Package: lintian Version: 2.5.21 Severity: wishlist Dear Maintainer,
There is an ongoing project to build reproducible deps (see https://wiki.debian.org/ReproducibleBuilds). One of tasks is to update lintian to emit a tag on gzips that contain timestamps. I've written a simple checker that does exactly that and emits "package-contains-timestamped-gzip". The patch is attached. Please note that I'm no perl programmer and it is my first prospective lintian contribution. Cheers, Tomasz -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lintian depends on: ii binutils 2.24-3 ii bzip2 1.0.6-5 ii diffstat 1.58-1 ii file 1:5.14-2 ii gettext 0.18.3.2-1 ii hardening-includes 2.5 ii intltool-debian 0.35.0+20060710.1 ii libapt-pkg-perl 0.1.29+b1 ii libarchive-zip-perl 1.30-7 ii libclass-accessor-perl 0.34-1 ii libclone-perl 0.36-1 ii libdpkg-perl 1.17.6 ii libemail-valid-perl 1.192-1 ii libfile-basedir-perl 0.03-1 ii libipc-run-perl 0.92-1 ii liblist-moreutils-perl 0.33-1+b2 ii libparse-debianchangelog-perl 1.2.0-1 ii libtext-levenshtein-perl 0.06~01-2 ii libtimedate-perl 2.3000-1 ii liburi-perl 1.60-1 ii man-db 2.6.6-1 ii patchutils 0.3.2-3 ii perl [libdigest-sha-perl] 5.18.2-2 ii t1utils 1.37-2 Versions of packages lintian recommends: pn libperlio-gzip-perl <none> ii perl-modules [libautodie-perl] 5.18.2-2 Versions of packages lintian suggests: pn binutils-multiarch <none> ii dpkg-dev 1.17.6 ii libhtml-parser-perl 3.71-1+b1 ii libtext-template-perl 1.46-1 ii libyaml-perl 0.84-1 ii xz-utils 5.1.1alpha+20120614-2 -- no debconf information
>From f389948be4631df98cbf1a140857a541b76ffe77 Mon Sep 17 00:00:00 2001 From: Tomasz Buchert <tomasz.buch...@inria.fr> Date: Mon, 10 Feb 2014 23:53:37 +0100 Subject: [PATCH] added reproducibility checker --- checks/reproducibility.desc | 13 ++++++ checks/reproducibility.pm | 51 +++++++++++++++++++++ t/tests/reproducibility/debian/debian/control.in | 17 +++++++ .../debian/debian/unreproducible-pkg.install | 1 + t/tests/reproducibility/debian/file | 1 + .../reproducibility/debian/file-with-timestamp.gz | Bin 0 -> 39 bytes .../debian/file-without-timestamp.gz | Bin 0 -> 34 bytes t/tests/reproducibility/debian/prepare | 4 ++ t/tests/reproducibility/desc | 6 +++ t/tests/reproducibility/tags | 1 + 10 files changed, 94 insertions(+) create mode 100644 checks/reproducibility.desc create mode 100644 checks/reproducibility.pm create mode 100644 t/tests/reproducibility/debian/debian/control.in create mode 100644 t/tests/reproducibility/debian/debian/unreproducible-pkg.install create mode 100644 t/tests/reproducibility/debian/file create mode 100644 t/tests/reproducibility/debian/file-with-timestamp.gz create mode 100644 t/tests/reproducibility/debian/file-without-timestamp.gz create mode 100755 t/tests/reproducibility/debian/prepare create mode 100644 t/tests/reproducibility/desc create mode 100644 t/tests/reproducibility/tags diff --git a/checks/reproducibility.desc b/checks/reproducibility.desc new file mode 100644 index 0000000..26f390a --- /dev/null +++ b/checks/reproducibility.desc @@ -0,0 +1,13 @@ +Check-Script: reproducibility +Author: Tomasz Buchert <tomasz.buch...@inria.fr> +Abbrev: repro +Type: binary, udeb +Needs-Info: index +Info: This script checks packages for unreproducible elements. + +Tag: package-contains-timestamped-gzip +Severity: normal +Certainty: certain +Info: The package contains a gzip'ed file that + has timestamps. Such files make the produced + packages unreproducible. diff --git a/checks/reproducibility.pm b/checks/reproducibility.pm new file mode 100644 index 0000000..59c13d9 --- /dev/null +++ b/checks/reproducibility.pm @@ -0,0 +1,51 @@ +# reproducibility -- lintian check script -*- perl -*- +# +# Copyright (C) 2014 Tomasz Buchert +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, you can find it on the World Wide +# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. + +package Lintian::reproducibility; +use strict; +use warnings; +use autodie; + +use Lintian::Tags qw(tag); + +sub run { + my ($pkg, undef, $info, $proc, $group) = @_; + + foreach my $file ($info->sorted_index) { + next unless ($file->is_file); + my $finfo = $info->file_info($file); + + if ($finfo =~ /^gzip compressed data/) { + if ($finfo =~ /last modified/) { + tag 'package-contains-timestamped-gzip', $file; + } + } + } + + return; +} + +1; + +# Local Variables: +# indent-tabs-mode: nil +# cperl-indent-level: 4 +# End: +# vim: syntax=perl sw=4 sts=4 sr et diff --git a/t/tests/reproducibility/debian/debian/control.in b/t/tests/reproducibility/debian/debian/control.in new file mode 100644 index 0000000..a7e8050 --- /dev/null +++ b/t/tests/reproducibility/debian/debian/control.in @@ -0,0 +1,17 @@ +Source: {$source} +Priority: extra +Section: devel +Maintainer: {$author} +Standards-Version: {$standards_version} +Build-Depends: debhelper (>= 9) + +Package: unreproducible-pkg +Architecture: all +Depends: $\{misc:Depends\} +Description: {$description} - gzip files + This is a test package designed to exercise some feature or tag of + Lintian. It is part of the Lintian test suite and may do very odd + things. It should not be installed like a regular package. It may + be an empty package. + . + Contains a few GZIP files. diff --git a/t/tests/reproducibility/debian/debian/unreproducible-pkg.install b/t/tests/reproducibility/debian/debian/unreproducible-pkg.install new file mode 100644 index 0000000..15b72c1 --- /dev/null +++ b/t/tests/reproducibility/debian/debian/unreproducible-pkg.install @@ -0,0 +1 @@ +*.gz usr/share/pkg-with-gzips/ diff --git a/t/tests/reproducibility/debian/file b/t/tests/reproducibility/debian/file new file mode 100644 index 0000000..96bc543 --- /dev/null +++ b/t/tests/reproducibility/debian/file @@ -0,0 +1 @@ +This is a text. diff --git a/t/tests/reproducibility/debian/file-with-timestamp.gz b/t/tests/reproducibility/debian/file-with-timestamp.gz new file mode 100644 index 0000000000000000000000000000000000000000..3d4e78818ffafb9ad11f313d0c7a7abbfde1d697 GIT binary patch literal 39 vcmb2|=HTd#{u#u;oR*oB%D{c{giaX4BA3=lSGt63^%#WmPkj(zU|;|M2G$JF literal 0 HcmV?d00001 diff --git a/t/tests/reproducibility/debian/file-without-timestamp.gz b/t/tests/reproducibility/debian/file-without-timestamp.gz new file mode 100644 index 0000000000000000000000000000000000000000..0dbd7dd9a0aa228b8af804b0fc8c304ffa6fcfd1 GIT binary patch literal 34 lcmb2|=3oE=X6}<Gbix=GxwKBY(j{c8#~_q{>Vp7K3IL1w2=@R0 literal 0 HcmV?d00001 diff --git a/t/tests/reproducibility/debian/prepare b/t/tests/reproducibility/debian/prepare new file mode 100755 index 0000000..a0feb41 --- /dev/null +++ b/t/tests/reproducibility/debian/prepare @@ -0,0 +1,4 @@ +#!/bin/bash + +gzip file -c > file-with-timestamp.gz +gzip file -nc > file-without-timestamp.gz diff --git a/t/tests/reproducibility/desc b/t/tests/reproducibility/desc new file mode 100644 index 0000000..f0e18bd --- /dev/null +++ b/t/tests/reproducibility/desc @@ -0,0 +1,6 @@ +Testname: reproducibility +Sequence: 6000 +Version: 1.0 +Description: Test if package is reproducible +Test-For: + package-contains-timestamped-gzip diff --git a/t/tests/reproducibility/tags b/t/tests/reproducibility/tags new file mode 100644 index 0000000..3afb943 --- /dev/null +++ b/t/tests/reproducibility/tags @@ -0,0 +1 @@ +W: unreproducible-pkg: package-contains-timestamped-gzip usr/share/pkg-with-gzips/file-with-timestamp.gz -- 1.8.5.3