Control: tag -1 + patch

Raphael Hertzog:
> On Mon, 14 Dec 2015, Raphael Hertzog wrote:
> > Your analysis is correct but dh_strip_nondeterminisn should detect the
> > signature and avoid messing up with the file in that case.
> > 
> > That's what this bug is about.
> 
> And we got another case where dh_strip_nondeterminism actually broke a
> working package... https://bugs.kali.org/view.php?id=3019
> 
> Is there anything we can do to ensure that this bug gets a timely fix?

Attached is a patch which I think could work. I'm not confident enough
in my Perl skills to commit directly though.

-- 
Lunar                                .''`. 
lu...@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
From e2dfd6d97a2f0af21f5d113d7eed12d90ebe2384 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Bobbio?= <lu...@debian.org>
Date: Tue, 26 Jan 2016 13:59:14 +0000
Subject: [PATCH] Don't process signed Jar file

Otherwise, we will break the signature and that's not a good thing.

I guess it would be better if we had a way to pass a warning back. But that's
something for the future.

Closes: #807669
---
 lib/File/StripNondeterminism/handlers/jar.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/File/StripNondeterminism/handlers/jar.pm b/lib/File/StripNondeterminism/handlers/jar.pm
index e136395..4af06a0 100644
--- a/lib/File/StripNondeterminism/handlers/jar.pm
+++ b/lib/File/StripNondeterminism/handlers/jar.pm
@@ -87,6 +87,12 @@ sub _jar_normalize_member {
 
 sub normalize {
 	my ($jar_filename) = @_;
+	my $jar = Archive::Zip->new($jar_filename);
+	my @filenames = $jar->memberNames();
+	for my $filename (@filenames) {
+		# don't process signed jars
+		return 0 if $filename =~ /\AMETA-INF\/[^\/]+\.SF\Z/i;
+	}
 	return File::StripNondeterminism::handlers::zip::normalize($jar_filename,
 							filename_cmp => \&_jar_filename_cmp,
 							member_normalizer => \&_jar_normalize_member);
-- 
2.6.1

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds

Reply via email to