[Reproducible-builds] Bug#807829: 4ti2: please make the build reproducible

[Reiner Herrmann]

Source: 4ti2
Version: 1.6.7+ds-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps locale
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Hi!

While working on the "reproducible builds" effort [1], we have noticed
that 4ti2 could not be built reproducibly.
It embeds a locale- and timezone-dependent timestamp into the
documentation.

The attached patch fixes this by using the C locale and UTC for
generating the timestamp.

Regards,
 Reiner

[1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/patches/reproducible-build.patch b/debian/patches/reproducible-build.patch
new file mode 100644
index 000..fbf79fe
--- /dev/null
+++ b/debian/patches/reproducible-build.patch
@@ -0,0 +1,11 @@
+--- a/doc/Makefile.am
 b/doc/Makefile.am
+@@ -2,7 +2,7 @@
+ export BIBINPUTS = $(abs_top_srcdir)/doc
+ export BSTINPUTS = $(abs_top_srcdir)/doc
+ 
+-DEB_PKG_DATE_LTXD = $(shell date -d "$(DEB_PKG_DATE)" +"%B %d, %Y")
++DEB_PKG_DATE_LTXD = $(shell LC_ALL=C date -u -d "$(DEB_PKG_DATE)" +"%B %d, %Y")
+ 
+ BIBTEX = bibtex
+ PDFLATEX = pdflatex
diff --git a/debian/patches/series b/debian/patches/series
index 31b77dd..035c63d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ debianization.patch
 debianization-prefix.patch
 debianization-documentation.patch
 debianization-documentation-prefix.patch
+reproducible-build.patch
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

[Reproducible-builds] Bug#807838: graphite2: please make the build reproducible

[Reiner Herrmann]

Source: graphite2
Version: 1.3.4-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: randomness
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Hi!

While working on the "reproducible builds" effort [1], we have noticed
that graphite2 could not be built reproducibly.
It is generating pdf documentation by calling asciidoc, which uses
dblatex to generate the file.
By default, dblatex builds the documentation in a random path (which
will then be used to generate the PDF ID).

The attached patch fixes this by telling dblatex to use a static path.

Regards,
 Reiner

[1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/patches/reproducible-build.diff b/debian/patches/reproducible-build.diff
new file mode 100644
index 000..3b83c70
--- /dev/null
+++ b/debian/patches/reproducible-build.diff
@@ -0,0 +1,11 @@
+--- a/doc/CMakeLists.txt
 b/doc/CMakeLists.txt
+@@ -12,7 +12,7 @@
+ if(DBLATEX)
+ add_custom_command(OUTPUT ${PROJECT_BINARY_DIR}/manual.pdf
+DEPENDS ${PROJECT_SOURCE_DIR}/[a-z]*.txt
+-   COMMAND ${A2X} -D ${PROJECT_BINARY_DIR} ${PROJECT_SOURCE_DIR}/manual.txt)
++   COMMAND ${A2X} -D ${PROJECT_BINARY_DIR} --dblatex-opts="--tmpdir=docbuild" ${PROJECT_SOURCE_DIR}/manual.txt)
+ add_custom_command(OUTPUT ${PROJECT_BINARY_DIR}/GTF.pdf
+DEPENDS ${PROJECT_SOURCE_DIR}/GTF.txt
+COMMAND ${A2X} -D ${PROJECT_BINARY_DIR} ${PROJECT_SOURCE_DIR}/GTF.txt)
diff --git a/debian/patches/series b/debian/patches/series
index d39cfd6..ba9444d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 non-linux.diff
 no-icons.diff
 test-timeout.diff
+reproducible-build.diff
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

[Reproducible-builds] Bug#807837: lxc: please make the build reproducible

[Reiner Herrmann]

Source: lxc
Version: 1:1.0.8-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Hi!

While working on the "reproducible builds" effort [1], we have noticed
that lxc could not be built reproducibly.
Timestamps are embedded into the manpages.

The attached patch uses the date from the latest changelog entry
instead.

Regards,
 Reiner

[1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/patches/0017-reproducible-build.patch b/debian/patches/0017-reproducible-build.patch
new file mode 100644
index 000..57724fb
--- /dev/null
+++ b/debian/patches/0017-reproducible-build.patch
@@ -0,0 +1,11 @@
+--- a/configure.ac
 b/configure.ac
+@@ -502,7 +502,7 @@
+ AS_AC_EXPAND(DATADIR, "$datadir")
+ AS_AC_EXPAND(LOCALSTATEDIR, "$localstatedir")
+ AS_AC_EXPAND(DOCDIR, "$docdir")
+-AS_AC_EXPAND(LXC_GENERATE_DATE, "$(date)")
++AS_AC_EXPAND(LXC_GENERATE_DATE, "$(dpkg-parsechangelog -S Date | LC_ALL=C date -u -f - '+%B %d, %Y')")
+ AS_AC_EXPAND(LXCPATH, "$with_config_path")
+ AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf")
+ AS_AC_EXPAND(LXC_USERNIC_CONF, "$with_usernic_conf")
diff --git a/debian/patches/series b/debian/patches/series
index b87ab51..4ef429d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,4 @@
 0014-systemd-getty.patch
 0015-Centos7-systemd.patch
 0016-lxc-debian-allow-not-including-contrib-non-free.patch
+0017-reproducible-build.patch
___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Re: [Reproducible-builds] How to react on "the second build failed, even though the first build was successful" ?

