Bug#819595: xscreensaver: please make the build reproducible

2016-04-05 Thread Tormod Volden 
tags 802914 pending
thanks

On Thu, Mar 31, 2016 at 1:01 AM, Sascha Steinbiss wrote:
>
> I have attached a patch to use a fixed, sorted order for these files.
> This makes the build reproducible for me in my local test environment.

Thanks for the patch, I have applied it.

Tormod

Bug#819595: xscreensaver: please make the build reproducible

2016-03-31 Thread Jamie Zawinski 
All of the files in question are lower case ASCII and begin with a letter. If 
you are spinning a wheel and choosing a random LANG every time you build, that 
sounds like a problem with your allegedly "reproducible" build system. set LANG 
to C before you type make if your locale has decided to sort ASCII text in some 
insane way.

--
Jamie Zawinski  https://www.jwz.org/  https://www.dnalounge.com/

Bug#819595: xscreensaver: please make the build reproducible

2016-03-31 Thread Sascha Steinbiss 
On Thu, 31 Mar 2016 07:17:42 +0100 Sascha Steinbiss
 wrote:
> On Wed, 30 Mar 2016 16:27:39 -0700 Jamie Zawinski  wrote:
>> But shell wildcards return sorted results. How does this change anything?
> 
> The problematic wildcard expansion here happens in a Makefile, and in
> contrast to bash, for example, the results there are not guaranteed
> to be sorted. At least not in Make versions >3.82 [1].

Now that I look at it again, the command is actually indeed evaluated by the
shell but may be subject to differences in sorting order based on locale. 
To obtain some variety, the test framework sets LC_ALL and LANG are set to ‘C’ 
in the first build and to ‘fr_CH.utf8' in the second build, resulting in 
different
sorting for random-walk.asm, random.asm and random2.asm.

Cheers,
Sascha

Bug#819595: xscreensaver: please make the build reproducible

2016-03-31 Thread Sascha Steinbiss 
On Wed, 30 Mar 2016 16:27:39 -0700 Jamie Zawinski  wrote:
> But shell wildcards return sorted results. How does this change anything?

The problematic wildcard expansion here happens in a Makefile, and in contrast 
to bash, for example, the results there are not guaranteed to be sorted. At 
least not in Make versions >3.82 [1].

To confirm this really was the culprit, I just rebuilt the original unpatched 
version in our reproducibility checking framework, and indeed it shows a 
difference in the m6502 binary after varying file order and locale [2]. This is 
no longer the case in the patched version.

Please let me know if there are any more questions.

Cheers,
Sascha

[1] https://reproducible-builds.org/docs/stable-inputs/
[2] https://reproducible.debian.net/rb-pkg/unstable/amd64/xscreensaver.html

Bug#819595: xscreensaver: please make the build reproducible

2016-03-30 Thread Jamie Zawinski 
But shell wildcards return sorted results. How does this change anything?

Bug#819595: xscreensaver: please make the build reproducible

2016-03-30 Thread Sascha Steinbiss 
Source: xscreensaver
Version: 5.34-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: fileordering

Dear Maintainer,

While working on the "reproducible builds" effort [1], we have noticed
that xscreensaver could not be built reproducibly.

The file hacks/Makefile.in uses wildcards to obtain parameters for a script,
leading to unstable input file order and potentially different resulting
binaries.

I have attached a patch to use a fixed, sorted order for these files.
This makes the build reproducible for me in my local test environment.

Regards,
Sascha

[1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/patches/81_deterministic_file_order.patch b/debian/patches/81_deterministic_file_order.patch
new file mode 100644
index 000..3383986
--- /dev/null
+++ b/debian/patches/81_deterministic_file_order.patch
@@ -0,0 +1,13 @@
+--- a/hacks/Makefile.in
 b/hacks/Makefile.in
+@@ -854,8 +854,8 @@
+ 
+ m6502.h:
+ 	@echo "building m6502.h from $(srcdir)/images/m6502/*.asm"; \
+-	UTILS_SRC="$(UTILS_SRC)" \
+-	$(srcdir)/m6502.sh m6502.h $(srcdir)/images/m6502/*.asm
++	find $(srcdir)/images/m6502/ -name '*.asm' | LC_ALL=C sort | \
++	  UTILS_SRC="$(UTILS_SRC)" xargs $(srcdir)/m6502.sh m6502.h
+ 
+ m6502.o:	m6502.h
+ m6502:		m6502.o		asm6502.o $(HACK_OBJS) $(ATV)
diff --git a/debian/patches/series b/debian/patches/series
index e446a27..7c98703 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -21,3 +21,4 @@
 
 57_grabDesktopImages_default_off.patch
 80_Makefile_in-clean-fix.patch
+81_deterministic_file_order.patch