Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 12:42:28PM -0400, Ian Goldberg wrote: > Thanks to Lunar and dkg at the Internet Freedom Festival for showing me > a bunch of cool tools (including diffoscope -- try it!) to help make > reproducible builds. (If you don't know what there are or why they're > important, please see https://reproducible-builds.org/ .) > > OK, I've got pidgin-otr (and its dependencies) to a place where I can > build it on two different machines and get identical .exe (the > installer) and .zip files out. Now I'd like to see if others can get > the same binaries as well. We've had one non-reproduction reported. It turns out you have to have the "bison" package installed, or else the gettext dependency configures itself differently. Joy. So apt-get install bison before doing the test. After doing that, the reproduction was indeed successful. More data, please! Thanks, - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 05:42 PM, Ian Goldberg wrote: > Please report here either success, mismatched output (please include > diffoscope output if possible), or build failures. Please include your > build environment. > Hi, I've given it a try in a Docker Ubuntu image: root@4834a628a4ed:~# cat /etc/issue Ubuntu 14.04.4 LTS \n \l I have not been able to reproduce the hashes. I've gotten these: e417fde854fee1c53dc61d3fe76e2624d38b10b5991361cacd054ca3b8ca7d95 pidgin-otr-4.0.2.exe 5b54247a9b8300986a9dd881f5b34691e2eebef2cd116fbb3c7e5d168769fdf6 pidgin-otr-4.0.2-repro_jurre.zip Diffoscope output and the binaries i've build can be found here: http://jurrevanbergen.nl/otr/ Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 07:35 PM, Jurre van Bergen wrote: > > On 03/20/2016 05:42 PM, Ian Goldberg wrote: >> Please report here either success, mismatched output (please include >> diffoscope output if possible), or build failures. Please include your >> build environment. >> > Hi, > > I've given it a try in a Docker Ubuntu image: > > root@4834a628a4ed:~# cat /etc/issue > Ubuntu 14.04.4 LTS \n \l > > I have not been able to reproduce the hashes. I've gotten these: > > e417fde854fee1c53dc61d3fe76e2624d38b10b5991361cacd054ca3b8ca7d95 > pidgin-otr-4.0.2.exe > 5b54247a9b8300986a9dd881f5b34691e2eebef2cd116fbb3c7e5d168769fdf6 > pidgin-otr-4.0.2-repro_jurre.zip > > Diffoscope output and the binaries i've build can be found here: > http://jurrevanbergen.nl/otr/ > > Best, > Jurre > > > > ___ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev However, I will retry with installing the bison package first. Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 07:36:30PM +0100, Jurre van Bergen wrote: > However, I will retry with installing the bison package first. That wasn't the only issue (but it was indeed one of the issues). The other issue is that zip file you created had a "win32_export" top level directory that shouldn't be there. The Makefile.mingw cd's into that directory before creating the zip, so I'm not sure why that would be there? (Also, your zip file had a different name from the one the Makefile.mingw creates; did you rename it yourself? Or did you create the zipfile yourself instead of using the pidgin-otr-4.0.2.zip the INSTALL.mingw program creates for you?) ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 07:41 PM, Ian Goldberg wrote: > On Sun, Mar 20, 2016 at 07:36:30PM +0100, Jurre van Bergen wrote: >> However, I will retry with installing the bison package first. > That wasn't the only issue (but it was indeed one of the issues). The > other issue is that zip file you created had a "win32_export" top level > directory that shouldn't be there. The Makefile.mingw cd's into that > directory before creating the zip, so I'm not sure why that would be > there? (Also, your zip file had a different name from the one the > Makefile.mingw creates; did you rename it yourself? Or did you create > the zipfile yourself instead of using the pidgin-otr-4.0.2.zip the > INSTALL.mingw program creates for you?) I renamed that directory myself since it didn't zip it (I didn't had the dependency installed). - Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 07:45:37PM +0100, Jurre van Bergen wrote: > On 03/20/2016 07:41 PM, Ian Goldberg wrote: > > On Sun, Mar 20, 2016 at 07:36:30PM +0100, Jurre van Bergen wrote: > >> However, I will retry with installing the bison package first. > > That wasn't the only issue (but it was indeed one of the issues). The > > other issue is that zip file you created had a "win32_export" top level > > directory that shouldn't be there. The Makefile.mingw cd's into that > > directory before creating the zip, so I'm not sure why that would be > > there? (Also, your zip file had a different name from the one the > > Makefile.mingw creates; did you rename it yourself? Or did you create > > the zipfile yourself instead of using the pidgin-otr-4.0.2.zip the > > INSTALL.mingw program creates for you?) > > I renamed that directory myself since it didn't zip it (I didn't had the > dependency installed). This is a first cut of the required packages: sudo apt-get install mingw32 nsis faketime bison zip unzip tar \ wget diffutils findutils build-essential automake patch \ perl-base [Well, the above and their dependencies, of course.] If you could try a bare-bones Ubuntu 14.04 Docker, plus the above packages, and let me know what happens, that would be great! Thanks, - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 07:55 PM, Ian Goldberg wrote: > > This is a first cut of the required packages: > > sudo apt-get install mingw32 nsis faketime bison zip unzip tar \ > wget diffutils findutils build-essential automake patch \ > perl-base > > [Well, the above and their dependencies, of course.] > > If you could try a bare-bones Ubuntu 14.04 Docker, plus the above > packages, and let me know what happens, that would be great! > > Thanks, > >- Ian > Building as we speak. Just before, I got to match the exe with the one you have. The zip doesn't match yet. Let's see if we can pull this off now! Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 08:05:42PM +0100, Jurre van Bergen wrote: > Building as we speak. Just before, I got to match the exe with the one > you have. Awesome! > The zip doesn't match yet. Let's see if we can pull this off now! Be sure to let the Makefile build the zip, since it has to run zip under faketime in order to fix the timestamp in the zip header itself (which is different from the timestamps on the files within the zip archive). Thanks, - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 07:55 PM, Ian Goldberg wrote: > On Sun, Mar 20, 2016 at 07:45:37PM +0100, Jurre van Bergen wrote: >> On 03/20/2016 07:41 PM, Ian Goldberg wrote: >>> On Sun, Mar 20, 2016 at 07:36:30PM +0100, Jurre van Bergen wrote: However, I will retry with installing the bison package first. >>> That wasn't the only issue (but it was indeed one of the issues). The >>> other issue is that zip file you created had a "win32_export" top level >>> directory that shouldn't be there. The Makefile.mingw cd's into that >>> directory before creating the zip, so I'm not sure why that would be >>> there? (Also, your zip file had a different name from the one the >>> Makefile.mingw creates; did you rename it yourself? Or did you create >>> the zipfile yourself instead of using the pidgin-otr-4.0.2.zip the >>> INSTALL.mingw program creates for you?) >> I renamed that directory myself since it didn't zip it (I didn't had the >> dependency installed). > This is a first cut of the required packages: > > sudo apt-get install mingw32 nsis faketime bison zip unzip tar \ > wget diffutils findutils build-essential automake patch \ > perl-base I'd like to add `apt-get install gettext`. Otherwise we run into the following issue: potomo: './po/cs.po' keeping UTF-8 ./potomo: 56: ./potomo: msgfmt: not found msgfmt is shipped in gettext. Also, we need libtool: apt-get install libtool > [Well, the above and their dependencies, of course.] > > If you could try a bare-bones Ubuntu 14.04 Docker, plus the above > packages, and let me know what happens, that would be great! Now, what is interesting is this required packages list from above broke my build completely. I now get: + cd libotr-4.1.1 + unset CFLAGS + unset LDFLAGS + ./bootstrap + '[' '!' -e config ']' + autoreconf -i configure.ac:31: warning: macro 'AM_PATH_LIBGCRYPT' not found in library configure.ac:31: warning: macro 'AM_PATH_LIBGCRYPT' not found in library configure.ac:31: error: possibly undefined macro: AM_PATH_LIBGCRYPT If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoreconf: /usr/bin/autoconf failed with exit status: 1 + ./configure --with-pic --host=i586-mingw32msvc --prefix=/usr/i586-mingw32msvc --enable-static --disable-shared --with-libgcrypt-prefix=/usr/i586-mingw32msvc configure: WARNING: unrecognized options: --with-libgcrypt-prefix David and myself are trying to debug this over an instant messaging channel. No idea why this broke now and not before. Reproducible builds are interesting :) Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 20 Mar (12:42:28), Ian Goldberg wrote: > Thanks to Lunar and dkg at the Internet Freedom Festival for showing me > a bunch of cool tools (including diffoscope -- try it!) to help make > reproducible builds. (If you don't know what there are or why they're > important, please see https://reproducible-builds.org/ .) > > OK, I've got pidgin-otr (and its dependencies) to a place where I can > build it on two different machines and get identical .exe (the > installer) and .zip files out. Now I'd like to see if others can get > the same binaries as well. > > My build environment is a 64-bit Ubuntu 14.04, with packages updated to > today (20 Mar 2016). TODO: make an explicit list of required packages > and their versions, and perhaps some automated way to create a virtual > machine, install those packages, and proceed (gitian?). > > If you have a similar build environment, I'd love to see whether you can > reproduce these results. If you have a different one, I'd still be > interested to see what comes out differently. > > If you want to give it a go: > > wget https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.tar.gz > tar xzvvf pidgin-otr-4.0.2-repro.tar.gz > cd pidgin-otr-4.0.2 > time bash -x INSTALL.mingw > > > Note that the INSTALL.mingw script does some sudo stuff: it needs to > install some packages you may not have (mingw32 nsis faketime) and > install the dependency libraries in /usr/i586-mingw32msvc/. > > This build also does *not* build the Windows GTK or pidgin libraries > from source. It simply downloads them from the Internet, but does check > their sha256 checksums for correctness. It would be great if those two > projects also published reproducible builds of those libraries, of > course. > > When it's done (it takes about 6 minutes on my machines), see if you > match: > > $ sha256sum pidgin-otr-4.0.2.{exe,zip} > cab715f8805a800cef678adc1b46c1aa551e3e14e454a909d8269a0afac05d8c > pidgin-otr-4.0.2.exe Success: cab715f8805a800cef678adc1b46c1aa551e3e14e454a909d8269a0afac05d8c pidgin-otr-4.0.2.exe > aafad53d2aafa8deff613124a5027e3ab3bcfee73f23dea2a4191beb1dfad238 > pidgin-otr-4.0.2.zip Zip is a failure, (like Jurre): 0184dbd6c912d8073dd4a101e631c43ca89029c557964b56b71fc8d5c8793075 pidgin-otr-4.0.2.zip Not sure why, I'll run diffoscope to find out what is different. Thanks! David > > If you don't, you can grab the files I created (independently on two > machines) from here and use diffoscope to see what the differences are > with your version: > > https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.exe > https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.zip > > https://diffoscope.org/ (you can install it yourself, or just use the > online version at https://try.diffoscope.org/) > > > Please report here either success, mismatched output (please include > diffoscope output if possible), or build failures. Please include your > build environment. > > Thanks, > >- Ian > ___ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev signature.asc Description: PGP signature ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 08:57:24PM +0100, Jurre van Bergen wrote: > > [Well, the above and their dependencies, of course.] > > > > If you could try a bare-bones Ubuntu 14.04 Docker, plus the above > > packages, and let me know what happens, that would be great! > > Now, what is interesting is this required packages list from above broke > my build completely. I now get: > > + cd libotr-4.1.1 > + unset CFLAGS > + unset LDFLAGS > + ./bootstrap > + '[' '!' -e config ']' > + autoreconf -i > configure.ac:31: warning: macro 'AM_PATH_LIBGCRYPT' not found in library > configure.ac:31: warning: macro 'AM_PATH_LIBGCRYPT' not found in library > configure.ac:31: error: possibly undefined macro: AM_PATH_LIBGCRYPT This means it can't find /usr/i586-mingw32msvc/share/aclocal/libgcrypt.m4. Aha: it's probably looking for the *native* one and failing. But that said, we shouldn't actually have to run autoreconf (or bootstrap) at all. Can you try just removing "./bootstrap" from INSTALL.mingw and see what happens? > David and myself are trying to debug this over an instant messaging > channel. No idea why this broke now and not before. Did you perhaps have libgcrypt20-dev installed before, but not now? > Reproducible builds are interesting :) Indeed. Thanks for helping out! ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 03:55:16PM -0400, David Goulet wrote: > > When it's done (it takes about 6 minutes on my machines), see if you > > match: > > > > $ sha256sum pidgin-otr-4.0.2.{exe,zip} > > cab715f8805a800cef678adc1b46c1aa551e3e14e454a909d8269a0afac05d8c > > pidgin-otr-4.0.2.exe > > Success: > cab715f8805a800cef678adc1b46c1aa551e3e14e454a909d8269a0afac05d8c > pidgin-otr-4.0.2.exe Whee! That means the contents of the zipfile are going to be correct, but something about the zipping itself messed up. > > aafad53d2aafa8deff613124a5027e3ab3bcfee73f23dea2a4191beb1dfad238 > > pidgin-otr-4.0.2.zip > > Zip is a failure, (like Jurre): > > 0184dbd6c912d8073dd4a101e631c43ca89029c557964b56b71fc8d5c8793075 > pidgin-otr-4.0.2.zip > > Not sure why, I'll run diffoscope to find out what is different. Can you stick the zip file online somewhere? Thanks, - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 09:03 PM, Ian Goldberg wrote: > On Sun, Mar 20, 2016 at 08:57:24PM +0100, Jurre van Bergen wrote: >>> [Well, the above and their dependencies, of course.] >>> >>> If you could try a bare-bones Ubuntu 14.04 Docker, plus the above >>> packages, and let me know what happens, that would be great! >> Now, what is interesting is this required packages list from above broke >> my build completely. I now get: >> >> + cd libotr-4.1.1 >> + unset CFLAGS >> + unset LDFLAGS >> + ./bootstrap >> + '[' '!' -e config ']' >> + autoreconf -i >> configure.ac:31: warning: macro 'AM_PATH_LIBGCRYPT' not found in library >> configure.ac:31: warning: macro 'AM_PATH_LIBGCRYPT' not found in library >> configure.ac:31: error: possibly undefined macro: AM_PATH_LIBGCRYPT > This means it can't find /usr/i586-mingw32msvc/share/aclocal/libgcrypt.m4. > Aha: it's probably looking for the *native* one and failing. > > But that said, we shouldn't actually have to run autoreconf (or > bootstrap) at all. Can you try just removing "./bootstrap" from > INSTALL.mingw and see what happens? Will do! > >> David and myself are trying to debug this over an instant messaging >> channel. No idea why this broke now and not before. > Did you perhaps have libgcrypt20-dev installed before, but not now? Not at all, it's a clean and super minimal ubuntu 14.04 userland. 