[Reproducible-builds] Bug#807829: 4ti2: please make the build reproducible
Source: 4ti2 Version: 1.6.7+ds-1 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: timestamps locale X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Hi! While working on the "reproducible builds" effort [1], we have noticed that 4ti2 could not be built reproducibly. It embeds a locale- and timezone-dependent timestamp into the documentation. The attached patch fixes this by using the C locale and UTC for generating the timestamp. Regards, Reiner [1]: https://wiki.debian.org/ReproducibleBuilds diff --git a/debian/patches/reproducible-build.patch b/debian/patches/reproducible-build.patch new file mode 100644 index 000..fbf79fe --- /dev/null +++ b/debian/patches/reproducible-build.patch @@ -0,0 +1,11 @@ +--- a/doc/Makefile.am b/doc/Makefile.am +@@ -2,7 +2,7 @@ + export BIBINPUTS = $(abs_top_srcdir)/doc + export BSTINPUTS = $(abs_top_srcdir)/doc + +-DEB_PKG_DATE_LTXD = $(shell date -d "$(DEB_PKG_DATE)" +"%B %d, %Y") ++DEB_PKG_DATE_LTXD = $(shell LC_ALL=C date -u -d "$(DEB_PKG_DATE)" +"%B %d, %Y") + + BIBTEX = bibtex + PDFLATEX = pdflatex diff --git a/debian/patches/series b/debian/patches/series index 31b77dd..035c63d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,4 @@ debianization.patch debianization-prefix.patch debianization-documentation.patch debianization-documentation-prefix.patch +reproducible-build.patch ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
[Reproducible-builds] Bug#807838: graphite2: please make the build reproducible
Source: graphite2 Version: 1.3.4-1 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: randomness X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Hi! While working on the "reproducible builds" effort [1], we have noticed that graphite2 could not be built reproducibly. It is generating pdf documentation by calling asciidoc, which uses dblatex to generate the file. By default, dblatex builds the documentation in a random path (which will then be used to generate the PDF ID). The attached patch fixes this by telling dblatex to use a static path. Regards, Reiner [1]: https://wiki.debian.org/ReproducibleBuilds diff --git a/debian/patches/reproducible-build.diff b/debian/patches/reproducible-build.diff new file mode 100644 index 000..3b83c70 --- /dev/null +++ b/debian/patches/reproducible-build.diff @@ -0,0 +1,11 @@ +--- a/doc/CMakeLists.txt b/doc/CMakeLists.txt +@@ -12,7 +12,7 @@ + if(DBLATEX) + add_custom_command(OUTPUT ${PROJECT_BINARY_DIR}/manual.pdf +DEPENDS ${PROJECT_SOURCE_DIR}/[a-z]*.txt +- COMMAND ${A2X} -D ${PROJECT_BINARY_DIR} ${PROJECT_SOURCE_DIR}/manual.txt) ++ COMMAND ${A2X} -D ${PROJECT_BINARY_DIR} --dblatex-opts="--tmpdir=docbuild" ${PROJECT_SOURCE_DIR}/manual.txt) + add_custom_command(OUTPUT ${PROJECT_BINARY_DIR}/GTF.pdf +DEPENDS ${PROJECT_SOURCE_DIR}/GTF.txt +COMMAND ${A2X} -D ${PROJECT_BINARY_DIR} ${PROJECT_SOURCE_DIR}/GTF.txt) diff --git a/debian/patches/series b/debian/patches/series index d39cfd6..ba9444d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ non-linux.diff no-icons.diff test-timeout.diff +reproducible-build.diff ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
[Reproducible-builds] Bug#807837: lxc: please make the build reproducible
Source: lxc Version: 1:1.0.8-1 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: timestamps X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Hi! While working on the "reproducible builds" effort [1], we have noticed that lxc could not be built reproducibly. Timestamps are embedded into the manpages. The attached patch uses the date from the latest changelog entry instead. Regards, Reiner [1]: https://wiki.debian.org/ReproducibleBuilds diff --git a/debian/patches/0017-reproducible-build.patch b/debian/patches/0017-reproducible-build.patch new file mode 100644 index 000..57724fb --- /dev/null +++ b/debian/patches/0017-reproducible-build.patch @@ -0,0 +1,11 @@ +--- a/configure.ac b/configure.ac +@@ -502,7 +502,7 @@ + AS_AC_EXPAND(DATADIR, "$datadir") + AS_AC_EXPAND(LOCALSTATEDIR, "$localstatedir") + AS_AC_EXPAND(DOCDIR, "$docdir") +-AS_AC_EXPAND(LXC_GENERATE_DATE, "$(date)") ++AS_AC_EXPAND(LXC_GENERATE_DATE, "$(dpkg-parsechangelog -S Date | LC_ALL=C date -u -f - '+%B %d, %Y')") + AS_AC_EXPAND(LXCPATH, "$with_config_path") + AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf") + AS_AC_EXPAND(LXC_USERNIC_CONF, "$with_usernic_conf") diff --git a/debian/patches/series b/debian/patches/series index b87ab51..4ef429d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -14,3 +14,4 @@ 0014-systemd-getty.patch 0015-Centos7-systemd.patch 0016-lxc-debian-allow-not-including-contrib-non-free.patch +0017-reproducible-build.patch ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] How to react on "the second build failed, even though the first build was successful" ?
