Your message dated Wed, 31 Jul 2024 09:03:57 +0000
with message-id <[email protected]>
and subject line Bug#1064892: fixed in klepto 0.2.5-2
has caused the Debian Bug report #1064892,
regarding klepto: please make the build reproducible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1064892: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064892
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: klepto
Version: 0.2.5-1
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: randomness
X-Debbugs-Cc: [email protected]
Hi,
Whilst working on the Reproducible Builds effort [0], we noticed that
klepto could not be built reproducibly.
This is because one of its functions docstrings was generated
programatically in a nondeterminstic manner:
│ │ │ │ │ cryptographic hashing
│ │ │ │ │ - algorithm: one of (None, ‘shake_256’, ‘md5’, ‘md5-sha1’,
‘sha512’,
│ │ │ │ │ - ‘sha1’, ‘sha256’, ‘blake2b’, ‘sha3_224’, ‘sm3’, ‘sha384’,
‘sha3_256’,
│ │ │ │ │ - ‘sha224’, ‘sha3_512’, ‘sha3_384’, ‘sha512_224’, ‘blake2s’,
‘shake_128’,
│ │ │ │ │ - ‘sha512_256’, ‘ripemd160’) The default is algorithm=None,
which uses
│ │ │ │ │ - python’s ‘hash’.
│ │ │ │ │ + algorithm: one of (None, ‘sm3’, ‘sha512_256’, ‘blake2b’,
‘shake_256’,
│ │ │ │ │ + ‘sha512’, ‘sha3_224’, ‘blake2s’, ‘sha384’, ‘sha1’,
‘shake_128’, ‘sha256’,
│ │ │ │ │ + ‘sha3_256’, ‘sha3_512’, ‘md5-sha1’, ‘sha224’, ‘sha512_224’,
‘sha3_384’,
│ │ │ │ │ + ‘md5’, ‘ripemd160’) The default is algorithm=None, which uses
python’s
│ │ │ │ │ + ‘hash’.kkkkkkkkkhhhk
Patch attached.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`---- a/debian/patches/reproducible-build.patch 1970-01-01 01:00:00.000000000
+0100
--- b/debian/patches/reproducible-build.patch 2024-02-27 10:46:36.696040794
+0000
@@ -0,0 +1,15 @@
+Description: Make the build reproducible
+Author: Chris Lamb <[email protected]>
+Last-Update: 2024-02-27
+
+--- klepto-0.2.5.orig/klepto/crypto.py
++++ klepto-0.2.5/klepto/crypto.py
+@@ -19,7 +19,7 @@ def algorithms():
+ algs = tuple(hashlib.algorithms_available)
+ except:
+ algs = ('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512')
+- return (None,) + algs
++ return (None,) + tuple(sorted(algs))
+
+ def hash(object, algorithm=None):
+ if algorithm is None:
--- a/debian/patches/series 2024-02-27 10:39:57.359562009 +0000
--- b/debian/patches/series 2024-02-27 10:46:35.712044814 +0000
@@ -1,2 +1,3 @@
privacy-protection.patch
skip-mysql-test.patch
+reproducible-build.patch
--- End Message ---
--- Begin Message ---
Source: klepto
Source-Version: 0.2.5-2
Done: Mattia Rizzolo <[email protected]>
We believe that the bug you reported is fixed in the latest version of
klepto, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mattia Rizzolo <[email protected]> (supplier of updated klepto package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 31 Jul 2024 17:38:13 +0900
Source: klepto
Architecture: source
Version: 0.2.5-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Mattia Rizzolo <[email protected]>
Closes: 1064892
Changes:
klepto (0.2.5-2) unstable; urgency=medium
.
* Team upload.
* Bump Standards-Version to 4.7.0, no changes needed.
* Mark python-klepto-doc as M-A:foreign.
* Add patch from Chris Lamb to make the build reproducible. Closes: #1064892
Checksums-Sha1:
32addfa9cba2049a2296d3918e4753aa6f1cea47 3105 klepto_0.2.5-2.dsc
cb07373e537eabe5da4b755381c9b28c2aacc006 4304 klepto_0.2.5-2.debian.tar.xz
048b92b98fe0696224bc43d43aa3877186cedb90 9250 klepto_0.2.5-2_amd64.buildinfo
Checksums-Sha256:
355b0c56f67ebfb42aebb4cbfac82222ff03868aeaec5f1291efca94eea078fb 3105
klepto_0.2.5-2.dsc
5aabd56fdd3d6ba2e6c98316866c7ba4a8b9feb8bbc2193b9db4278f39a647e9 4304
klepto_0.2.5-2.debian.tar.xz
5bde4e2043abbe97b3c927095c30b364bde1741df629f3d7749be1de3947ad55 9250
klepto_0.2.5-2_amd64.buildinfo
Files:
dcb85b02cc8a04e0573f34fb3abe6cfb 3105 python optional klepto_0.2.5-2.dsc
668efddc948f360552f21f6c5ba7f33f 4304 python optional
klepto_0.2.5-2.debian.tar.xz
3f0505607ce08ca58cb73a1761992adf 9250 python optional
klepto_0.2.5-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmap+IsACgkQCBa54Yx2
K60BVA//dbNqJ1uBRu/PvabSnnAwYKyyRExSUG41xVyJDlo0brXMTYZ+xhuL4OJE
xTxz3PbMLsOmjB/Jm4AuNrFrSWf/nNyCUVL4ExDH2SlPzt1F1tPktiT0xk1e4B5u
sP+N+zDQ6Wm1VNwi3ciqKluFq5E4EZMMwLsvBBG1Fwpf489i7PdZHN/YIs457ATB
T/HHfPVNVJFkokq74/U+HUoVwco/qMnnohmjrxqidqkbAb6fHU+JDqntDqnfzw1E
Em8Yv/mSPj1b/+hGIN3yiMm7Zpu2FYZaakkHZwDT5tLUu/pD6i3r7MF1DdiAkU0B
XZmV9FlzJze/LWcRtX4zrVyaVSZY4t8PIbRyiB3n6cQnwlpQENHnLtWTHFBpwtcj
SzpLlogud0+th6nerL6U7toZ1GANNnZnoEDuFR1ljmEJIaErLaN7H2SiF/y59Orz
SUgSl1cK26mcwp+9fgcm+27Azxg4jFclU4VD1///npERpMQ/In8O5FHRQ68qBBJs
EqJLTLgYKm19nSHh/ulIkDCXAt+u6PUBCb5knvah3wPfuGKEcMjOHKPo42Ywur7S
YGQ2nrTxWlE+bFBqZ9RyCUkV3PckbkB5N79TJzFLD9JJrYLyQ+lKvMA8RcbQ1JA4
0cYJYeun9K4zBMPoW366lYS5qnIiaUiF2SKDVTKSDxvvSZtpJjU=
=VU36
-----END PGP SIGNATURE-----
pgp0R5WzhZbU9.pgp
Description: PGP signature
--- End Message ---