64mb as the base. No libgcrypt can be found. > >> Reproducible builds are interesting :) > Indeed. Thanks for helping out! My pleasure! ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 09:06 PM, Jurre van Bergen wrote: > > On 03/20/2016 09:03 PM, Ian Goldberg wrote: >> On Sun, Mar 20, 2016 at 08:57:24PM +0100, Jurre van Bergen wrote: [Well, the above and their dependencies, of course.] If you could try a bare-bones Ubuntu 14.04 Docker, plus the above packages, and let me know what happens, that would be great! >>> Now, what is interesting is this required packages list from above broke >>> my build completely. I now get: >>> >>> + cd libotr-4.1.1 >>> + unset CFLAGS >>> + unset LDFLAGS >>> + ./bootstrap >>> + '[' '!' -e config ']' >>> + autoreconf -i >>> configure.ac:31: warning: macro 'AM_PATH_LIBGCRYPT' not found in library >>> configure.ac:31: warning: macro 'AM_PATH_LIBGCRYPT' not found in library >>> configure.ac:31: error: possibly undefined macro: AM_PATH_LIBGCRYPT >> This means it can't find /usr/i586-mingw32msvc/share/aclocal/libgcrypt.m4. >> Aha: it's probably looking for the *native* one and failing. >> >> But that said, we shouldn't actually have to run autoreconf (or >> bootstrap) at all. Can you try just removing "./bootstrap" from >> INSTALL.mingw and see what happens? > Will do! > >>> David and myself are trying to debug this over an instant messaging >>> channel. No idea why this broke now and not before. >> Did you perhaps have libgcrypt20-dev installed before, but not now? > Not at all, it's a clean and super minimal ubuntu 14.04 userland. 64mb > as the base. No libgcrypt can be found. > >>> Reproducible builds are interesting :) >> Indeed. Thanks for helping out! > My pleasure! > > ___ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev Whee! cab715f8805a800cef678adc1b46c1aa551e3e14e454a909d8269a0afac05d8c pidgin-otr-4.0.2.exe f93499735b0d2f66091ab4fd1f2de99ff525b69e0bcd623b486d5b755a3cbe59 pidgin-otr-4.0.2.zip The zip isn't correct, I have uploaded it for reference: http://jurrevanbergen.nl/otr/pidgin-otr-4.0.2.zip Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 09:23:20PM +0100, Jurre van Bergen wrote: > Whee! > > cab715f8805a800cef678adc1b46c1aa551e3e14e454a909d8269a0afac05d8c > pidgin-otr-4.0.2.exe > f93499735b0d2f66091ab4fd1f2de99ff525b69e0bcd623b486d5b755a3cbe59 > pidgin-otr-4.0.2.zip > > The zip isn't correct, I have uploaded it for reference: > http://jurrevanbergen.nl/otr/pidgin-otr-4.0.2.zip The zip files are in fact different, but they have identical content (as expected, since the nsis installer is indeed reproducible). And the differences aren't just in the header, either! (Maybe a per-file header?) Can you confirm the zip program you are using is: ii zip3.0-8amd64Archiver for .zip files $ ls -l /usr/bin/zip -rwxr-xr-x 1 root root 188296 Oct 21 2013 /usr/bin/zip $ sha256sum /usr/bin/zip 999c1a1ee93fb610bd86d18533fea233d06eaa52a070f424779a5b9d989fcf48 /usr/bin/zip ? Thanks, - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 09:30 PM, Ian Goldberg wrote: > On Sun, Mar 20, 2016 at 09:23:20PM +0100, Jurre van Bergen wrote: >> Whee! >> >> cab715f8805a800cef678adc1b46c1aa551e3e14e454a909d8269a0afac05d8c >> pidgin-otr-4.0.2.exe >> f93499735b0d2f66091ab4fd1f2de99ff525b69e0bcd623b486d5b755a3cbe59 >> pidgin-otr-4.0.2.zip >> >> The zip isn't correct, I have uploaded it for reference: >> http://jurrevanbergen.nl/otr/pidgin-otr-4.0.2.zip > The zip files are in fact different, but they have identical content (as > expected, since the nsis installer is indeed reproducible). And the > differences aren't just in the header, either! (Maybe a per-file > header?) https://wiki.debian.org/ReproducibleBuilds/TimestampsInZip I think that tells us all we need to know! > > Can you confirm the zip program you are using is: > > ii zip3.0-8amd64Archiver for .zip files > > $ ls -l /usr/bin/zip > -rwxr-xr-x 1 root root 188296 Oct 21 2013 /usr/bin/zip > > $ sha256sum /usr/bin/zip > 999c1a1ee93fb610bd86d18533fea233d06eaa52a070f424779a5b9d989fcf48 /usr/bin/zip > root@861d243e8262:~/pidgin-otr-4.0.2# dpkg --list | grep zip ii bzip2 1.0.6-5 amd64high-quality block-sorting file compressor - utilities ii gzip1.6-3ubuntu1 amd64GNU compression utilities ii unzip 6.0-9ubuntu1.5 amd64De-archiver for .zip files ii zip 3.0-8 amd64Archiver for .zip files root@861d243e8262:~/pidgin-otr-4.0.2# ls -l /usr/bin/zip -rwxr-xr-x 1 root root 188296 Oct 21 2013 /usr/bin/zip root@861d243e8262:~/pidgin-otr-4.0.2# sha256sum /usr/bin/zip 999c1a1ee93fb610bd86d18533fea233d06eaa52a070f424779a5b9d989fcf48 /usr/bin/zip ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 04:30:44PM -0400, Ian Goldberg wrote: > On Sun, Mar 20, 2016 at 09:23:20PM +0100, Jurre van Bergen wrote: > > Whee! > > > > cab715f8805a800cef678adc1b46c1aa551e3e14e454a909d8269a0afac05d8c > > pidgin-otr-4.0.2.exe > > f93499735b0d2f66091ab4fd1f2de99ff525b69e0bcd623b486d5b755a3cbe59 > > pidgin-otr-4.0.2.zip > > > > The zip isn't correct, I have uploaded it for reference: > > http://jurrevanbergen.nl/otr/pidgin-otr-4.0.2.zip > > The zip files are in fact different, but they have identical content (as > expected, since the nsis installer is indeed reproducible). And the > differences aren't just in the header, either! (Maybe a per-file > header?) > > Can you confirm the zip program you are using is: > > ii zip3.0-8amd64Archiver for .zip files > > $ ls -l /usr/bin/zip > -rwxr-xr-x 1 root root 188296 Oct 21 2013 /usr/bin/zip > > $ sha256sum /usr/bin/zip > 999c1a1ee93fb610bd86d18533fea233d06eaa52a070f424779a5b9d989fcf48 /usr/bin/zip It's not the timestamps; I was sure to set those properly. Aha! When I cmp -l them, I get a whole lot of differences like this: 7042774 350 0 7042775 3 0 7042779 350 0 7042780 3 0 When you translate the octal values 0350, 0003 to a 2-byte little-endian decimal number, it's 1000. That is my uid. So it seems zip files store uids? Who knew? *headdesk* "unzip -lv" doesn't show them. So it seems you're building as root, while I was building as uid 1000. Perhaps fakeroot is the answer? But what else is hiding in there that's not visible? Permissions (group writable, etc.) on the files? Anyone here know zip/unzip really well? ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
