Hi Andres, Andres Pavez <[email protected]> (2020-03-30): > I am looking for some help with the fontconfig cache that is not > reproducible version 2.13.1 how you guys make reproducible ?. it is > not on your final report and not in > (https://redmine.tails.boum.org/code/issues/15187) > > I have a small project using your patch on Debian stretch and it works > perfectly > (https://deb.tails.boum.org/pool/main/f/fontconfig/fontconfig_2.11.0-6.7.0tails4_amd64.deb) > > But I decided to upgrade buster, so I install > (https://deb.tails.boum.org/pool/main/f/fontconfig/fontconfig_2.13.1-2.0tails1_amd64.deb) > and I can generate the cache reproducible. > > Any help is welcome.
You'll find the Tails patch attached for reference.
How you could have generated it yourself, provided you have standard
Debian tools (devscripts, basically):
# get source package from Tails repository:
# (downloads in current directory)
dget -ux
https://deb.tails.boum.org/pool/main/f/fontconfig/fontconfig_2.11.0-6.7.0tails4.dsc
# get source package from Debian's snapshot.debian.org:
# (downloads under source-fontconfig subdirectory)
debsnap fontconfig 2.11.0-6.7
# generate source debdiff between Debian and Tails:
debdiff source-fontconfig/fontconfig_2.11.0-6.7.dsc
fontconfig_2.11.0-6.7.0tails4.dsc \
fontconfig-tails.diff
Cheers,
--
Cyril 'kibi' Brulebois ([email protected])
diff -Nru fontconfig-2.11.0/debian/changelog fontconfig-2.11.0/debian/changelog --- fontconfig-2.11.0/debian/changelog 2016-08-24 14:21:57.000000000 +0200 +++ fontconfig-2.11.0/debian/changelog 2017-06-03 11:29:36.000000000 +0200 @@ -1,3 +1,35 @@ +fontconfig (2.11.0-6.7.0tails4) bugfix-12567-fontconfig-fixup; urgency=medium + + * Non-maintainer upload. + * fontconfig.postinst: another fixup on "clamping" of the mtimes of font + directories introduced in 2.11.0-6.7.0tails2. + + -- anonym <[email protected]> Sat, 03 Jun 2017 11:29:36 +0200 + +fontconfig (2.11.0-6.7.0tails3) bugfix-12567-fontconfig-fixup; urgency=medium + + * Non-maintainer upload. + * fontconfig.postinst: fixup on "clamping" of the mtimes of font + directories introduced in 2.11.0-6.7.0tails2. + + -- anonym <[email protected]> Fri, 02 Jun 2017 23:51:59 +0200 + +fontconfig (2.11.0-6.7.0tails2) bugfix-12567-fontconfig-fixup; urgency=medium + + * Non-maintainer upload. + * fontconfig.postinst: "clamp" the mtimes of font directories to + SOURCE_DATE_EPOCH prior to calling fc-cache. + * New patch: Fixup on "make the generated cache files reproducible". + + -- anonym <[email protected]> Wed, 31 May 2017 22:47:54 +0200 + +fontconfig (2.11.0-6.7.0tails1) bugfix-11971-fontconfig-cache-in-iso; urgency=medium + + * Non-maintainer upload. + * New patch: make the generated cache files reproducible. + + -- intrigeri <[email protected]> Thu, 18 May 2017 12:46:32 +0000 + fontconfig (2.11.0-6.7) unstable; urgency=medium * Non-maintainer upload. diff -Nru fontconfig-2.11.0/debian/fontconfig.postinst fontconfig-2.11.0/debian/fontconfig.postinst --- fontconfig-2.11.0/debian/fontconfig.postinst 2016-08-06 10:24:50.000000000 +0200 +++ fontconfig-2.11.0/debian/fontconfig.postinst 2017-06-03 11:29:36.000000000 +0200 @@ -2,10 +2,28 @@ set -e +if [ -n "$SOURCE_DATE_EPOCH" ]; then + # fontconfig embeds the mtime of each font directory in a "checksum" member + # of a "_FcCache" struct. This is so that it can identify which cache files + # remain valid and/or require regeneration. + # + # We therefore "clamp" the mtimes of font directories to SOURCE_DATE_EPOCH + # prior to calling fc-cache to avoid these non-deterministic values appearing + # in the files themselves. This is safe as we force regeneration in + # subsequent fc-cache calls with -f. + # + # (We can't just replace the checksum value with SOURCE_DATE_EPOCH as it will + # result in fontconfig believing the cache to be outdated, defeating the + # entire point of generating them in the first place. + fc-cache -s --list-dirs | \ + xargs -I{} find {} -type d -follow -newermt "@$SOURCE_DATE_EPOCH" -print0 2>/dev/null | \ + xargs -0r touch --date="@$SOURCE_DATE_EPOCH" +fi + if [ "$1" = triggered ]; then # Force regeneration of all fontconfig cache files. mkdir -p /var/cache/fontconfig - fc-cache -s -v 1>/var/log/fontconfig.log 2>&1 || printf "fc-cache failed.\nSee /var/log/fontconfig.log for more information.\n" + fc-cache -s -f -v 1>/var/log/fontconfig.log 2>&1 || printf "fc-cache failed.\nSee /var/log/fontconfig.log for more information.\n" exit 0 fi diff -Nru fontconfig-2.11.0/debian/patches/09-Make-the-generated-cache-files-reproducible-Closes-8.patch fontconfig-2.11.0/debian/patches/09-Make-the-generated-cache-files-reproducible-Closes-8.patch --- fontconfig-2.11.0/debian/patches/09-Make-the-generated-cache-files-reproducible-Closes-8.patch 1970-01-01 01:00:00.000000000 +0100 +++ fontconfig-2.11.0/debian/patches/09-Make-the-generated-cache-files-reproducible-Closes-8.patch 2017-05-18 14:46:32.000000000 +0200 @@ -0,0 +1,22 @@ +From: Chris Lamb <[email protected]> +Date: Thu, 18 May 2017 12:43:29 +0000 +Bug-Debian: https://bugs.debian.org/857892 +Bug-Tails: https://labs.riseup.net/code/issues/11971 +Subject: Make the generated cache files reproducible (Closes: #857892) + +--- + src/fcpat.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/fcpat.c b/src/fcpat.c +index 0614ac2..374432a 100644 +--- a/src/fcpat.c ++++ b/src/fcpat.c +@@ -33,6 +33,7 @@ FcPatternCreate (void) + p = (FcPattern *) malloc (sizeof (FcPattern)); + if (!p) + return 0; ++ memset (p, 0, sizeof (FcPattern)); + p->num = 0; + p->size = 0; + p->elts_offset = FcPtrToOffset (p, NULL); diff -Nru fontconfig-2.11.0/debian/patches/10-fc-cache-list-dirs.patch fontconfig-2.11.0/debian/patches/10-fc-cache-list-dirs.patch --- fontconfig-2.11.0/debian/patches/10-fc-cache-list-dirs.patch 1970-01-01 01:00:00.000000000 +0100 +++ fontconfig-2.11.0/debian/patches/10-fc-cache-list-dirs.patch 2017-05-31 22:45:06.000000000 +0200 @@ -0,0 +1,144 @@ +diff -urNad fontconfig-2.11.0.orig/fc-cache/fc-cache.1 fontconfig-2.11.0/fc-cache/fc-cache.1 +--- fontconfig-2.11.0.orig/fc-cache/fc-cache.1 2017-05-26 16:30:36.585878534 +0100 ++++ fontconfig-2.11.0/fc-cache/fc-cache.1 2017-05-26 18:12:58.022734653 +0100 +@@ -4,7 +4,7 @@ + fc-cache \- build font information cache files + .SH SYNOPSIS + .sp +-\fBfc-cache\fR [ \fB-frsvVh\fR ] [ \fB--force\fR ] [ \fB--really-force\fR ] [ \fB--system-only\fR ] [ \fB--verbose\fR ] [ \fB--version\fR ] [ \fB--help\fR ] [ \fB\fIdir\fB\fR\fI...\fR ] ++\fBfc-cache\fR [ \fB-frsvVh\fR ] [ \fB--force\fR ] [ \fB--really-force\fR ] [ \fB--system-only\fR ] [ \fB--list-dirs\fR ] [ \fB--verbose\fR ] [ \fB--version\fR ] [ \fB--help\fR ] [ \fB\fIdir\fB\fR\fI...\fR ] + .SH "DESCRIPTION" + .PP + \fBfc-cache\fR scans the font directories on +@@ -39,6 +39,9 @@ + Only scan system-wide directories, omitting the places + located in the user's home directory. + .TP ++\fB-l\fR ++Only list directories, don't regenerate anything. ++.TP + \fB-v\fR + Display status information while busy. + .TP +diff -urNad fontconfig-2.11.0.orig/fc-cache/fc-cache.c fontconfig-2.11.0/fc-cache/fc-cache.c +--- fontconfig-2.11.0.orig/fc-cache/fc-cache.c 2017-05-26 16:30:36.585878534 +0100 ++++ fontconfig-2.11.0/fc-cache/fc-cache.c 2017-05-26 18:13:33.810917986 +0100 +@@ -69,6 +69,7 @@ + {"really-force", 0, 0, 'r'}, + {"sysroot", 0, 0, 'y'}, + {"system-only", 0, 0, 's'}, ++ {"list-dirs", 0, 0, 'l'}, + {"version", 0, 0, 'V'}, + {"verbose", 0, 0, 'v'}, + {"help", 0, 0, 'h'}, +@@ -86,10 +87,10 @@ + { + FILE *file = error ? stderr : stdout; + #if HAVE_GETOPT_LONG +- fprintf (file, "usage: %s [-frsvVh] [-y SYSROOT] [--force|--really-force] [--sysroot=SYSROOT] [--system-only] [--verbose] [--version] [--help] [dirs]\n", ++ fprintf (file, "usage: %s [-frsvVh] [-y SYSROOT] [--force|--really-force] [--sysroot=SYSROOT] [--system-only] [--list-dirs] [--verbose] [--version] [--help] [dirs]\n", + program); + #else +- fprintf (file, "usage: %s [-frsvVh] [-y SYSROOT] [dirs]\n", ++ fprintf (file, "usage: %s [-frslvVh] [-y SYSROOT] [dirs]\n", + program); + #endif + fprintf (file, "Build font information caches in [dirs]\n" +@@ -100,6 +101,7 @@ + fprintf (file, " -r, --really-force erase all existing caches, then rescan\n"); + fprintf (file, " -s, --system-only scan system-wide directories only\n"); + fprintf (file, " -y, --sysroot=SYSROOT prepend SYSROOT to all paths for scanning\n"); ++ fprintf (file, " -l, --list-dirs list directories only\n"); + fprintf (file, " -v, --verbose display status information while busy\n"); + fprintf (file, " -V, --version display font config version and exit\n"); + fprintf (file, " -h, --help display this help and exit\n"); +@@ -108,6 +110,7 @@ + fprintf (file, " -r, (really force) erase all existing caches, then rescan\n"); + fprintf (file, " -s (system) scan system-wide directories only\n"); + fprintf (file, " -y SYSROOT (sysroot) prepend SYSROOT to all paths for scanning\n"); ++ fprintf (file, " -l (list-dirs) list directories only\n"); + fprintf (file, " -v (verbose) display status information while busy\n"); + fprintf (file, " -V (version) display font config version and exit\n"); + fprintf (file, " -h (help) display this help and exit\n"); +@@ -277,18 +280,20 @@ + FcBool force = FcFalse; + FcBool really_force = FcFalse; + FcBool systemOnly = FcFalse; ++ FcBool listDirs = FcFalse; + FcConfig *config; + FcChar8 *sysroot = NULL; ++ FcChar8 *dir; + int i; + int changed; +- int ret; ++ int ret = 0; + #if HAVE_GETOPT_LONG || HAVE_GETOPT + int c; + + #if HAVE_GETOPT_LONG +- while ((c = getopt_long (argc, argv, "frsy:Vvh", longopts, NULL)) != -1) ++ while ((c = getopt_long (argc, argv, "frsly:Vvh", longopts, NULL)) != -1) + #else +- while ((c = getopt (argc, argv, "frsy:Vvh")) != -1) ++ while ((c = getopt (argc, argv, "frsly:Vvh")) != -1) + #endif + { + switch (c) { +@@ -304,6 +309,9 @@ + case 'y': + sysroot = FcStrCopy ((const FcChar8 *)optarg); + break; ++ case 'l': ++ listDirs = FcTrue; ++ break; + case 'V': + fprintf (stderr, "fontconfig version %d.%d.%d\n", + FC_MAJOR, FC_MINOR, FC_REVISION); +@@ -365,6 +373,13 @@ + else + list = FcConfigGetConfigDirs (config); + ++ if (listDirs) ++ { ++ while ((dir = FcStrListNext (list))) ++ printf ("%s\n", dir); ++ goto done; ++ } ++ + if ((processed_dirs = FcStrSetCreate()) == NULL) { + fprintf(stderr, "Cannot malloc\n"); + return 1; +@@ -388,6 +403,7 @@ + + cleanCacheDirectories (config, verbose); + ++done: + FcConfigDestroy (config); + FcFini (); + /* +diff -urNad fontconfig-2.11.0.orig/fc-cache/fc-cache.sgml fontconfig-2.11.0/fc-cache/fc-cache.sgml +--- fontconfig-2.11.0.orig/fc-cache/fc-cache.sgml 2017-05-26 16:30:36.585878534 +0100 ++++ fontconfig-2.11.0/fc-cache/fc-cache.sgml 2017-05-26 18:10:26.789976370 +0100 +@@ -67,6 +67,7 @@ + <arg><option>--force</option></arg> + <arg><option>--really-force</option></arg> + <arg><option>--system-only</option></arg> ++ <arg><option>--list-dirs</option></arg> + <arg><option>--verbose</option></arg> + <arg><option>--version</option></arg> + <arg><option>--help</option></arg> +@@ -129,6 +130,14 @@ + </listitem> + </varlistentry> + <varlistentry> ++ <term><option>-l</option> ++ <option>--list-dirs</option> ++ </term> ++ <listitem> ++ <para>Only list directories, don't regenerate anything.</para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> + <term><option>-v</option> + <option>--verbose</option> + </term> diff -Nru fontconfig-2.11.0/debian/patches/series fontconfig-2.11.0/debian/patches/series --- fontconfig-2.11.0/debian/patches/series 2016-08-17 16:33:16.000000000 +0200 +++ fontconfig-2.11.0/debian/patches/series 2017-05-31 22:44:36.000000000 +0200 @@ -6,3 +6,5 @@ 06_cross.patch 07_CVE-2016-5384-Properly-validate-offsets-in-cache-files.patch skip-dpkg-tmp-files.patch +09-Make-the-generated-cache-files-reproducible-Closes-8.patch +10-fc-cache-list-dirs.patch
signature.asc
Description: PGP signature
_______________________________________________ Tails-dev mailing list [email protected] https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