On Sat, Dec 12, 2015 at 6:14 PM, Chris Lambwrote: > I've lost my scrollback apologies but IIRC it wasn't anything beyond > acknowledgement of the issue which I felt was enough to share with Thomas to > prevent him thinking it was "his" issue to debug. OK, no problem. I was just wondering if anyone had any idea what might be causing the issue or how to debug it. From what I've seen on my pbuilder setup, the issue seems reproducible; as long as the package to build and its build dependencies don't change, the build will always fail the same way. That makes me think that it probably shouldn't be too difficult to debug, at least for someone who knows how to debug pbuilder, but I'm afraid I don't. ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
[Reproducible-builds] Broken HTML on diffoscope.org
Hi, there seems to be a missing "" on https://diffoscope.org/ behind the link to http://brew.sh/. Well, actually it's a "" which behaves like a missing one. Regards, Axel -- ,''`. | Axel Beckert, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
[Reproducible-builds] Bug#807669: dh-strip-nondeterminism: Breaks some jar file
Hi Sophie, I took a look at dirbuster, and it looks like it doesn't actually build anything; instead it just installs a signed .jar that is shipped with the source, and strip-nondeterminism's modifications break the signature. Therefore, my recommendation is that you continue to disable strip-nondeterminism in debian/rules. Since dirbuster doesn't actually build anything, there's no nondeterminism to be stripped :-) Let me know if I've misread this and there is actually some building being done here. Cheers, Andrew On Fri, 11 Dec 2015 15:21:57 +0100 Sophie Brunwrote: > Package: dh-strip-nondeterminism > Version: 0.014-1 > Severity: normal > > When building the package dirbuster (for kali), > dh_strip_nondeterminism breaks the jar file. > > The package is built but when I tried to launch the program, it > failed with this error: Exception in thread "main" > java.lang.SecurityException: Invalid signature file digest for > Manifest main attributes at > sun.security.util.SignatureFileVerifier.processImpl > (SignatureFileVerifier.java:287) at > sun.security.util.SignatureFileVerifier.process > (SignatureFileVerifier.java:240) at > java.util.jar.JarVerifier.processEntry(JarVerifier.java:274) at > java.util.jar.JarVerifier.update(JarVerifier.java:228) at > java.util.jar.JarFile.initializeVerifier(JarFile.java:348) at > java.util.jar.JarFile.getInputStream(JarFile.java:415) at > sun.misc.URLClassPath$JarLoader$2.getInputStream > (URLClassPath.java:775) at sun.misc.Resource.cachedInputStream > (Resource.java:77) at sun.misc.Resource.getByteBuffer > (Resource.java:160) at java.net.URLClassLoader.defineClass > (URLClassLoader.java:436) at java.net.URLClassLoader.access$100 > (URLClassLoader.java:71) at java.net.URLClassLoader$1.run > (URLClassLoader.java:361) at java.net.URLClassLoader$1.run > (URLClassLoader.java:355) at > java.security.AccessController.doPrivileged(Native Method) at > java.net.URLClassLoader.findClass(URLClassLoader.java:354) at > java.lang.ClassLoader.loadClass(ClassLoader.java:425) at > sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at > java.lang.ClassLoader.loadClass(ClassLoader.java:358) at > com.sittinglittleduck.DirBuster.Start.main(Start.java:51) > > > Disabling dh_strip_nondeterminism in debian/rules (via > override_dh_...) fixed it. > > The source of package dirbuster can be found: > git://git.kali.org/packages/dirbuster.git > > -- System Information: > Debian Release: stretch/sid > APT prefers testing > APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 4.3.0-rc3-amd64 (SMP w/4 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages dh-strip-nondeterminism depends on: > ii debhelper 9.20151126 > ii libfile-stripnondeterminism-perl 0.014-1 > ii libtimedate-perl 2.3000-2 > ii perl 5.20.2-6 > > dh-strip-nondeterminism recommends no packages. > > dh-strip-nondeterminism suggests no packages. > > -- no debconf information ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
[Reproducible-builds] Bug#807876: strip-nondeterminism: should ignore signed JARs
Package: strip-nondeterminism Severity: wishlist It would be nice for strip-nondeterminism to ignore signed JARs (but print a warning), since its modifications will break the signature. According to the jarsigner(1) man page, a signed JAR will have .DSA and .SF files in the META-INF, so we can look for those. An example of a signed JAR can be found in git://git.kali.org/packages/dirbuster.git ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds