Bug#872184: quilt: please make the build reproducible
Source: quilt Version: 0.63-8.1 Severity: normal Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: buildpath X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Dear Maintainer, While working on the "reproducible builds" effort [1], we have noticed that 'quilt' could not be built reproducibly. The attached patch uses 'html2text' to produce the plain text version of the manual. As a result the plain text version does not include absolute paths anymore. Once applied, quilt can be built reproducibly in our current experimental framework. Regards, Philip [1]: https://wiki.debian.org/ReproducibleBuilds diff -Nru quilt-0.63/debian/control quilt-0.63/debian/control --- quilt-0.63/debian/control 2016-12-21 02:36:16.0 +0100 +++ quilt-0.63/debian/control 2017-08-15 00:31:38.0 +0200 @@ -4,7 +4,7 @@ Maintainer: Martin QuinsonUploaders: Ryan Niebur Build-Depends: debhelper (>= 9) -Build-Depends-Indep: gettext, hevea, lynx, diffstat, perl, procmail, ed +Build-Depends-Indep: gettext, hevea, html2text, diffstat, perl, procmail, ed Standards-Version: 3.9.8 Vcs-git: git://anonscm.debian.org/collab-maint/quilt Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/quilt.git diff -Nru quilt-0.63/debian/rules quilt-0.63/debian/rules --- quilt-0.63/debian/rules 2017-07-17 20:39:58.0 +0200 +++ quilt-0.63/debian/rules 2017-08-15 00:31:28.0 +0200 @@ -26,8 +26,7 @@ cd doc/tmp; LC_ALL=C hevea ../main.tex ; LC_ALL=C hevea ../main.tex; LC_ALL=C hevea ../main.tex perl -pe 'if (/\\sh\{.*}/) {s:\\sh\{(.*)}:$$1:}' \ < doc/tmp/main.html > doc/quilt.html - LC_ALL=C perl -e '$$/ = undef; $$f=<>; $$f =~ s|]*?HREF="[^"]*#[^"]*">(.*?)|$$1|msg; print $$f;' < doc/tmp/main.html > doc/tmp/tmp.html - LC_ALL=C lynx doc/tmp/tmp.html -dump > doc/quilt.txt + LC_ALL=C html2text -style pretty -o doc/quilt.txt doc/quilt.html else touch doc/quilt.html doc/quilt.txt endif signature.asc Description: OpenPGP digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Please review the draft for week 120's blog post
Hi all, Please review the draft for week 120's blog post: https://reproducible.alioth.debian.org/blog/drafts/120/ Feel free to commit any changes directly to drafts/120.mdwn in Git: https://anonscm.debian.org/git/reproducible/blog.git/ I am very happy to reword and/or rework prior to publishing. I intend to publish it no earlier than: https://time.is/compare/1700_16_Aug_2017_in_UTC or $ date -d 'Wed, 16 Aug 2017 17:00:00 +' Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: More info about nondeterminism_added_by_pyqt5_pyrcc5
Dear Federico, > There are two possible solutions[2]: set the environment variable > QT_HASH_SEED to a constant value before > pyrcc5 is called (this is my current workaround) or call > qSetGlobalQHashSeed(). > > I can help with the implementation if needed. Neat! Please do so. :) Probably best to file that directly with the offending package and set the various "usertags" so we can track it: https://wiki.debian.org/ReproducibleBuilds/Contribute#How_to_report_bugs Indeed, would you be interested in updating our notes on this issue directly? If so, please join our group on Alioth, and then clone our: https://anonscm.debian.org/git/reproducible/notes.git/ .. repository. The `packages.yml` and `issues.yml` files should be pretty self-explanatory. (If not, just let me know and I'll update them myself.) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
More info about nondeterminism_added_by_pyqt5_pyrcc5
Hello, I'm packaging an application making use of pyrcc5 and I noticed the nondeterminism it adds. I see[1] that this is currently description is not correct. You can see that pyrcc5 uses QHash, which is made to avoid algorithmic complexity attacks[2] introducing a randomization. There are two possible solutions[2]: set the environment variable QT_HASH_SEED to a constant value before pyrcc5 is called (this is my current workaround) or call qSetGlobalQHashSeed(). I can help with the implementation if needed. Regards -- Federico [1] https://tests.reproducible-builds.org/debian/issues/unstable/nondeterminism_added_by_pyqt5_pyrcc5_issue.html [2] http://doc.qt.io/qt-5/qhash.html ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Bug#869868: Diffoscope should be much more flexible with respects to the ELF tools it uses
Hi Chris, > Can you give me an example? eg. Where are these binaries located, etc. > etc. or are they in such bespoke dirs that the ability to override > externally is required? The issue here is: the tools are architecture dependent, for ARM binaries you'll need tools compiled with ARM support, e.g. https://packages.debian.org/buster/amd64/binutils-arm-none-eabi/filelist . They often live right next to the regular tools but are prefixed with the architecture triplet, but there're also custom toolchains which have the same triplet prefix but live in a custom prefix like /opt. The one without the triplet prefixed is in many cases only capable of handling the native and compatible architectures, so trying to use that on an ARM binary will not work. Preferably diffoscope would look at the ELF binary and automagically try to use the correct binutils for processing but for the start I'd be happy if I could just tell it which tool to use rather than resorting to extreme measures like manipulating the binary search path or linking the desired binary over the generic name in a preferred binary path and then back again. Servus, Daniel ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Bug#869868: Diffoscope should be much more flexible with respects to the ELF tools it uses
Hi Daniel, > However it doesn't stop there: With objdump you can't just pick > *any* version but you need one with support for the precisely > the target architecture you want to look at Can you give me an example? eg. Where are these binaries located, etc. etc. or are they in such bespoke dirs that the ability to override externally is required? Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds