though. Regards, Lunar. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (10, 'unstable') Architecture: powerpc (ppc) Kernel: Linux 2.6.13-rc4+swsusp2.1.9.11 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- no debconf information pgpkNLMWDAUWU.pgp Description: PGP signature
Bug#294787: parser and signed char
Hi, The problem relies in the parser code: it relies on the fact that char are unsigned which is untrue on PPC. Attached is a patch that fixes the following in the parser: * Buffer overflow for any string longer than 500 chars. * Errors appearing on PowerPC. * Some warnings. Please note that the package cointains parser.c which can be generated from parser.y. Removing parser.c would add a Build-Depends on bison, though. Cheers, Jérémy. --- ../labplot-1.4.0/src/parser.y 2004-02-02 01:07:34.0 +0100 +++ src/parser.y 2005-02-14 13:45:12.0 +0100 @@ -49,15 +49,14 @@ symrec *sym_table = (symrec *) 0; double parse(char *str) { - int i; pos=0; /* reset string, because it's global ! */ - for (i=0;i500;i++) - string[i]=EOF; + bzero(string, PARSE_STRING_SIZE); - strcpy(string,str); - string[strlen(str)]='\n'; + /* leave space to terminate string by \n\0 */ + strncpy(string, str, PARSE_STRING_SIZE - 2); + string[strlen(string)] = '\n'; init_table(); yyparse(); @@ -114,9 +113,9 @@ } static int getcharstr(void) { -if (pos = strlen(string)) +if ('\0' == string[pos]) return EOF; -return (string[pos++]); +return (int) string[pos++]; } static void ungetcstr(void) { --- ../labplot-1.4.0/src/parser.h 2004-02-02 01:06:37.0 +0100 +++ src/parser.h 2005-02-14 13:32:09.0 +0100 @@ -46,18 +46,21 @@ typedef struct symrec symrec; -symrec *putsym (const char *,int func_t); +double parse(char *str); +symrec *putsym (const char *, int); symrec *getsym (const char *); void init_table(void); int yyerror (const char*); -int yylex (); +int yylex(void); + +#define PARSE_STRING_SIZE 500 double res; int pos; -char string[500]; +unsigned char string[PARSE_STRING_SIZE]; struct init { - char *fname; + char const *fname; #ifdef USE_SOLARIS double (*fnct)(double); #else @@ -66,7 +69,7 @@ }; struct con { - char *name; + char const *name; double value; }; pgpCgeSAXl0mB.pgp Description: PGP signature
Bug#294989: dovecot-common postinst should filter out comments when getting ssl_cert_file
Package: dovecot-common Version: 0.99.13-6 Severity: normal After updating to latest dovecot-common package, I got this output from postinst script: Setting up dovecot-common (0.99.13-6) ... Installing new version of config file /etc/init.d/dovecot ... [: 65: /etc/ssl/example.com/example.com.crt: unexpected operator Creating generic self-signed certificate: /etc/ssl/example.com/server.crt /etc/ssl/example.com/example.com.crt (replace with hand-crafted or authorized one if needed). Warning : Bad SSL config, can't generate certificate chown: cannot access `/etc/ssl/example.com/server.crt': No such file or directory chgrp: cannot access `/etc/ssl/example.com/server.crt': No such file or directory chmod: cannot access `/etc/ssl/example.com/server.crt': No such file or directory chown: cannot access `/etc/ssl/example.com/server.pem': No such file or directory chgrp: cannot access `/etc/ssl/example.com/server.pem': No such file or directory chmod: cannot access `/etc/ssl/example.com/server.pem': No such file or directory After digging in postinst script, here is the problem: $ grep ssl_cert_file /etc/dovecot/dovecot.conf #ssl_cert_file = /etc/ssl/example.com/server.crt ssl_cert_file = /etc/ssl/example.com/example.com.crt SSL_CERT is currently defined as: /etc/ssl/example.com/server.crt /etc/ssl/example.com/example.com.crt This (same for SSL_KEY) makes the rest of the script failing. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.9 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages dovecot-common depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libldap22.1.30-3 OpenLDAP libraries ii libmysqlclient124.0.23-4 mysql database client library ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g0.76-22 Pluggable Authentication Modules l ii libpq3 7.4.7-1 PostgreSQL C client library ii libsasl22.1.19-1.5 Authentication abstraction library ii libssl0.9.7 0.9.7e-2 SSL shared libraries ii openssl 0.9.7e-2 Secure Socket Layer (SSL) binary a ii zlib1g 1:1.2.2-3compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]