[DRE-maint] Bug#1041840: ruby-babosa: please make the build reproducible

Mon, 24 Jul 2023 01:12:12 -0700 

Source: ruby-babosa
Version: 2.0.0-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
ruby-babosa could not be built reproducibly.

This is because the rendered .gemspec file expands the unreproducible
__dir__ variable to be included in a "cert_chain" attribute. However,
this is not needed in the package, and is probably only needed if you
are making releases of the package (like the 'signing_key') attribute.

A patch is attached that moves the assignment of cert_chain to match
the conditional of signing_key, thereby excluding it from the
binary package and thus making the package reproducible.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

--- a/debian/patches/reproducible-build.patch   1970-01-01 01:00:00.000000000 
+0100
--- b/debian/patches/reproducible-build.patch   2023-07-24 09:03:51.786257737 
+0100
@@ -0,0 +1,16 @@
+Description: Make the build reproducible
+Author: Chris Lamb <la...@debian.org>
+Last-Update: 2023-07-24
+
+--- ruby-babosa-2.0.0.orig/babosa.gemspec
++++ ruby-babosa-2.0.0/babosa.gemspec
+@@ -26,8 +26,8 @@ Gem::Specification.new do |s|
+   s.add_development_dependency "rubocop", ">= 0.93.0"
+   s.add_development_dependency "simplecov"
+ 
+-  s.cert_chain = [File.expand_path("certs/parndt.pem", __dir__)]
+   if $PROGRAM_NAME.end_with?("gem") && ARGV.include?("build") && 
ARGV.include?(__FILE__)
++    s.cert_chain = [File.expand_path("certs/parndt.pem", __dir__)]
+     s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem")
+   end
+ end
--- a/debian/patches/series     2023-07-24 08:59:47.532270584 +0100
--- b/debian/patches/series     2023-07-24 09:03:50.114246613 +0100
@@ -1 +1,2 @@
 remove-bundler.patch
+reproducible-build.patch

_______________________________________________
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

Reply via email to