[Esa Peuha]

On Sat, Dec 12, 2015 at 6:14 PM, Chris Lamb  wrote:
> I've lost my scrollback apologies but IIRC it wasn't anything beyond 
> acknowledgement of the issue which I felt was enough to share with Thomas to 
> prevent him thinking it was "his" issue to debug.

OK, no problem. I was just wondering if anyone had any idea what
might be causing the issue or how to debug it. From what I've seen
on my pbuilder setup, the issue seems reproducible; as long as
the package to build and its build dependencies don't change,
the build will always fail the same way. That makes me think that
it probably shouldn't be too difficult to debug, at least for
someone who knows how to debug pbuilder, but I'm afraid I don't.

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

[Reproducible-builds] Broken HTML on diffoscope.org

[Axel Beckert]

Hi,

there seems to be a missing "" on https://diffoscope.org/ behind
the link to http://brew.sh/. Well, actually it's a "" which
behaves like a missing one.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

[Reproducible-builds] Bug#807669: dh-strip-nondeterminism: Breaks some jar file

[Andrew Ayer]

Hi Sophie,

I took a look at dirbuster, and it looks like it doesn't actually build
anything; instead it just installs a signed .jar that is shipped with
the source, and strip-nondeterminism's modifications break the
signature.

Therefore, my recommendation is that you continue to disable
strip-nondeterminism in debian/rules.  Since dirbuster doesn't actually
build anything, there's no nondeterminism to be stripped :-)

Let me know if I've misread this and there is actually some building
being done here.

Cheers,
Andrew


On Fri, 11 Dec 2015 15:21:57 +0100
Sophie Brun  wrote:

> Package: dh-strip-nondeterminism
> Version: 0.014-1
> Severity: normal
> 
> When building the package dirbuster (for kali),
> dh_strip_nondeterminism breaks the jar file.
> 
> The package is built but when I tried to launch the program, it
> failed with this error: Exception in thread "main"
> java.lang.SecurityException: Invalid signature file digest for
> Manifest main attributes at
> sun.security.util.SignatureFileVerifier.processImpl
> (SignatureFileVerifier.java:287) at
> sun.security.util.SignatureFileVerifier.process
> (SignatureFileVerifier.java:240) at
> java.util.jar.JarVerifier.processEntry(JarVerifier.java:274) at
> java.util.jar.JarVerifier.update(JarVerifier.java:228) at
> java.util.jar.JarFile.initializeVerifier(JarFile.java:348) at
> java.util.jar.JarFile.getInputStream(JarFile.java:415) at
> sun.misc.URLClassPath$JarLoader$2.getInputStream
> (URLClassPath.java:775) at sun.misc.Resource.cachedInputStream
> (Resource.java:77) at sun.misc.Resource.getByteBuffer
> (Resource.java:160) at java.net.URLClassLoader.defineClass
> (URLClassLoader.java:436) at java.net.URLClassLoader.access$100
> (URLClassLoader.java:71) at java.net.URLClassLoader$1.run
> (URLClassLoader.java:361) at java.net.URLClassLoader$1.run
> (URLClassLoader.java:355) at
> java.security.AccessController.doPrivileged(Native Method) at
> java.net.URLClassLoader.findClass(URLClassLoader.java:354) at
> java.lang.ClassLoader.loadClass(ClassLoader.java:425) at
> sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at
> java.lang.ClassLoader.loadClass(ClassLoader.java:358) at
> com.sittinglittleduck.DirBuster.Start.main(Start.java:51)
> 
> 
> Disabling dh_strip_nondeterminism in debian/rules (via
> override_dh_...) fixed it.
> 
> The source of package dirbuster can be found:
> git://git.kali.org/packages/dirbuster.git
> 
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers testing
>   APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.3.0-rc3-amd64 (SMP w/4 CPU cores)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages dh-strip-nondeterminism depends on:
> ii  debhelper 9.20151126
> ii  libfile-stripnondeterminism-perl  0.014-1
> ii  libtimedate-perl  2.3000-2
> ii  perl  5.20.2-6
> 
> dh-strip-nondeterminism recommends no packages.
> 
> dh-strip-nondeterminism suggests no packages.
> 
> -- no debconf information

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

[Reproducible-builds] Bug#807876: strip-nondeterminism: should ignore signed JARs

[Andrew Ayer]

Package: strip-nondeterminism
Severity: wishlist

It would be nice for strip-nondeterminism to ignore signed JARs (but
print a warning), since its modifications will break the signature.

According to the jarsigner(1) man page, a signed JAR will have .DSA
and .SF files in the META-INF, so we can look for those.

An example of a signed JAR can be found in
git://git.kali.org/packages/dirbuster.git

___
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds