Your message dated Mon, 04 Jan 2021 18:33:24 +0000 with message-id <e1kwufu-000090...@fasolo.debian.org> and subject line Bug#978946: fixed in gfxboot 4.5.73-2 has caused the Debian Bug report #978946, regarding gfxboot: reproducible builds: Embeds user id, group id and timestamps in cpio files to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 978946: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978946 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gfxboot Severity: normal Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: username X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org Various cpio archives shipped in gfxboot contain the user id and group id of the build user: https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/gfxboot.html etc/bootsplash/example_01/cdrom/bootlogo -rw-r--r--···1·····1111·····1111····42639·2020-12-24·13:17:48.000000·init vs. -rw-r--r--···1·····2222·····2222····42639·2022-01-26·19:45:05.000000·init The attached patch fixes this by passing the owner argument to the cpio calls when creating the archives. Unfortunately, the cpio archives also embed the timestamps of the files included, which will likely vary between builds, so this does not resolve all reproducibility issues with these archives. Thanks for maintaining gfxboot! live well, vagrantFrom 7a670f72d5305aaf692597f1748937d552d290a3 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagr...@reproducible-builds.org> Date: Thu, 31 Dec 2020 08:57:55 +0000 Subject: [PATCH 1/2] Patch calls to create cpio archives to set owner and group. --- bin/unpack_bootlogo | 2 +- gfxboot | 4 ++-- themes/openSUSE/Makefile | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/unpack_bootlogo b/bin/unpack_bootlogo index ec83d0b..7672e16 100755 --- a/bin/unpack_bootlogo +++ b/bin/unpack_bootlogo @@ -48,7 +48,7 @@ sub unpack_bootlogo } } - open P, "| cd $tmp; cpio --quiet -o >../bootlogo"; + open P, "| cd $tmp; cpio --quiet --owner=+0:+0 -o >../bootlogo"; print P "$_\n" for grep $_, @files; if($xdir) { print P "$_\n" for @ext } close P; diff --git a/gfxboot b/gfxboot index f7cda36..4015dd2 100755 --- a/gfxboot +++ b/gfxboot @@ -2597,7 +2597,7 @@ sub pack_archive } if(@pack_list) { - open $f, "| ( cd $dir ; cpio --quiet -o ) >$file/$archive"; + open $f, "| ( cd $dir ; cpio --quiet --owner=+0:+0 -o ) >$file/$archive"; print $f join("\n", @pack_list); close $f; } @@ -2606,7 +2606,7 @@ sub pack_archive else { $file = $gfxboot_tmp->file; - $i = system "cd $dir ; find . | cpio --quiet -o >$file 2>/dev/null"; + $i = system "cd $dir ; find . | cpio --quiet --owner=+0:+0 -o >$file 2>/dev/null"; die "$file: failed to create archive\n" if $i; } diff --git a/themes/openSUSE/Makefile b/themes/openSUSE/Makefile index 3a71f9b..1c8de69 100644 --- a/themes/openSUSE/Makefile +++ b/themes/openSUSE/Makefile @@ -56,7 +56,7 @@ ifdef DEFAULT_LANG @echo $(DEFAULT_LANG) >bootlogo.dir/lang endif @sh -c 'cd bootlogo.dir; chmod +t * ; chmod -t init languages' - @sh -c 'cd bootlogo.dir; echo * | sed -e "s/ /\n/g" | cpio --quiet -o >../bootlogo' + @sh -c 'cd bootlogo.dir; echo * | sed -e "s/ /\n/g" | cpio --quiet --owner=+0:+0 -o >../bootlogo' message: src/main.bin src/gfxboot.cfg help-boot/.ready po/.ready fonts/.ready @rm -rf message.dir @@ -71,7 +71,7 @@ ifdef DEFAULT_LANG @echo $(DEFAULT_LANG) >message.dir/lang @echo $(DEFAULT_LANG) >>message.dir/languages endif - @sh -c 'cd message.dir; echo * | sed -e "s/ /\n/g" | cpio --quiet -o >../message' + @sh -c 'cd message.dir; echo * | sed -e "s/ /\n/g" | cpio --quiet --owner=+0:+0 -o >../message' clean: @for i in $(SUBDIRS) ; do [ ! -f $$i/Makefile ] || make -C $$i clean || break ; done -- 2.20.1signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: gfxboot Source-Version: 4.5.73-2 Done: Vagrant Cascadian <vagr...@reproducible-builds.org> We believe that the bug you reported is fixed in the latest version of gfxboot, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 978...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Vagrant Cascadian <vagr...@reproducible-builds.org> (supplier of updated gfxboot package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 04 Jan 2021 10:14:56 -0800 Source: gfxboot Architecture: source Version: 4.5.73-2 Distribution: unstable Urgency: medium Maintainer: Debian QA Group <packa...@qa.debian.org> Changed-By: Vagrant Cascadian <vagr...@reproducible-builds.org> Closes: 978946 Changes: gfxboot (4.5.73-2) unstable; urgency=medium . * QA upload. * themes/example*/Makefile: Use the .bc files as a reference date. (Closes: #978946) Checksums-Sha1: 68108cf087dd1b5e07a775119254ac2d93f77ac7 1609 gfxboot_4.5.73-2.dsc 1ed22c33845f539ae43e0d31ec715a8064ee8202 12976 gfxboot_4.5.73-2.debian.tar.xz Checksums-Sha256: 69c201d5c09dd4bce41ccdbb1696847a082afada71a65964947d32cc7359c6f3 1609 gfxboot_4.5.73-2.dsc facef39eb05480eae0513473cf7cc83d3e84dab376c438819e7ebb6cff8cefbc 12976 gfxboot_4.5.73-2.debian.tar.xz Files: b166d790bd9caee69638ea0bc5c7fbb4 1609 misc optional gfxboot_4.5.73-2.dsc 93eadf6e03dd78d0e1332425d6b09147 12976 misc optional gfxboot_4.5.73-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iJYEARYKAD4WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCX/Nc7yAcdmFncmFudEBy ZXByb2R1Y2libGUtYnVpbGRzLm9yZwAKCRDcUY/If5cWqhqaAQDVky269lLwwZFS BFjK6LdRLZyVNrYKvF65MWssg1cwHQD/c0nRF7hCnE/8EgPv15nXX74dcGY1qQqN AAGHtUCAAwc= =GnPI -----END PGP SIGNATURE-----
--- End Message ---