Your message dated Mon, 18 Jun 2018 21:18:57 +0000
with message-id <e1fv1y9-0004rj...@fasolo.debian.org>
and subject line Bug#819726: fixed in ckbuilder 2.3.2+dfsg-2
has caused the Debian Bug report #819726,
regarding ckbuilder: please use SOURCE_DATE_EPOCH for copyright notices and
build timestamp
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
819726: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819726
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ckbuilder
Version: 2.3.0+dfsg-2
Severity: normal
User: reproducible-bui...@lists.alioth.debian.org
Usertags: toolchain timestamps
Hi,
While working on the “reproducible builds” effort [1], we have noticed
that ckbuilder embeds the build time in two places: copyrigh headers on the
built javascript files, and a ".options.timestamp" field in the generated code
itself. This behaviour make packages generated by ckbuilder (ie: ckeditor)
unreproducible.
The attached patch fixes this behaviour honoring the SOURCE_DATE_EPOCH [2]
environment variable.
[1] https://wiki.debian.org/ReproducibleBuilds
[2] https://reproducible-builds.org/specs/source-date-epoch/
diff --git debian/changelog debian/changelog
index 98e47d0..4f53bb9 100644
--- debian/changelog
+++ debian/changelog
@@ -1,3 +1,9 @@
+ckbuilder (2.3.0+dfsg-2.0~reproducible1) UNRELEASED; urgency=medium
+
+ * FIX timestamps in copyright notices
+
+ -- boyska <piutto...@logorroici.org> Mon, 28 Mar 2016 21:23:15 -0400
+
ckbuilder (2.3.0+dfsg-2) unstable; urgency=medium
* Depends += "libprotobuf-java".
diff --git debian/patches/now-respects-source-date-epoch.patch debian/patches/now-respects-source-date-epoch.patch
new file mode 100644
index 0000000..6a84658
--- /dev/null
+++ debian/patches/now-respects-source-date-epoch.patch
@@ -0,0 +1,63 @@
+Description: respect SOURCE_DATE_EPOCH spec
+ ckbuilder puts a buildtime timestamp both in comments and in other part of
+ generated js. This patch make it observe SOURCE_DATE_EPOCH, so to allow for
+ reproducible builds
+ See https://reproducible-builds.org/specs/source-date-epoch/
+ .
+ ckbuilder (2.3.0+dfsg-2.0~reproducible1) UNRELEASED; urgency=medium
+ .
+ * FIX timestamps in copyright notices
+Author: boyska <piutto...@logorroici.org>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- a/src/ckbuilder.js
++++ b/src/ckbuilder.js
+@@ -35,7 +35,11 @@
+ } catch ( e ) {
+ isMinified = false;
+ }
+- var now = new Date();
++ if(System.env.get('SOURCE_DATE_EPOCH') !== null) {
++ var now = new Date(parseInt(System.getenv("SOURCE_DATE_EPOCH"), 10) * 1000);
++ } else {
++ var now = new Date();
++ }
+ var timestamp = Integer.toString( now.getUTCFullYear() % 1000, 36 ) + Integer.toString( now.getUTCMonth(), 36 ) + Integer.toString( now.getUTCDate(), 36 ) + Integer.toString( now.getUTCHours(), 36 );
+ timestamp = timestamp.toUpperCase();
+
+--- a/src/lib/utils.js
++++ b/src/lib/utils.js
+@@ -30,8 +30,12 @@
+ * @static
+ */
+ copyright: function( eol ) {
+- var copyright,
+- date = new Date();
++ var copyright;
++ if(System.env.get('SOURCE_DATE_EPOCH') !== null) {
++ var date = new Date(parseInt(System.getenv("SOURCE_DATE_EPOCH"), 10) * 1000);
++ } else {
++ var date = new Date();
++ }
+
+ if ( CKBuilder.options.commercial )
+ copyright = "/*" + eol + "This software is covered by CKEditor Commercial License. Usage without proper license is prohibited." + eol + "Copyright (c) 2003-" + date.getFullYear() + ", CKSource - Frederico Knabben. All rights reserved." + eol + "*/" + eol;
+@@ -221,4 +225,4 @@
+ return result;
+ }
+ };
+-}() );
+\ No newline at end of file
++}() );
diff --git debian/patches/series debian/patches/series
index 11053e4..549e272 100644
--- debian/patches/series
+++ debian/patches/series
@@ -1,3 +1,4 @@
make.patch
notar.patch
unmerge.patch
+now-respects-source-date-epoch.patch
--- End Message ---
--- Begin Message ---
Source: ckbuilder
Source-Version: 2.3.2+dfsg-2
We believe that the bug you reported is fixed in the latest version of
ckbuilder, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 819...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated ckbuilder package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Jun 2018 22:47:06 +0200
Source: ckbuilder
Binary: ckbuilder
Architecture: source
Version: 2.3.2+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Description:
ckbuilder - command line builder for CKEditor
Closes: 819726
Changes:
ckbuilder (2.3.2+dfsg-2) unstable; urgency=medium
.
* Bug fix: "please use SOURCE_DATE_EPOCH for copyright notices and build
timestamp", thanks to boyska (Closes: #819726).
Checksums-Sha1:
5374046c677895e7c4c75faebe3d352d66b09a71 2120 ckbuilder_2.3.2+dfsg-2.dsc
9cd69d26c85eef26e41129f76db12b64d8f4be0a 6736
ckbuilder_2.3.2+dfsg-2.debian.tar.xz
adde3c58fe24919faceee8b66b729a623f79736b 11972
ckbuilder_2.3.2+dfsg-2_source.buildinfo
Checksums-Sha256:
18d3518fc30ce4f528ea8e27753df62b5a9ba5b5b53ee03ea85d1ea23f167123 2120
ckbuilder_2.3.2+dfsg-2.dsc
2da5859b36c500f8cf52fab1b948927ba445f308aaab4e36db6af4df7bb2a082 6736
ckbuilder_2.3.2+dfsg-2.debian.tar.xz
9c2557aa34602a1db4b97a4c9411f8620a3e357c0c7c2acf85446f613461a747 11972
ckbuilder_2.3.2+dfsg-2_source.buildinfo
Files:
ddade1389dd7c2a7a560c54803501d27 2120 devel optional ckbuilder_2.3.2+dfsg-2.dsc
76b2b079eb02cbed33d093817c157061 6736 devel optional
ckbuilder_2.3.2+dfsg-2.debian.tar.xz
40506fe455c90bb4ab843ebbf800bb56 11972 devel optional
ckbuilder_2.3.2+dfsg-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAlsoHQoACgkQADoaLapB
CF8y1A//TLat4BhYpu0th1UOvwOmHX4+g8+UNyTrmYYQksYg4Yc8ouWkcOrlFYGr
hnud1Lce1H6RNCIo8drc+huP0ZWi6Rbr73c7WgsVy3LUBEIcfShImfa0psy/q+rO
bZAkxrLMtJygZi3SoxNb4J3Y3ZLzzqYHr4Q4YXSL0YzSYfSy7JDRA4GDCtpVTd7X
TJXWnawmDc8mL9rA3VLExSO51JOO2DmIXQiHX2F5DY2JGoGuWNg1ti9cw508Q9aT
9fI9T/2PSrAID12AMJYh0nydEDh7ZAAcSml9ch9ZMProjOAD4eqWrOs3JECKO+tn
+jb8vFFUoQB/OddZx2Fyw8PyHbphB4SsI8V+vQWNOvM+Z7S3HvtHF3d/pdfSoaES
uCaoEAT8pMDLZxjZYtXvNoSqJvdxx+4BI4BoaMQAAZblMJpWb2HrfXGz6tRfEgSU
UtTsmTwKqrGajTaqaIgklly0lxDeOensyQMpIDWZknAjy6XvXmh7jFAcuhOD0a8N
6VbwkPOihgU5qzZ28enJMnhyrEHHWHM1BKa5zPcomkCrKLXjiEn8/VcFDSqxTwvg
RIWQS2L0dqlTBDKADhVKDn3Yh5RjKT5XOdgDuFMDULylB10J0DYW77PWmpR+88JU
8z9/10aW8eTvkS7Eniaj5VgYPckr5G86VXZp8MVEiI5m/79tvLs=
=oALy
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
