Your message dated Sun, 26 Apr 2015 13:36:51 +0000
with message-id <[email protected]>
and subject line Bug#774429: fixed in binutils 2.25-7
has caused the Debian Bug report #774429,
regarding binutils: please make binutils build reproducibly
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
774429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774429
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: binutils
Version: 2.25-3
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: timestamps fileordering
Hi!
While working on the “reproducible builds” effort [1], we have noticed
that binutils could not be built reproducibly.
The attached patch contains multiple fixes to debian/rules to fix this
with our current experimental framework.
Ideally, using strip-nondeterminism should not be required, but I did
not find an easy way to pass the `D` flag to `ar`.
[1]: https://wiki.debian.org/ReproducibleBuilds
--
Lunar .''`.
[email protected] : :Ⓐ : # apt-get install anarchism
`. `'`
`-
diff -u binutils-2.25/debian/changelog binutils-2.25/debian/changelog
--- binutils-2.25/debian/changelog
+++ binutils-2.25/debian/changelog
@@ -1,3 +1,15 @@
+binutils (2.25-3.0~reproducible1) UNRELEASED; urgency=low
+
+ * Make the package build reproducibly:
+ - Fix mtimes before building binary packages.
+ - Stop recording the current time when creating gzip files.
+ - Sort file list in md5sums.
+ - Fix mtimes before building source tarball.
+ - Sort file list in binutils source tarball.
+ - Call strip-nondeterminism on static libraries.
+
+ -- Jérémy Bobbio <[email protected]> Fri, 02 Jan 2015 16:33:56 +0100
+
binutils (2.25-3) unstable; urgency=medium
* Don't build as a release candidate, fixing the upper shlibs dependency.
diff -u binutils-2.25/debian/control binutils-2.25/debian/control
--- binutils-2.25/debian/control
+++ binutils-2.25/debian/control
@@ -6,7 +6,8 @@
Standards-Version: 3.9.6
Build-Depends: autoconf (>= 2.64), dpkg-dev (>= 1.17.11),
bison, flex, gettext, texinfo, dejagnu, quilt,
- python3:any, file, xz-utils, lsb-release, zlib1g-dev
+ python3:any, file, xz-utils, lsb-release, zlib1g-dev,
+ strip-nondeterminism
Vcs-Browser: https://code.launchpad.net/~doko/binutils/pkg-2.25-debian
Vcs-Bzr: http://bazaar.launchpad.net/~doko/binutils/pkg-2.25-debian
XS-Testsuite: autopkgtest
diff -u binutils-2.25/debian/rules binutils-2.25/debian/rules
--- binutils-2.25/debian/rules
+++ binutils-2.25/debian/rules
@@ -146,6 +146,7 @@
ifneq (,$(DATE))
# DATE_EXT := .$(DATE)
endif
+BUILD_DATE := $(shell dpkg-parsechangelog | sed -n -e 's/^Date: //p')
is_rc = yes
is_rc =
@@ -745,6 +746,8 @@
$(call strip_package, $(p_mul), $(d_mul))
endif
+ find $(d_dev) -name '*.a' -print0 | xargs -0r strip-nondeterminism --type ar
+
: # Don't want /usr/<arch>-linux to exist in any package
rm -rf $(d_bin)/$(PF)/$(DEB_HOST_GNU_TYPE)
@@ -915,24 +918,28 @@
for i in bfd gas gprof ld; do \
ln -sf ../$(p_bin)/$$i $(d_doc)/$(PF)/share/doc/$(p_doc)/$$i; \
done
- find $(d_doc)/$(PF)/share/doc/$(p_doc) -maxdepth 1 -type f ! -name copyright | xargs gzip -9
- gzip -9 $(d_doc)/$(PF)/share/info/*
+ find $(d_doc)/$(PF)/share/doc/$(p_doc) -maxdepth 1 -type f ! -name copyright | xargs gzip -9n
+ gzip -9n $(d_doc)/$(PF)/share/info/*
dpkg-gencontrol -isp -P$(d_doc) -p$(p_doc)
chown -R root:root $(d_doc)
chmod -R go=rX $(d_doc)
+ find $(d_doc) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_doc) ..
$(install_dir) $(d_src)/$(PF)/share/doc/$(p_src)/
$(install_file) debian/changelog $(d_src)/$(PF)/share/doc/$(p_src)/changelog.Debian
$(install_file) debian/copyright $(d_src)/$(PF)/share/doc/$(p_src)/
- find $(d_src)/$(PF)/share/doc/$(p_src) -maxdepth 1 -type f ! -name copyright | xargs gzip -9
+ find $(d_src)/$(PF)/share/doc/$(p_src) -maxdepth 1 -type f ! -name copyright | xargs gzip -9n
endif # ifndef BACKPORT
$(install_dir) $(d_src)/DEBIAN
$(install_dir) $(d_src)/$(PF)/src/binutils/patches
$(install_file) debian/patches/* $(d_src)/$(PF)/src/binutils/patches/
- tar -c --xz -C .. --exclude=CVS \
+ cd .. && find $(sources_files) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)' && \
+ find $(source_files) -type f -print0 | LC_ALL=C sort -z | tar --null -T - -c --xz --exclude=CVS \
-f $(pwd)/$(d_src)/$(PF)/src/binutils/binutils-$(VERSION).tar.xz \
$(source_files)
@@ -950,6 +957,8 @@
dpkg-gencontrol -isp -P$(d_src) -p$(p_src)
chown -R root:root $(d_src)
chmod -R go=rX $(d_src)
+ find $(d_src) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_src) ..
endif
@@ -975,7 +984,7 @@
$(install_dir) $(d_cross)/$(PF)/share/doc/$(p_cross)/
$(install_file) debian/changelog $(d_cross)/$(PF)/share/doc/$(p_cross)/changelog.Debian
$(install_file) debian/copyright debian/README.cross $(d_cross)/$(PF)/share/doc/$(p_cross)/
- gzip -9f $(d_cross)/$(PF)/share/doc/$(p_cross)/changelog.Debian
+ gzip -9nf $(d_cross)/$(PF)/share/doc/$(p_cross)/changelog.Debian
for pkg in bfd gas gprof ld; do \
ln -sf ../binutils/$$pkg $(d_cross)/$(PF)/share/doc/$(p_cross)/$$pkg; \
@@ -985,6 +994,8 @@
dpkg-shlibdeps $(d_cross)/$(PF)/bin/*
dpkg-gencontrol -isp -P$(d_cross) -p$(p_cross) \
-VBuilt-Using="$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W binutils-source)"
+ find $(d_cross) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_cross) ..
else
@@ -1111,53 +1122,63 @@
$(install_file) gprof/bbconv.pl $(d_bin)/$(PF)/share/doc/$(p_bin)/gprof/.
: # Compress stuff that needs it
- gzip -9 $(d_bin)/$(PF)/share/man/man1/*.1
- find $(d_bin)/$(PF)/share/doc/$(p_bin)/ -type f ! -name copyright -a ! -name bbconv.pl | xargs gzip -9
+ gzip -9n $(d_bin)/$(PF)/share/man/man1/*.1
+ find $(d_bin)/$(PF)/share/doc/$(p_bin)/ -type f ! -name copyright -a ! -name bbconv.pl | xargs gzip -9n
: # Finish it all up
find $(d_bin) -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps
dpkg-gencontrol -isp -P$(d_bin) -p$(p_bin) $(CONFLICTS) $(gold_provides)
- cd $(d_bin) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs md5sum > DEBIAN/md5sums
+ cd $(d_bin) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs md5sum > DEBIAN/md5sums
rm -f debian/substvars
dpkg-gencontrol -isp -P$(d_dev) -p$(p_dev)
- cd $(d_dev) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs md5sum > DEBIAN/md5sums
+ cd $(d_dev) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs md5sum > DEBIAN/md5sums
ifeq ($(with_multiarch),yes)
rm -f debian/substvars
find $(d_mul) -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps
dpkg-gencontrol -isp -P$(d_mul) -p$(p_mul)
- cd $(d_mul) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs md5sum > DEBIAN/md5sums
+ cd $(d_mul) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs md5sum > DEBIAN/md5sums
rm -f debian/substvars
mkdir -p $(d_mdev)/DEBIAN
dpkg-gencontrol -isp -P$(d_mdev) -p$(p_mdev)
- cd $(d_mdev) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs -r md5sum > DEBIAN/md5sums
+ cd $(d_mdev) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs -r md5sum > DEBIAN/md5sums
endif
ifeq ($(DEB_HOST_ARCH),hppa)
rm -f debian/substvars
find $(d_hppa64) -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps
dpkg-gencontrol -isp -P$(d_hppa64) -p$(p_hppa64)
- cd $(d_hppa64) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | xargs md5sum > DEBIAN/md5sums
+ cd $(d_hppa64) && find -type f ! -regex './DEBIAN/.*' -printf '%P\n' | LC_ALL=C sort | xargs md5sum > DEBIAN/md5sums
endif
chown -R root:root $(d_bin) $(d_dev)
chmod -R go=rX $(d_bin) $(d_dev)
+ find $(d_bin) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_bin) ..
+ find $(d_dev) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_dev) ..
ifeq ($(with_multiarch),yes)
chown -R root:root $(d_mul)
chmod -R go=rX $(d_mul)
+ find $(d_mul) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_mul) ..
chown -R root:root $(d_mdev)
chmod -R go=rX $(d_mdev)
+ find $(d_mdev) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_mdev) ..
endif
ifeq ($(DEB_HOST_ARCH),hppa)
chown -R root:root $(d_hppa64)
chmod -R go=rX $(d_hppa64)
+ find $(d_hppa64) -depth -newermt '$(BUILD_DATE)' -print0 | \
+ xargs -0r touch --no-dereference --date='$(BUILD_DATE)'
dpkg --build $(d_hppa64) ..
endif
@@ -1225,7 +1246,7 @@
: # Get rid of .la files since libtool obviously has no idea about transient paths
rm -f $(d_cross)/$(PF)/$(DEB_HOST_GNU_TYPE)/$(TARGET)/lib/*.la
- gzip -9 $(d_cross)/$(PF)/share/man/man1/*
+ gzip -9n $(d_cross)/$(PF)/share/man/man1/*
touch $@
configure-host-cross-stamp: configure-cross-stamp
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: binutils
Source-Version: 2.25-7
We believe that the bug you reported is fixed in the latest version of
binutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[email protected]> (supplier of updated binutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 24 Apr 2015 13:18:01 +0200
Source: binutils
Binary: binutils binutils-dev binutils-multiarch binutils-multiarch-dev
binutils-hppa64 binutils-doc binutils-source
Architecture: source all amd64
Version: 2.25-7
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <[email protected]>
Changed-By: Matthias Klose <[email protected]>
Description:
binutils - GNU assembler, linker and binary utilities
binutils-dev - GNU binary utilities (BFD development files)
binutils-doc - Documentation for the GNU assembler, linker and binary utilities
binutils-hppa64 - GNU assembler, linker and binary utilities targeted for
hppa64-li
binutils-multiarch - Binary utilities that support multi-arch targets
binutils-multiarch-dev - GNU binary utilities that support multi-arch targets
(BFD develop
binutils-source - GNU assembler, linker and binary utilities (source)
Closes: 774429
Changes:
binutils (2.25-7) unstable; urgency=medium
.
* Snapshot, taken from the 2.25 branch 20150411.
* More adjustments for reproducible builds. Closes: #774429.
Checksums-Sha1:
65166d0ffa1a722ad013aceb28c916d0c56cb293 2366 binutils_2.25-7.dsc
397e543b352e885347ff8841d45457abfcf90d63 302613 binutils_2.25-7.diff.gz
d130e64d65299752992e59727f7401ae469e75d1 502212 binutils-doc_2.25-7_all.deb
7d4a3beeb89bdeabb6886a72a7e2e2fb68e31a62 17617944
binutils-source_2.25-7_all.deb
e65fa55ea3d86c94b05de9a79a4561a06a589301 3541304 binutils_2.25-7_amd64.deb
a3bcae4c1f5bc18651130cf39b78c3a39f602911 1934730 binutils-dev_2.25-7_amd64.deb
fa64708741e02663c85376b160c1399433118baa 1660920
binutils-multiarch_2.25-7_amd64.deb
a5414f31c2f18ed6ca2efd15ac58bac797bd46fb 1344
binutils-multiarch-dev_2.25-7_amd64.deb
Checksums-Sha256:
54fe941222bb9434938b79737f74f3d157bb36821a24e3869c3b55cf40783394 2366
binutils_2.25-7.dsc
d829d786c401b2e31c3e1536ec49663510b586ff47e2a81374ab02731feb1127 302613
binutils_2.25-7.diff.gz
762395ea2c9a249d6d5485c73d31f5116ccd8f27e5258e4c2663a616d30a6016 502212
binutils-doc_2.25-7_all.deb
2300a88637a87895adc62c33bc93526ba13fd103afcc9d6fcec89bedd023bede 17617944
binutils-source_2.25-7_all.deb
851b13112b33665be75617c43b15797b95a62ea45dfadc778491cf16e1170250 3541304
binutils_2.25-7_amd64.deb
b6df07ba7f255029496a4d8fc82074eaf5984c3fb13e2d248149c17ec81a24b2 1934730
binutils-dev_2.25-7_amd64.deb
23d22b814866f18b8de91edf765468002dfc0a0f141a999d5eb8c858951051d0 1660920
binutils-multiarch_2.25-7_amd64.deb
dd224f6f4b2d1c243b6efba3db0db7aadd5952a4814edd7e5dd1f677be6b61d5 1344
binutils-multiarch-dev_2.25-7_amd64.deb
Files:
b54e6627ebff5a9490569d176fc1c3a0 2366 devel optional binutils_2.25-7.dsc
d758ddca729181c110c9c67d261b49a3 302613 devel optional binutils_2.25-7.diff.gz
4a305ae713cf5a2f8b445bfe09dac858 502212 doc optional
binutils-doc_2.25-7_all.deb
1bf9ea05f53fb5ddb4479b0ec413644e 17617944 devel optional
binutils-source_2.25-7_all.deb
8b826d417bace7b0d1cedb40e58dadf5 3541304 devel optional
binutils_2.25-7_amd64.deb
420539fa54ee2ce83850d4ffcc6e1f5d 1934730 devel extra
binutils-dev_2.25-7_amd64.deb
61e577d89fa865d9c2e4c8453f5097d3 1660920 devel extra
binutils-multiarch_2.25-7_amd64.deb
7640fd1868e87f6e94c4ea6562d4c385 1344 devel extra
binutils-multiarch-dev_2.25-7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVOkLgAAoJEL1+qmB3j6b175IP/39jP4ALp8zP20ccciFjlZEU
ZKTj50Upxyyn/0ISrt3oIm0UexwoTnzUWxwOfwZqgOlTXtZxg3Iiwx6U7+mZvNOE
jGkn4iEAIamusNe40GX0Cxi8pEBg2hcRjLg5g3jIHBPpM58LvbTS96crL+by8uL5
6NKSiPtqnzQOpkMlcqXmJIg6g2lsVerR2em8kFIrjatd6iub9q4xy5FKjZnU5ipL
cVTzaIaFw8FpisddpCXPnog2S3rbj/guW+oVD5hM85E2+YLQQ9Xv9Rlg053kYwrR
dLhPraZIrB50qwq8lgjeHiCrbaW0V3fLPa0E71X4MG+beIBH0DnayHsnMMqLPIfs
EpbClEqKIgSHanr8VxNMEoH7bD7c0CYPrKoXD4dSgXZPu5a4PDy95nePAaWHL7E/
KbONTbc9fwuTUf1Sf3nnU2jlZBiR1aiAuWn3roNkS0dFz6yJMq+KU120lSEWuFv2
MfblJt3X5QYGCJjFudNfG0kS9giQJ0boExKT9ZczpRQXtoVT1EsnD1ImuwOiQjQv
kuo0uXRYM/iLnat34pgUZfgL7tPonvREN+Z63Qnus2EEA8SXpTGG/3K28cWRXrMN
dCwquhgQKiMpPAUYu8D4BiVb2Fn8Jz+aMVTUBFZtD9MGq6avXAPCIpzBQvK04u7/
QIVbNulbN0zrLD+Z2Q0Z
=F5uR
-----END PGP SIGNATURE-----
--- End Message ---