OK, here we go. "unzip -Zv" for the win. Here's the diff of the output of that for my and your zip files. So there is indeed file permission and uid/gid information in a zip file; the former is easy to fix with chmod, and the latter with fakeroot. There's also a timestamp difference in the "DOS time" due to timezones. Hopefully that can be fixed by simply setting TZ=UTC (the wiki page you pointed to says it should). OK, I'll try to make this zip file deteministic. We'll see whether that happens today or not, though. Thanks, all! - Ian --- /dev/fd/63 2016-03-20 16:45:07.214391423 -0400 +++ /dev/fd/62 2016-03-20 16:45:07.218391423 -0400 @@ -1,4 +1,4 @@ -Archive: pidgin-otr-4.0.2.zip +Archive: pidgin-otr-4.0.2-jurre.zip There is no zipfile comment. End-of-central-directory record: @@ -31,7 +31,7 @@ compression sub-type (deflation): normal file security status: not encrypted extended local header: no - file last modified on (DOS date/time): 2016 Mar 20 11:56:38 + file last modified on (DOS date/time): 2016 Mar 20 15:56:38 file last modified on (UT extra field modtime): 2016 Mar 20 11:56:37 local file last modified on (UT extra field modtime): 2016 Mar 20 15:56:37 UTC 32-bit CRC value (hex): 3426caf9 @@ -68,7 +68,7 @@ compression sub-type (deflation): normal file security status: not encrypted extended local header: no - file last modified on (DOS date/time): 2016 Mar 20 11:56:38 + file last modified on (DOS date/time): 2016 Mar 20 15:56:38 file last modified on (UT extra field modtime): 2016 Mar 20 11:56:37 local file last modified on (UT extra field modtime): 2016 Mar 20 15:56:37 UTC 32-bit CRC value (hex): ca2bb9c7 @@ -105,7 +105,7 @@ compression sub-type (deflation): normal file security status: not encrypted extended local header: no - file last modified on (DOS date/time): 2016 Mar 20 11:56:38 + file last modified on (DOS date/time): 2016 Mar 20 15:56:38 file last modified on (UT extra field modtime): 2016 Mar 20 11:56:37 local file last modified on (UT extra field modtime): 2016 Mar 20 15:56:37 UTC 32-bit CRC value (hex): fdef15a5 @@ -142,7 +142,7 @@ compression sub-type (deflation): normal file security status: not encrypted extended local header: no - file last modified on (DOS date/time): 2016 Mar 20 11:56:38 + file last modified on (DOS date/time): 2016 Mar 20 15:56:38 file last modified on (UT extra field modtime): 2016 Mar 20 11:56:37 local file last modified on (UT extra field modtime): 2016 Mar 20 15:56:37 UTC 32-bit CRC value (hex): 138ff7da @@ -179,7 +179,7 @@ compression sub-type (deflation): normal file security status: not encrypted extended local header: no - file last modified on (DOS date/time): 2016 Mar 20 11:56:38 + file last modified on (DOS date/time): 2016 Mar 20 15:56:38 file last modified on (UT extra field modtime): 2016 Mar 20 11:56:37 local file last modified on (UT extra field modtime): 2016 Mar 20 15:56:37 UTC 32-bit CRC value (hex): de94043e @@ -216,7 +216,7 @@ compression sub-type (deflation): normal file security status: not encrypted extended local header: no - file last modified on (DOS date/time): 2016 Mar 20 11:56:38 + file last modified on (DOS date/time): 2016 Mar 20 15:56:38 file last modified on (UT extra field modtime): 2016 Mar 20 11:56:37 local file last modified on (UT extra field modtime): 2016 Mar 20 15:56:37 UTC 32-bit CRC value (hex): 49a2168c @@ -227,14 +227,14 @@ length of file comment: 0 characters disk number on which file begins: disk 1 apparent file type: binary - Unix file attributes (100664 octal):-rw-rw-r-- + Unix file attributes (100644 octal):-rw-r--r-- MS-DOS file attributes (00 hex):none The central-directory extra field contains: - A subfield with ID 0x5455 (universal time) and 5 data bytes. The local extra field has UTC/GMT modification/access times. - A subfield with ID 0x7875 (Unix UID/GID (any size)) and 11 data bytes: -01 04 e8 03 00 00 04 e8 03 00 00. +01 04 00 00 00 00 04 00 00 00 00. There is no file comment. @@ -253,7 +253,7 @@ compression sub-type (deflation): normal file security status:
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 04:51:59PM -0400, Ian Goldberg wrote: > OK, here we go. "unzip -Zv" for the win. Here's the diff of the output > of that for my and your zip files. So there is indeed file permission > and uid/gid information in a zip file; the former is easy to fix with > chmod, and the latter with fakeroot. There's also a timestamp > difference in the "DOS time" due to timezones. Hopefully that can be > fixed by simply setting TZ=UTC (the wiki page you pointed to says it > should). > > OK, I'll try to make this zip file deteministic. We'll see whether that > happens today or not, though. Ah, I went ahead and made the changes. It's actually better than I thought. We don't need to run zip under faketime if we use the -o option (which sets the timestamp for the archive itself to equal the oldest timestamp of a file in the archive). We also add the -X option, which removes Unix uid/gids and extended timestamps from the zip file entirely. We also use chmod -R u=rwX,go=rX to canonicalize the permissions on the files. I've updated the source tarball in place: https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.tar.gz Unpack it, and just run INSTALL.mingw against a clean Ubuntu 14.04. (It now installs all the packages you suggested.) I'm building it now myself. Let's compare hashes in a few minutes. ;-) Thanks, - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 05:20:08PM -0400, Ian Goldberg wrote: > Ah, I went ahead and made the changes. It's actually better than I > thought. We don't need to run zip under faketime if we use the -o > option (which sets the timestamp for the archive itself to equal the > oldest timestamp of a file in the archive). We also add the -X option, > which removes Unix uid/gids and extended timestamps from the zip file > entirely. We also use chmod -R u=rwX,go=rX to canonicalize the > permissions on the files. > > I've updated the source tarball in place: > > https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.tar.gz > > Unpack it, and just run INSTALL.mingw against a clean Ubuntu 14.04. (It > now installs all the packages you suggested.) > > I'm building it now myself. Let's compare hashes in a few minutes. ;-) OK, built. The above tarball, whose hash is itself: 22c6a6c250ca277e36ffed1ff1bd6d366209664471c80c3c507f8811ba5c28da pidgin-otr-4.0.2-repro.tar.gz generates these files for me: 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 pidgin-otr-4.0.2.exe 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e pidgin-otr-4.0.2.zip How about yoU? - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 10:20 PM, Ian Goldberg wrote: > Unpack it, and just run INSTALL.mingw against a clean Ubuntu 14.04. (It > now installs all the packages you suggested.) > > I'm building it now myself. Let's compare hashes in a few minutes. ;-) I'm running a build. My home connection is super slow so it will take a while. I'll let you know. Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 10:25 PM, Ian Goldberg wrote: > On Sun, Mar 20, 2016 at 05:20:08PM -0400, Ian Goldberg wrote: >> Ah, I went ahead and made the changes. It's actually better than I >> thought. We don't need to run zip under faketime if we use the -o >> option (which sets the timestamp for the archive itself to equal the >> oldest timestamp of a file in the archive). We also add the -X option, >> which removes Unix uid/gids and extended timestamps from the zip file >> entirely. We also use chmod -R u=rwX,go=rX to canonicalize the >> permissions on the files. >> >> I've updated the source tarball in place: >> >> https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.tar.gz >> >> Unpack it, and just run INSTALL.mingw against a clean Ubuntu 14.04. (It >> now installs all the packages you suggested.) >> >> I'm building it now myself. Let's compare hashes in a few minutes. ;-) > OK, built. The above tarball, whose hash is itself: > > 22c6a6c250ca277e36ffed1ff1bd6d366209664471c80c3c507f8811ba5c28da > pidgin-otr-4.0.2-repro.tar.gz > > generates these files for me: > > 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 > pidgin-otr-4.0.2.exe > 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e > pidgin-otr-4.0.2.zip > > How about yoU? > >- Ian > Woohoo! root@5036add14019:~/pidgin-otr-4.0.2# sha256sum pidgin-otr-4.0.2.* 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 pidgin-otr-4.0.2.exe 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e pidgin-otr-4.0.2.zip Seems we got a full matching build! I did the following change: sudo apt-get install mingw32 nsis faketime bison zip unzip tar \ wget diffutils findutils build-essential automake patch \ perl-base coreutils libtool -y sudo apt-get install gettext -y First we install bison so we're sure it can configure gettext and be safe. Yay! :) Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 11:21:39PM +0100, Jurre van Bergen wrote: > > OK, built. The above tarball, whose hash is itself: > > > > 22c6a6c250ca277e36ffed1ff1bd6d366209664471c80c3c507f8811ba5c28da > > pidgin-otr-4.0.2-repro.tar.gz > > > > generates these files for me: > > > > 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 > > pidgin-otr-4.0.2.exe > > 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e > > pidgin-otr-4.0.2.zip > > > > How about yoU? > > > >- Ian > > > > Woohoo! > > root@5036add14019:~/pidgin-otr-4.0.2# sha256sum pidgin-otr-4.0.2.* > > 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 > pidgin-otr-4.0.2.exe > 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e > pidgin-otr-4.0.2.zip > > Seems we got a full matching build! Yay!!! Would anyone else like to try, perhaps on Debian or something? > I did the following change: > > sudo apt-get install mingw32 nsis faketime bison zip unzip tar \ > wget diffutils findutils build-essential automake patch \ > perl-base coreutils libtool -y > > sudo apt-get install gettext -y > > First we install bison so we're sure it can configure gettext and be safe. Do you think that's needed? bison is a compile-time configuration for gettext, not run-time. We need bison to build the Windows version of gettext, not to use the Linux version, I think? But the "-y", sure. :-) Thanks again! - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/20/2016 11:26 PM, Ian Goldberg wrote: > On Sun, Mar 20, 2016 at 11:21:39PM +0100, Jurre van Bergen wrote: >>> OK, built. The above tarball, whose hash is itself: >>> >>> 22c6a6c250ca277e36ffed1ff1bd6d366209664471c80c3c507f8811ba5c28da >>> pidgin-otr-4.0.2-repro.tar.gz >>> >>> generates these files for me: >>> >>> 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 >>> pidgin-otr-4.0.2.exe >>> 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e >>> pidgin-otr-4.0.2.zip >>> >>> How about yoU? >>> >>>- Ian >>> >> Woohoo! >> >> root@5036add14019:~/pidgin-otr-4.0.2# sha256sum pidgin-otr-4.0.2.* >> >> 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 >> pidgin-otr-4.0.2.exe >> 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e >> pidgin-otr-4.0.2.zip >> >> Seems we got a full matching build! > Yay!!! Would anyone else like to try, perhaps on Debian or something? Seems to go wrong here: https://paste.debian.net/hidden/16c109b6/ > >> I did the following change: >> >> sudo apt-get install mingw32 nsis faketime bison zip unzip tar \ >> wget diffutils findutils build-essential automake patch \ >> perl-base coreutils libtool -y >> >> sudo apt-get install gettext -y >> >> First we install bison so we're sure it can configure gettext and be safe. > Do you think that's needed? bison is a compile-time configuration for > gettext, not run-time. We need bison to build the Windows version of > gettext, not to use the Linux version, I think? Doesn't seem necessary indeed! I got a matching build without my modifications. Myth busted! > > But the "-y", sure. :-) :-) Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 20 Mar (17:25:27), Ian Goldberg wrote: > On Sun, Mar 20, 2016 at 05:20:08PM -0400, Ian Goldberg wrote: > > Ah, I went ahead and made the changes. It's actually better than I > > thought. We don't need to run zip under faketime if we use the -o > > option (which sets the timestamp for the archive itself to equal the > > oldest timestamp of a file in the archive). We also add the -X option, > > which removes Unix uid/gids and extended timestamps from the zip file > > entirely. We also use chmod -R u=rwX,go=rX to canonicalize the > > permissions on the files. > > > > I've updated the source tarball in place: > > > > https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.tar.gz > > > > Unpack it, and just run INSTALL.mingw against a clean Ubuntu 14.04. (It > > now installs all the packages you suggested.) > > > > I'm building it now myself. Let's compare hashes in a few minutes. ;-) > > OK, built. The above tarball, whose hash is itself: > > 22c6a6c250ca277e36ffed1ff1bd6d366209664471c80c3c507f8811ba5c28da > pidgin-otr-4.0.2-repro.tar.gz > > generates these files for me: > > 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 > pidgin-otr-4.0.2.exe > 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e > pidgin-otr-4.0.2.zip Success for me :) 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 pidgin-otr-4.0.2.exe 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e pidgin-otr-4.0.2.zip Cheers! David > > How about yoU? > >- Ian > ___ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev signature.asc Description: PGP signature ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
Ian Goldberg: > On Sun, Mar 20, 2016 at 05:20:08PM -0400, Ian Goldberg wrote: >> Ah, I went ahead and made the changes. It's actually better than I >> thought. We don't need to run zip under faketime if we use the -o >> option (which sets the timestamp for the archive itself to equal the >> oldest timestamp of a file in the archive). We also add the -X option, >> which removes Unix uid/gids and extended timestamps from the zip file >> entirely. We also use chmod -R u=rwX,go=rX to canonicalize the >> permissions on the files. >> >> I've updated the source tarball in place: >> >> https://cs.uwaterloo.ca/~iang/pidgin-otr-4.0.2-repro.tar.gz >> >> Unpack it, and just run INSTALL.mingw against a clean Ubuntu 14.04. (It >> now installs all the packages you suggested.) >> >> I'm building it now myself. Let's compare hashes in a few minutes. ;-) > > OK, built. The above tarball, whose hash is itself: > > 22c6a6c250ca277e36ffed1ff1bd6d366209664471c80c3c507f8811ba5c28da > pidgin-otr-4.0.2-repro.tar.gz > > generates these files for me: > > 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 > pidgin-otr-4.0.2.exe > 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e > pidgin-otr-4.0.2.zip > > How about yoU? I can reproduce this in an Ubuntu Trusty chroot (/proc and /dev/shm need to be mounted). I tested (most) of the variations from [0]. I found only one problem: In Makefile.mingw:148 it should be LC_ALL=C instead of LANG=C else the locale settings can change the sort order of the files in the zip. > [...] > This means it can't find /usr/i586-mingw32msvc/share/aclocal/libgcrypt.m4. > Aha: it's probably looking for the *native* one and failing. > > But that said, we shouldn't actually have to run autoreconf (or > bootstrap) at all. Can you try just removing "./bootstrap" from > INSTALL.mingw and see what happens? Another option is to set ACLOCAL_PATH: export ACLOCAL_PATH=/usr/i586-mingw32msvc/share/aclocal HW42 [0]: https://tests.reproducible-builds.org/reproducible.html#variation signature.asc Description: OpenPGP digital signature ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
Works for me on Kali Rolling 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 pidgin-otr-4.0.2.exe 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e pidgin-otr-4.0.2.zip Warmly, John Menerick https://securesql.info > On Mar 20, 2016, at 3:26 PM, Ian Goldberg wrote: > > On Sun, Mar 20, 2016 at 11:21:39PM +0100, Jurre van Bergen wrote: >>> OK, built. The above tarball, whose hash is itself: >>> >>> 22c6a6c250ca277e36ffed1ff1bd6d366209664471c80c3c507f8811ba5c28da >>> pidgin-otr-4.0.2-repro.tar.gz >>> >>> generates these files for me: >>> >>> 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 >>> pidgin-otr-4.0.2.exe >>> 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e >>> pidgin-otr-4.0.2.zip >>> >>> How about yoU? >>> >>> - Ian >> >> Woohoo! >> >> root@5036add14019:~/pidgin-otr-4.0.2# sha256sum pidgin-otr-4.0.2.* >> >> 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 >> pidgin-otr-4.0.2.exe >> 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e >> pidgin-otr-4.0.2.zip >> >> Seems we got a full matching build! > > Yay!!! Would anyone else like to try, perhaps on Debian or something? > >> I did the following change: >> >> sudo apt-get install mingw32 nsis faketime bison zip unzip tar \ >>wget diffutils findutils build-essential automake patch \ >>perl-base coreutils libtool -y >> >> sudo apt-get install gettext -y >> >> First we install bison so we're sure it can configure gettext and be safe. > > Do you think that's needed? bison is a compile-time configuration for > gettext, not run-time. We need bison to build the Windows version of > gettext, not to use the Linux version, I think? > > But the "-y", sure. :-) > > Thanks again! > > - Ian > ___ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Mon, Mar 21, 2016 at 12:07:02AM +0100, Jurre van Bergen wrote: > > Yay!!! Would anyone else like to try, perhaps on Debian or something? > > Seems to go wrong here: https://paste.debian.net/hidden/16c109b6/ Hmm. I could easily believe the output would be different on a different distro (different versions of various packages, etc.), but that it totally failed to build is a little odder. Does Debian use a different path from /usr/i586-mingw32msvc/ for its mingw32 stuff, perchance? If we want the Windows binary to build on Debian, some Debian-using person will likely need to debug this. ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Mon, Mar 21, 2016 at 03:44:48AM +0100, HW42 wrote: > > OK, built. The above tarball, whose hash is itself: > > > > 22c6a6c250ca277e36ffed1ff1bd6d366209664471c80c3c507f8811ba5c28da > > pidgin-otr-4.0.2-repro.tar.gz > > > > generates these files for me: > > > > 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 > > pidgin-otr-4.0.2.exe > > 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e > > pidgin-otr-4.0.2.zip > > > > How about yoU? > > I can reproduce this in an Ubuntu Trusty chroot (/proc and /dev/shm need > to be mounted). > > I tested (most) of the variations from [0]. I found only one problem: > In Makefile.mingw:148 it should be LC_ALL=C instead of LANG=C else the > locale settings can change the sort order of the files in the zip. Ah, good catch, thanks! Pushed to git. > > This means it can't find /usr/i586-mingw32msvc/share/aclocal/libgcrypt.m4. > > Aha: it's probably looking for the *native* one and failing. > > > > But that said, we shouldn't actually have to run autoreconf (or > > bootstrap) at all. Can you try just removing "./bootstrap" from > > INSTALL.mingw and see what happens? > > Another option is to set ACLOCAL_PATH: > > export ACLOCAL_PATH=/usr/i586-mingw32msvc/share/aclocal Yes, but we really don't want to be re-autoconfing, anyway. Thanks, - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Sun, Mar 20, 2016 at 09:28:43PM -0700, John Menerick wrote: > Works for me on Kali Rolling > > 19f315c8317105a89d5b6fde6c2caa63ffa2e150df5fb0d67ee20ac985b0b191 > pidgin-otr-4.0.2.exe > > 7e9dc2175591d7aabc9f96e737817fa917f3e4441b62727bb9730e516c47822e > pidgin-otr-4.0.2.zip > > > Warmly, > > John Menerick > https://securesql.info Wow; I didn't really expect it to work on a totally different distro. Very cool! This weekend is the first time that I know of that anyone other than me and my former student Rob has ever even *tried to build* the Windows binary. And it's reproducible from the tarball, w00t! :-) So now that we can reproduce from the tarball, we should try to make the tarball itself reproducible from git. This is better than just making the binary reproducile directly from git, since (a) we do distribute the tarball, and we want people to be able to check that the tarball we distribute does not have anything snuck in there that doesn't come from git, and (b) the pidgin-otr Windows binary build process just downloads the libotr source tarball (it does not try to access the libotr git), so the libotr tarball should itself be a reproducible build from its git. So who knows how to make a reproducible tarball? We'd need to normalize: - The order of the files (I think make dist already does this, though) - The timestamps (--mtime), owners (--owner, --group), permissions (I guess we could chmod the files first, or some combination of --no-same-permissions and umask?) of the files - Anything else? And getting autoconf to get the "make dist" target actually *do* that might take some examining, but worst case, we can override $TAR or $am__tar, I suppose. Thanks again, all. Welcome to spring! [He says as there's a light dusting of snow on the ground after a couple of weeks in the plus-teens-Celcius range.] - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/21/2016 01:49 PM, Ian Goldberg wrote: > On Mon, Mar 21, 2016 at 12:07:02AM +0100, Jurre van Bergen wrote: >>> Yay!!! Would anyone else like to try, perhaps on Debian or something? >> Seems to go wrong here: https://paste.debian.net/hidden/16c109b6/ > Hmm. I could easily believe the output would be different on a > different distro (different versions of various packages, etc.), but > that it totally failed to build is a little odder. Does Debian use a > different path from /usr/i586-mingw32msvc/ for its mingw32 stuff, > perchance? Plausible. > If we want the Windows binary to build on Debian, some Debian-using > person will likely need to debug this. I'll investigate as a Debian using person :) Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Mon, Mar 21, 2016 at 09:09:40AM -0400, Ian Goldberg wrote: > So who knows how to make a reproducible tarball? We'd need to > normalize: > - The order of the files (I think make dist already does this, though) > - The timestamps (--mtime), owners (--owner, --group), permissions (I > guess we could chmod the files first, or some combination of > --no-same-permissions and umask?) of the files > - Anything else? > > And getting autoconf to get the "make dist" target actually *do* that > might take some examining, but worst case, we can override $TAR or > $am__tar, I suppose. OK, here's the scoop. As with most people, my knowledge of automake/autoconf is basically "find another project that does what I want and copy that". Unfortunately, I couldn't easily find another project successfully doing reproducible tarballs from "make dist". So what I came up with may not be The Right Way To Do It. Please, if anyone here can make this better, speak up! I'm particularly squeamish about overriding am__tar in configure.ac, since things with double underscores sound to me like "private! internal! don't look here!". The commit is here: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/af8542f5ef26b3cc41245846a22537bd97c634fe/diff If other people want to see if they get the same .tar.gz as I do: git clone git://git.otr.im/pidgin_otr cd pidgin_otr/ git checkout devel intltoolize --force --copy autoreconf -s -i ./configure make dist sha256sum pidgin-otr-4.0.2.tar.gz I get: b7eba26b65e30adb238813c2d45e4188075c2bfa44d4a7490a6fa4ac5033239d pidgin-otr-4.0.2.tar.gz and then, why not: tar xzvvf pidgin-otr-4.0.2.tar.gz cd pidgin-otr-4.0.2 bash -x INSTALL.mingw sha256sum pidgin-otr-4.0.2.* I get: 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 pidgin-otr-4.0.2.exe ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea pidgin-otr-4.0.2.zip *** NOTE: in order to run "./configure" as a precursor to "make dist" for pidgin-otr, you will have to have pidgin-otr's _native_ dependencies installed, including the dev versions of libotr (or an installation from source/git), libgpg-error, libgcrypt, glib, gtk+, and pidgin. Is there a way around this, if all you want to do is "make dist" and not actually build the package? The sha256 checksums for the .exe and .zip files are different from yesterday, since the changes to the pidgin-otr source caused the source timestamp (*not* a build timestamp!) to change, and the source timestamp appears in the binaries. Anyone want to give this a shot? Thanks, - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
Could I get someone to try this out? Thanks, - Ian On Mon, Mar 21, 2016 at 05:32:55PM -0400, Ian Goldberg wrote: > On Mon, Mar 21, 2016 at 09:09:40AM -0400, Ian Goldberg wrote: > > So who knows how to make a reproducible tarball? We'd need to > > normalize: > > - The order of the files (I think make dist already does this, though) > > - The timestamps (--mtime), owners (--owner, --group), permissions (I > > guess we could chmod the files first, or some combination of > > --no-same-permissions and umask?) of the files > > - Anything else? > > > > And getting autoconf to get the "make dist" target actually *do* that > > might take some examining, but worst case, we can override $TAR or > > $am__tar, I suppose. > > OK, here's the scoop. As with most people, my knowledge of > automake/autoconf is basically "find another project that does what I > want and copy that". Unfortunately, I couldn't easily find another > project successfully doing reproducible tarballs from "make dist". > So what I came up with may not be The Right Way To Do It. Please, if > anyone here can make this better, speak up! I'm particularly squeamish > about overriding am__tar in configure.ac, since things with double > underscores sound to me like "private! internal! don't look here!". > > The commit is here: > > https://bugs.otr.im/projects/pidgin-otr/repository/revisions/af8542f5ef26b3cc41245846a22537bd97c634fe/diff > > If other people want to see if they get the same .tar.gz as I do: > > git clone git://git.otr.im/pidgin_otr > cd pidgin_otr/ > git checkout devel > intltoolize --force --copy > autoreconf -s -i > ./configure > make dist > sha256sum pidgin-otr-4.0.2.tar.gz > > I get: > > b7eba26b65e30adb238813c2d45e4188075c2bfa44d4a7490a6fa4ac5033239d > pidgin-otr-4.0.2.tar.gz > > and then, why not: > > tar xzvvf pidgin-otr-4.0.2.tar.gz > cd pidgin-otr-4.0.2 > bash -x INSTALL.mingw > sha256sum pidgin-otr-4.0.2.* > > I get: > > 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 > pidgin-otr-4.0.2.exe > ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea > pidgin-otr-4.0.2.zip > > > *** NOTE: in order to run "./configure" as a precursor to "make dist" > for pidgin-otr, you will have to have pidgin-otr's _native_ dependencies > installed, including the dev versions of libotr (or an installation > from source/git), libgpg-error, libgcrypt, glib, gtk+, and pidgin. Is > there a way around this, if all you want to do is "make dist" and not > actually build the package? > > The sha256 checksums for the .exe and .zip files are different from > yesterday, since the changes to the pidgin-otr source caused the source > timestamp (*not* a build timestamp!) to change, and the source timestamp > appears in the binaries. > > Anyone want to give this a shot? > > Thanks, > >- Ian > ___ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/24/2016 01:02 PM, Ian Goldberg wrote: > Could I get someone to try this out? > > Thanks, > >- Ian Probably this easter weekend i'll work on this! Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 03/24/2016 01:02 PM, Ian Goldberg wrote: > Could I get someone to try this out? > > Thanks, > >- Ian > > On Mon, Mar 21, 2016 at 05:32:55PM -0400, Ian Goldberg wrote: >> On Mon, Mar 21, 2016 at 09:09:40AM -0400, Ian Goldberg wrote: >>> So who knows how to make a reproducible tarball? We'd need to >>> normalize: >>> - The order of the files (I think make dist already does this, though) >>> - The timestamps (--mtime), owners (--owner, --group), permissions (I >>> guess we could chmod the files first, or some combination of >>> --no-same-permissions and umask?) of the files >>> - Anything else? >>> >>> And getting autoconf to get the "make dist" target actually *do* that >>> might take some examining, but worst case, we can override $TAR or >>> $am__tar, I suppose. >> OK, here's the scoop. As with most people, my knowledge of >> automake/autoconf is basically "find another project that does what I >> want and copy that". Unfortunately, I couldn't easily find another >> project successfully doing reproducible tarballs from "make dist". >> So what I came up with may not be The Right Way To Do It. Please, if >> anyone here can make this better, speak up! I'm particularly squeamish >> about overriding am__tar in configure.ac, since things with double >> underscores sound to me like "private! internal! don't look here!". >> >> The commit is here: >> >> https://bugs.otr.im/projects/pidgin-otr/repository/revisions/af8542f5ef26b3cc41245846a22537bd97c634fe/diff >> >> If other people want to see if they get the same .tar.gz as I do: >> >> git clone git://git.otr.im/pidgin_otr >> cd pidgin_otr/ >> git checkout devel >> intltoolize --force --copy >> autoreconf -s -i >> ./configure >> make dist >> sha256sum pidgin-otr-4.0.2.tar.gz >> >> I get: >> >> b7eba26b65e30adb238813c2d45e4188075c2bfa44d4a7490a6fa4ac5033239d >> pidgin-otr-4.0.2.tar.gz Wheee! Success! root@918bc0b631ee:/pidgin_otr# sha256sum pidgin-otr-4.0.2.tar.gz b7eba26b65e30adb238813c2d45e4188075c2bfa44d4a7490a6fa4ac5033239d pidgin-otr-4.0.2.tar.gz >> >> and then, why not: >> >> tar xzvvf pidgin-otr-4.0.2.tar.gz >> cd pidgin-otr-4.0.2 >> bash -x INSTALL.mingw >> sha256sum pidgin-otr-4.0.2.* >> >> I get: >> >> 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 >> pidgin-otr-4.0.2.exe >> ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea >> pidgin-otr-4.0.2.zip Again, success! root@918bc0b631ee:/pidgin_otr/pidgin-otr-4.0.2# sha256sum pidgin-otr-4.0.2.* 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 pidgin-otr-4.0.2.exe ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea pidgin-otr-4.0.2.zip >> >> >> *** NOTE: in order to run "./configure" as a precursor to "make dist" >> for pidgin-otr, you will have to have pidgin-otr's _native_ dependencies >> installed, including the dev versions of libotr (or an installation >> from source/git), libgpg-error, libgcrypt, glib, gtk+, and pidgin. Is >> there a way around this, if all you want to do is "make dist" and not >> actually build the package? I'm not the right person to answer this question.. Best, Jurre ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Thu, Mar 24, 2016 at 10:54:46PM +0100, Jurre van Bergen wrote: > >> I get: > >> > >> b7eba26b65e30adb238813c2d45e4188075c2bfa44d4a7490a6fa4ac5033239d > >> pidgin-otr-4.0.2.tar.gz > Wheee! Success! > > root@918bc0b631ee:/pidgin_otr# sha256sum pidgin-otr-4.0.2.tar.gz > b7eba26b65e30adb238813c2d45e4188075c2bfa44d4a7490a6fa4ac5033239d > pidgin-otr-4.0.2.tar.gz > > >> > >> and then, why not: > >> > >> tar xzvvf pidgin-otr-4.0.2.tar.gz > >> cd pidgin-otr-4.0.2 > >> bash -x INSTALL.mingw > >> sha256sum pidgin-otr-4.0.2.* > >> > >> I get: > >> > >> 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 > >> pidgin-otr-4.0.2.exe > >> ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea > >> pidgin-otr-4.0.2.zip > > > Again, success! > > root@918bc0b631ee:/pidgin_otr/pidgin-otr-4.0.2# sha256sum pidgin-otr-4.0.2.