Your message dated Thu, 26 Mar 2015 16:34:06 +0000
with message-id <[email protected]>
and subject line Bug#774429: fixed in binutils 2.25-6
has caused the Debian Bug report #774429,
regarding binutils: please make binutils build reproducibly
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
774429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774429
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: binutils
Version: 2.25-3
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: timestamps fileordering
Hi!
While working on the “reproducible builds” effort [1], we have noticed
that binutils could not be built reproducibly.
The attached patch contains multiple fixes to debian/rules to fix this
with our current experimental framework.
Ideally, using strip-nondeterminism should not be required, but I did
not find an easy way to pass the `D` flag to `ar`.
[1]: https://wiki.debian.org/ReproducibleBuilds
--
Lunar .''`.
[email protected] : :Ⓐ : # apt-get install anarchism
`. `'`
`-
diff -u binutils-2.25/debian/changelog binutils-2.25/debian/changelog
--- binutils-2.25/debian/changelog
+++ binutils-2.25/debian/changelog
@@ -1,3 +1,15 @@
+binutils (2.25-3.0~reproducible1) UNRELEASED; urgency=low
+
+ * Make the package build reproducibly:
+ - Fix mtimes before building binary packages.
+ - Stop recording the current time when creating gzip files.
+ - Sort file list in md5sums.
+ - Fix mtimes before building source tarball.
+ - Sort file list in binutils source tarball.
+ - Call strip-nondeterminism on static libraries.
+
+ -- Jérémy Bobbio <[email protected]> Fri, 02 Jan 2015 16:33:56 +0100
+
binutils (2.25-3) unstable; urgency=medium
* Don't build as a release candidate, fixing the upper shlibs dependency.
diff -u binutils-2.25/debian/control binutils-2.25/debian/control
--- binutils-2.25/debian/control
+++ binutils-2.25/debian/control
@@ -6,7 +6,8 @@
Standards-Version: 3.9.6
Build-Depends: autoconf (>= 2.64), dpkg-dev (>= 1.17.11),
bison, flex, gettext, texinfo, dejagnu, quilt,
- python3:any, file, xz-utils, lsb-release, zlib1g-dev
+ python3:any, file, xz-utils, lsb-release, zlib1g-dev,
+ strip-nondeterminism
Vcs-Browser: https://code.launchpad.net/~doko/binutils/pkg-2.25-debian
Vcs-Bzr: http://bazaar.launchpad.net/~doko/binutils/pkg-2.25-debian
XS-Testsuite: autopkgtest
diff -u binutils-2.25/debian/rules binutils-2.25/debian/rules
--- binutils-2.25/debian/rules
+++ binutils-2.25/debian/rules
@@ -146,6 +146,7 @@
ifneq (,$(DATE))
# DATE_EXT := .$(DATE)
endif
+BUILD_DATE := $(shell dpkg-parsechangelog | sed -n -e 's/^Date: //p')
is_rc = yes
is_rc =
@@ -745,6 +746,8 @@
$(call strip_package, $(p_mul), $(d_mul))
endif
+ find $(d_dev) -name '*.a' -print0 | xargs -0r strip-nondeterminism --type ar
+
: # Don't want /usr/<arch>-linux to exist in any package
rm -rf $(d_bin)/$(PF)/$(DEB_HOST_GNU_TYPE)
@@ -915,24 +918,28 @@
for i in bfd gas gprof ld; do \
ln -sf ../$(p_bin)/$$i $(d_doc)/$(PF)/share/doc/$(p_doc)/$$i; \
done
- find $(d_doc)/$(PF)/share/doc/$(p_doc) -maxdepth 1 -type f ! -name copyright | xargs gzip -9
- gzip -9 $(d_doc)/$(PF)/share/info/*
+ find $(d_doc)/$(PF)/share/doc/$(p_doc) -maxdepth 1 -type f ! -name copyright | xargs gzip -9n
+ gzip -9n $(d_doc)/$(PF)/share/info/*
dpkg-gencontrol -isp -P$(d_doc) -p$(p_doc)
chown -R root:root $(d_doc)
chmod -R go=rX $(d_doc)
+ find $(d_doc) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_doc) ..
$(install_dir) $(d_src)/$(PF)/share/doc/$(p_src)/
$(install_file) debian/changelog $(d_src)/$(PF)/share/doc/$(p_src)/changelog.Debian
$(install_file) debian/copyright $(d_src)/$(PF)/share/doc/$(p_src)/
- find $(d_src)/$(PF)/share/doc/$(p_src) -maxdepth 1 -type f ! -name copyright | xargs gzip -9
+ find $(d_src)/$(PF)/share/doc/$(p_src) -maxdepth 1 -type f ! -name copyright | xargs gzip -9n
endif # ifndef BACKPORT
$(install_dir) $(d_src)/DEBIAN
$(install_dir) $(d_src)/$(PF)/src/binutils/patches
$(install_file) debian/patches/* $(d_src)/$(PF)/src/binutils/patches/
- tar -c --xz -C .. --exclude=CVS \
+ cd .. && find $(sources_files) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)' && \
+ find $(source_files) -type f -print0 | LC_ALL=C sort -z | tar --null -T - -c --xz --exclude=CVS \
-f $(pwd)/$(d_src)/$(PF)/src/binutils/binutils-$(VERSION).tar.xz \
$(source_files)
@@ -950,6 +957,8 @@
dpkg-gencontrol -isp -P$(d_src) -p$(p_src)
chown -R root:root $(d_src)
chmod -R go=rX $(d_src)
+ find $(d_src) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_src) ..
endif
@@ -975,7 +984,7 @@
$(install_dir) $(d_cross)/$(PF)/share/doc/$(p_cross)/
$(install_file) debian/changelog $(d_cross)/$(PF)/share/doc/$(p_cross)/changelog.Debian
$(install_file) debian/copyright debian/README.cross $(d_cross)/$(PF)/share/doc/$(p_cross)/
- gzip -9f $(d_cross)/$(PF)/share/doc/$(p_cross)/changelog.Debian
+ gzip -9nf $(d_cross)/$(PF)/share/doc/$(p_cross)/changelog.Debian
for pkg in bfd gas gprof ld; do \
ln -sf ../binutils/$$pkg $(d_cross)/$(PF)/share/doc/$(p_cross)/$$pkg; \
@@ -985,6 +994,8 @@
dpkg-shlibdeps $(d_cross)/$(PF)/bin/*
dpkg-gencontrol -isp -P$(d_cross) -p$(p_cross) \
-VBuilt-Using="$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W binutils-source)"
+ find $(d_cross) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_cross) ..
else
@@ -1111,53 +1122,63 @@
$(install_file) gprof/bbconv.pl $(d_bin)/$(PF)/share/doc/$(p_bin)/gprof/.
: # Compress stuff that needs it
- gzip -9 $(d_bin)/$(PF)/share/man/man1/*.1
- find $(d_bin)/$(PF)/share/doc/$(p_bin)/ -type f ! -name copyright -a ! -name bbconv.pl | xargs gzip -9
+ gzip -9n $(d_bin)/$(PF)/share/man/man1/*.1
+ find $(d_bin)/$(PF)/share/doc/$(p_bin)/ -type f ! -name copyright -a ! -name bbconv.pl | xargs gzip -9n
: # Finish it all up
find $(d_bin) -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps
dpkg-gencontrol -isp -P$(d_bin) -p$(p_bin) $(CONFLICTS) $(gold_provides)
- cd $(d_bin) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs md5sum > DEBIAN/md5sums
+ cd $(d_bin) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs md5sum > DEBIAN/md5sums
rm -f debian/substvars
dpkg-gencontrol -isp -P$(d_dev) -p$(p_dev)
- cd $(d_dev) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs md5sum > DEBIAN/md5sums
+ cd $(d_dev) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs md5sum > DEBIAN/md5sums
ifeq ($(with_multiarch),yes)
rm -f debian/substvars
find $(d_mul) -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps
dpkg-gencontrol -isp -P$(d_mul) -p$(p_mul)
- cd $(d_mul) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs md5sum > DEBIAN/md5sums
+ cd $(d_mul) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs md5sum > DEBIAN/md5sums
rm -f debian/substvars
mkdir -p $(d_mdev)/DEBIAN
dpkg-gencontrol -isp -P$(d_mdev) -p$(p_mdev)
- cd $(d_mdev) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs -r md5sum > DEBIAN/md5sums
+ cd $(d_mdev) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs -r md5sum > DEBIAN/md5sums
endif
ifeq ($(DEB_HOST_ARCH),hppa)
rm -f debian/substvars
find $(d_hppa64) -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps
dpkg-gencontrol -isp -P$(d_hppa64) -p$(p_hppa64)
- cd $(d_hppa64) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs md5sum > DEBIAN/md5sums
+ cd $(d_hppa64) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs md5sum > DEBIAN/md5sums
endif
chown -R root:root $(d_bin) $(d_dev)
chmod -R go=rX $(d_bin) $(d_dev)
+ find $(d_bin) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_bin) ..
+ find $(d_dev) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_dev) ..
ifeq ($(with_multiarch),yes)
chown -R root:root $(d_mul)
chmod -R go=rX $(d_mul)
+ find $(d_mul) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_mul) ..
chown -R root:root $(d_mdev)
chmod -R go=rX $(d_mdev)
+ find $(d_mdev) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_mdev) ..
endif
ifeq ($(DEB_HOST_ARCH),hppa)
chown -R root:root $(d_hppa64)
chmod -R go=rX $(d_hppa64)
+ find $(d_hppa64) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_hppa64) ..
endif
@@ -1225,7 +1246,7 @@
: # Get rid of .la files since libtool obviously has no idea about transient paths
rm -f $(d_cross)/$(PF)/$(DEB_HOST_GNU_TYPE)/$(TARGET)/lib/*.la
- gzip -9 $(d_cross)/$(PF)/share/man/man1/*
+ gzip -9n $(d_cross)/$(PF)/share/man/man1/*
touch $@
configure-host-cross-stamp: configure-cross-stamp
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: binutils
Source-Version: 2.25-6
We believe that the bug you reported is fixed in the latest version of
binutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[email protected]> (supplier of updated binutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 26 Mar 2015 16:40:36 +0100
Source: binutils
Binary: binutils binutils-dev binutils-multiarch binutils-multiarch-dev
binutils-hppa64 binutils-doc binutils-source
Architecture: source all amd64
Version: 2.25-6
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <[email protected]>
Changed-By: Matthias Klose <[email protected]>
Description:
binutils - GNU assembler, linker and binary utilities
binutils-dev - GNU binary utilities (BFD development files)
binutils-doc - Documentation for the GNU assembler, linker and binary utilities
binutils-hppa64 - GNU assembler, linker and binary utilities targeted for
hppa64-li
binutils-multiarch - Binary utilities that support multi-arch targets
binutils-multiarch-dev - GNU binary utilities that support multi-arch targets
(BFD develop
binutils-source - GNU assembler, linker and binary utilities (source)
Closes: 774429
Changes:
binutils (2.25-6) unstable; urgency=medium
.
* Apply patches from the 2.25 branch to address PR binutils/17512,
PR binutils/17531.
* Removal partial backports for PR binutils/17531.
* Configure with --enable-deterministic-archives. Closes: #774429.
Checksums-Sha1:
9257223ec914b831a7cb4f9928c77065430d39e1 2366 binutils_2.25-6.dsc
dc3ade80e57398eb215c03e0b8753e635d33fb74 235996 binutils_2.25-6.diff.gz
8c694382bcb68e90a0c7022a9a27efe670c90d85 502148 binutils-doc_2.25-6_all.deb
8a28f1ee36b1b9ffc211b9c35bf1e57473221f18 17562452
binutils-source_2.25-6_all.deb
4e2af36cdec30363d36581579dfe85546ba7e9ac 3534578 binutils_2.25-6_amd64.deb
36a56c7c178577346b9c3b5f8fd3ab388430406a 1929956 binutils-dev_2.25-6_amd64.deb
aa76bc3ef9649d14424d1dcfe232875196a8c826 1660862
binutils-multiarch_2.25-6_amd64.deb
1e5bc4d9eba1638dfe89b264f43278813b443829 1348
binutils-multiarch-dev_2.25-6_amd64.deb
Checksums-Sha256:
99c7f7f57b815be0ac67fb5fcdc5d0f8d50833186bacdbacd3205c6e1ad70812 2366
binutils_2.25-6.dsc
4f4b48e7d9730738e00f372458f1da1cb34c96db06f1d4016fb3034d347e30c3 235996
binutils_2.25-6.diff.gz
899bd6fccb545944f6d78bf762371de368f2119915b426804079d1c2be948025 502148
binutils-doc_2.25-6_all.deb
0e53370019a3b15b1b95b0fc6c3180cb702f3204e0d8452cea7adb9610bd07a7 17562452
binutils-source_2.25-6_all.deb
41ae2db0ee3dc989be1264bc81f300aca11f84bc1c2c6cbfbd0867890f2acc74 3534578
binutils_2.25-6_amd64.deb
2573c11dffd5274c88561201a5bad7acfcfe9c1b5bd103e4e158b988e4757601 1929956
binutils-dev_2.25-6_amd64.deb
e02936c62a668d052672a561cddfb4f1a6369d9f57c4e029b39f26d4606c7813 1660862
binutils-multiarch_2.25-6_amd64.deb
f66445f2318d73093146076d531035686ad96d2d6492bde3f0b9d6b958ea204b 1348
binutils-multiarch-dev_2.25-6_amd64.deb
Files:
9af74423d4bdab0db5fe53bf56b6a3e9 2366 devel optional binutils_2.25-6.dsc
28a2f6402b2a08c304f10c61dd935953 235996 devel optional binutils_2.25-6.diff.gz
0fd434ff0ad788c3ec58644f50bd0379 502148 doc optional
binutils-doc_2.25-6_all.deb
9c2a585c83c009439fdf2370698384bf 17562452 devel optional
binutils-source_2.25-6_all.deb
149255311403b91a0ace76502828b856 3534578 devel optional
binutils_2.25-6_amd64.deb
29dbeeac4523189a1434388fc9069045 1929956 devel extra
binutils-dev_2.25-6_amd64.deb
3e84d7a748e1737be4ec51a3d4b07817 1660862 devel extra
binutils-multiarch_2.25-6_amd64.deb
2cd7b0b30825dfe6f881a4e9372bdf97 1348 devel extra
binutils-multiarch-dev_2.25-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVFDBfAAoJEL1+qmB3j6b1nQUP/16bZcREIv8G8PZi+HA01gVM
ScCIlRg0vmD4tzKeWmCFQKWkDO8Ne+VWOmCFnQDnElG8mmuD5Zor8podaNsbTGED
5i0RpTQHkO5VkbkEfnxaFBsqFo91KjCDvSSqMFKh9rh+X8YUp4zOOaVZE2Z79+7S
TV2EuaCAnlPLs2HieeavMA+HEV3TxUPDkU1ux7eiQ2PL8BRON3kAxd46kEv80OEV
1iwF4lgI3iTmlYhcFaeIyCS3Pe7iziONqTJLa0D/e3F4R8eHv9AsnzZnF4W7YWZt
CgZB9cae0fjByROlL7TC3AXw58sCaqXSHwwyH5BiYPPC43KuRWMueqbs5xkcrbVC
ueTrXw397Ho8CjdXrzffVxL5qP7ECkHjjv05sRqiV/ItHDpijYazLsA5CfazESQ6
tLYuawVBlueIGYrQ8/SO0GzUZ6mMDh5kyvEzy/os2hTfHDiWIfYfALZvd+5b4Iz+
uYAMUHEpt7oS3lBqBIYPqdcn9xXLv7XZRhJxEBRdqvbo3Rzb/siy8pt376qlngi1
iz/cdgv7qmZwB1fVMZ5Fgni9WI5jCmI0v/SYMggf/xyA6y2KOkrZz1pbSRdLsa5R
elBN0foEoqUmIUTXD5l+qKLsjZl9O473gLMteuLVptsRajSF4Bgi0bMBsxl9W0Z+
aDXPPUDf365iRbETB8es
=avD+
-----END PGP SIGNATURE-----
--- End Message ---
