Your message dated Tue, 26 May 2020 00:33:42 +0000
with message-id <[email protected]>
and subject line Bug#824951: fixed in libtomcrypt 1.18.2-4
has caused the Debian Bug report #824951,
regarding libtomcrypt: please make the build reproducible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
824951: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824951
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtomcrypt
Version: 1.17-7
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: timestamps
X-Debbugs-Cc: [email protected]
Hi!
While working on the "reproducible builds" effort [1], we have noticed
that libtomcrypt could not be built reproducibly.
Because of #734109, a patch has been added to fix the reproducibility
of crypt.pdf. It enforces timestamps based on the modification date of
crypt.tex. But because of a newer patch from 2015 (fix-latex-here.patch),
the modification time is changed on each build process, so the pdf file
became unreproducible.
There are now two possible solutions:
- drop the original patch (deterministic-latex.patch), as texlive
supports SOURCE_DATE_EPOCH since last week, so the pdf would be
reproducible without the patch.
Though I saw that the patch has already been applied upstream,
so alternatively:
- amend the patch to favor SOURCE_DATE_EPOCH over stat, if it is set.
This is done by the attached patch.
Regards,
Reiner
[1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/patches/deterministic-latex.patch b/debian/patches/deterministic-latex.patch
index f9cbb05..b9d426c 100644
--- a/debian/patches/deterministic-latex.patch
+++ b/debian/patches/deterministic-latex.patch
@@ -16,7 +16,7 @@ Index: libtomcrypt/makefile
rm -f doc/crypt.pdf $(LEFTOVERS)
+ cp crypt.tex crypt.bak
+ touch --reference=crypt.tex crypt.bak
-+ (echo "\\def\\fixedpdfdate{"; date +'D:%Y%m%d%H%M%S%:z' -d @$$(stat --format=%Y crypt.tex) | sed "s/:\([0-9][0-9]\)$$/'\1'}/g") > crypt-deterministic.tex
++ (echo "\\def\\fixedpdfdate{"; date +'D:%Y%m%d%H%M%S%:z' -d @$${SOURCE_DATE_EPOCH:-$$(stat --format=%Y crypt.tex)} | sed "s/:\([0-9][0-9]\)$$/'\1'}/g") > crypt-deterministic.tex
+ echo "\\pdfinfo{" >> crypt-deterministic.tex
+ echo "/CreationDate (\fixedpdfdate)" >> crypt-deterministic.tex
+ echo "/ModDate (\fixedpdfdate) }" >> crypt-deterministic.tex
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: libtomcrypt
Source-Version: 1.18.2-4
Done: Nicolas Mora <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libtomcrypt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicolas Mora <[email protected]> (supplier of updated libtomcrypt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 21 May 2020 21:10:07 -0400
Source: libtomcrypt
Architecture: source
Version: 1.18.2-4
Distribution: unstable
Urgency: medium
Maintainer: Nicolas Mora <[email protected]>
Changed-By: Nicolas Mora <[email protected]>
Closes: 824951
Changes:
libtomcrypt (1.18.2-4) unstable; urgency=medium
.
* Make build reproductible (Closes: #824951)
Checksums-Sha1:
68aac779f2b2cdda52629997c61a11729e2f9e9c 2170 libtomcrypt_1.18.2-4.dsc
00dd930ff55dd0430acbec2427fd5d6c7ea9860a 19432
libtomcrypt_1.18.2-4.debian.tar.xz
652b25a9cf051defb9245888488dc2212584c26e 9083
libtomcrypt_1.18.2-4_amd64.buildinfo
Checksums-Sha256:
26abb5b73ab4bae5f6b668f1a861b2eaba642f4701301677d2a40c40f9361ad8 2170
libtomcrypt_1.18.2-4.dsc
6724efd3834c17715d62d171258b0570aa1885a71ceae3ebc79640dd7b00f463 19432
libtomcrypt_1.18.2-4.debian.tar.xz
2dc0749e571eaa386b9f07b623bdce14a35b23c3346f0936099fe1984afbaaaa 9083
libtomcrypt_1.18.2-4_amd64.buildinfo
Files:
d8c7bf1884d288c130ee390e0cc799aa 2170 libs optional libtomcrypt_1.18.2-4.dsc
a73e2bbe18dd90ee7ade87d55c1323d8 19432 libs optional
libtomcrypt_1.18.2-4.debian.tar.xz
67df8e02de80816ffdf954a700d69d11 9083 libs optional
libtomcrypt_1.18.2-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEhAWwL8wo75dEyPJT/oITlEC9IrkFAl7MX9cACgkQ/oITlEC9
Irk3WA/+N76+XBaT3X9x1jJxVj+MihPfoEzg9tuIi2mHeZzaTkkBjPouKJ2zzw8C
Gw2G+4x0mMDSTXGhUSR2gzAWAJSj1o+CyVHIlPLdMWPsaLdguj9ShrkWuF34XaP2
mtCDIEPplOyIEY7RnuEPYO16FOves4KZEqE4WP6I83H0j7Xh06LCCpMbu0I5MCvU
kD+QBw6B/SV3mfCuNUnjPFfRAQ27T6TWkU6VXlYdjIN3l6N+PMzi9whz8DuiYryO
F0worIqGPAORU1vCCGnvPHfrWDVylSY979poylBvTlZRA3vQIpXXgC4ASphpQnnB
m9nvYnlz/FqnzbJvrHcA4idMMvZ0NrwOh1dK3a4nM8OTGhNMTnn2Us7NyIqP2TIV
IJIOBswNoiho8fB4cI9+5/juqxOt1PHfwYIigfmDe3ULgdrB3GRZIhjgeGG3h5hB
OBVlOC0z2F1rysmxgeB6zRxGyTomBaM09BBHEgEvOqNlWodDuJVpTg4/xSeL31z0
LLlGf5Kaefaat2jd3sQX64q6ASkQ9FcDvRiCbLEkbtwjq/8DjEG4HyiAuHyWjmRi
AQH9ZPpZ4KZBOSkHhNxFXLaEqW8W0k7/71ZIG4XIRxAYh2kIAUj7vGVy/Z0MAzx3
fwsLyvvwOuzN3McFy+gKLDgFUGSeEJfemzHkv4TnoHi8IrPGxe4=
=fh9E
-----END PGP SIGNATURE-----
--- End Message ---