* > 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 > pidgin-otr-4.0.2.exe > ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea > pidgin-otr-4.0.2.zip Awesome! Can we try it for libotr as well? git clone git://git.otr.im/libotr cd libotr git checkout devel ./bootstrap ./configure make dist sha256sum libotr-4.1.1.tar.gz I get: 2bfdb9c1e50e86d546084267694130e251b18d08bda5e64940059f317900a827 libotr-4.1.1.tar.gz Thanks, - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 25 Mar (08:44:28), Ian Goldberg wrote: > On Thu, Mar 24, 2016 at 10:54:46PM +0100, Jurre van Bergen wrote: > > >> I get: > > >> > > >> b7eba26b65e30adb238813c2d45e4188075c2bfa44d4a7490a6fa4ac5033239d > > >> pidgin-otr-4.0.2.tar.gz > > Wheee! Success! > > > > root@918bc0b631ee:/pidgin_otr# sha256sum pidgin-otr-4.0.2.tar.gz > > b7eba26b65e30adb238813c2d45e4188075c2bfa44d4a7490a6fa4ac5033239d > > pidgin-otr-4.0.2.tar.gz > > > > >> > > >> and then, why not: > > >> > > >> tar xzvvf pidgin-otr-4.0.2.tar.gz > > >> cd pidgin-otr-4.0.2 > > >> bash -x INSTALL.mingw > > >> sha256sum pidgin-otr-4.0.2.* > > >> > > >> I get: > > >> > > >> 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 > > >> pidgin-otr-4.0.2.exe > > >> ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea > > >> pidgin-otr-4.0.2.zip > > > > > > Again, success! > > > > root@918bc0b631ee:/pidgin_otr/pidgin-otr-4.0.2# sha256sum pidgin-otr-4.0.2.* > > 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 > > pidgin-otr-4.0.2.exe > > ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea > > pidgin-otr-4.0.2.zip > > Awesome! Can we try it for libotr as well? > > git clone git://git.otr.im/libotr > cd libotr > git checkout devel > ./bootstrap > ./configure > make dist > sha256sum libotr-4.1.1.tar.gz > > I get: > > 2bfdb9c1e50e86d546084267694130e251b18d08bda5e64940059f317900a827 > libotr-4.1.1.tar.gz ec8b75f9f7b21675789c9a2eee83a13ec3d82b04b820fdb9f462deee07efb41b libotr-4.1.1.tar.gz It's very possible the libgcrypt version makes a difference here. What is the package version you are using? David > > Thanks, > >- Ian > ___ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev signature.asc Description: PGP signature ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On Fri, Mar 25, 2016 at 09:18:38AM -0400, David Goulet wrote: > > > root@918bc0b631ee:/pidgin_otr/pidgin-otr-4.0.2# sha256sum > > > pidgin-otr-4.0.2.* > > > 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 > > > pidgin-otr-4.0.2.exe > > > ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea > > > pidgin-otr-4.0.2.zip > > > > Awesome! Can we try it for libotr as well? > > > > git clone git://git.otr.im/libotr > > cd libotr > > git checkout devel > > ./bootstrap > > ./configure > > make dist > > sha256sum libotr-4.1.1.tar.gz > > > > I get: > > > > 2bfdb9c1e50e86d546084267694130e251b18d08bda5e64940059f317900a827 > > libotr-4.1.1.tar.gz > > ec8b75f9f7b21675789c9a2eee83a13ec3d82b04b820fdb9f462deee07efb41b > libotr-4.1.1.tar.gz > > It's very possible the libgcrypt version makes a difference here. What is the > package version you are using? libgcrypt11-dev 1.5.3-2ubuntu4.3 (i.e. current Ubuntu 14.04; the versions of autoconf, automake, etc. will also been important) ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 25 Mar (09:22:02), Ian Goldberg wrote: > On Fri, Mar 25, 2016 at 09:18:38AM -0400, David Goulet wrote: > > > > root@918bc0b631ee:/pidgin_otr/pidgin-otr-4.0.2# sha256sum > > > > pidgin-otr-4.0.2.* > > > > 9f7839c97f301c3a36bae5d1a801668ab90c4545bcc9b5b16397f2c44c3339f1 > > > > pidgin-otr-4.0.2.exe > > > > ca1d89cdf3c7496450252ce5945864b872a582f022af51d4928bf0cd07d367ea > > > > pidgin-otr-4.0.2.zip > > > > > > Awesome! Can we try it for libotr as well? > > > > > > git clone git://git.otr.im/libotr > > > cd libotr > > > git checkout devel > > > ./bootstrap > > > ./configure > > > make dist > > > sha256sum libotr-4.1.1.tar.gz > > > > > > I get: > > > > > > 2bfdb9c1e50e86d546084267694130e251b18d08bda5e64940059f317900a827 > > > libotr-4.1.1.tar.gz 2bfdb9c1e50e86d546084267694130e251b18d08bda5e64940059f317900a827 libotr-4.1.1.tar.gz :) > > > > ec8b75f9f7b21675789c9a2eee83a13ec3d82b04b820fdb9f462deee07efb41b > > libotr-4.1.1.tar.gz > > > > It's very possible the libgcrypt version makes a difference here. What is > > the > > package version you are using? > > libgcrypt11-dev 1.5.3-2ubuntu4.3 > > (i.e. current Ubuntu 14.04; the versions of autoconf, automake, etc. > will also been important) Indeed, that was my mistake. Thanks! David > ___ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev signature.asc Description: PGP signature ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
OK, there was a weird issue with reproducible builds of the tarball for libotr. It turns out (at least with the current Ubuntu 14.04 version of automake) that the first time you run autoreconf, which itself runs automake, automake does not find config/depcomp (since it does not yet exist), and so does not list config/depcomp in the resulting Makefile.in. (Which is weird, because it lists other files in config/ that it just created, but not depcomp.) Running autoreconf *again* causes config/depcomp to become correctly listed in Makefile.in. So I committed a change to the ./bootstrap program to run autoreconf, then grep -q config/depcomp Makefile.in, then run it again if the grep failed. Now "make dist" will produce identical output, whether you run it from a fresh clone or a directory you've used before. And if you untar the "make dist" output tarball, and "./configure; make dist", or even "./bootstrap; ./configure; make dist", you get the byte-for-byte identical tarball to the one you started with. At least I do. With the current commit (libotr devel branch commit 0774db331766), I get (on Ubuntu 14.04): f54fc56b979f10a5ea7861975bec13110951d0508d7625dfb40b326bb1142b68 libotr-4.1.1.tar.gz - Ian ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
Re: [OTR-dev] Reproducible builds of pidgin-otr for Windows
On 28 Mar (18:52:37), Ian Goldberg wrote: > OK, there was a weird issue with reproducible builds of the tarball for > libotr. > > It turns out (at least with the current Ubuntu 14.04 version of > automake) that the first time you run autoreconf, which itself runs > automake, automake does not find config/depcomp (since it does not yet > exist), and so does not list config/depcomp in the resulting > Makefile.in. (Which is weird, because it lists other files in config/ > that it just created, but not depcomp.) Running autoreconf *again* > causes config/depcomp to become correctly listed in Makefile.in. > > So I committed a change to the ./bootstrap program to run autoreconf, > then grep -q config/depcomp Makefile.in, then run it again if the grep > failed. > > Now "make dist" will produce identical output, whether you run it from a > fresh clone or a directory you've used before. And if you untar the > "make dist" output tarball, and "./configure; make dist", or even > "./bootstrap; ./configure; make dist", you get the byte-for-byte > identical tarball to the one you started with. > > At least I do. > > With the current commit (libotr devel branch commit 0774db331766), I > get (on Ubuntu 14.04): > > f54fc56b979f10a5ea7861975bec13110951d0508d7625dfb40b326bb1142b68 > libotr-4.1.1.tar.gz Woot! :) f54fc56b979f10a5ea7861975bec13110951d0508d7625dfb40b326bb1142b68 libotr-4.1.1.tar.gz Good job! Thanks! David > >- Ian > ___ > OTR-dev mailing list > OTR-dev@lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev signature.asc Description: PGP signature ___ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev