Bug#774274: fontforge: please use SOURCE_DATE_EPOCH for reproducible font modification time

2019-09-20 Thread Theppitak Karoonboonyanan 
Package: fontforge
Version: 1:20170731~dfsg-1+b2
Followup-For: Bug #774274

Hi,

Just seen Vasudev's comment from the bug log.

There are three relevant commits:

1. Add GetTime function: override time(2) in case SOURCE_DATE_EPOCH is set
   
https://github.com/fontforge/fontforge/commit/4e850c134200d5a62bdecdd68a4ee31ef7688360

2. Improve GetTime function
   
https://github.com/fontforge/fontforge/commit/24aeddf65139ee50753537070e51b08c80346423

3. Use GetTime in more places
   
https://github.com/fontforge/fontforge/commit/078a1738a86717b46e02276bd85bb76893688eea

However, as there have already been three 2019 releases (March, April, August),
updating from official release could be another choice.

Regards,
-- 
Theppitak Karoonboonyanan
http://linux.thai.net/~thep/

Bug#774274: fontforge: please use SOURCE_DATE_EPOCH for reproducible font modification time

2019-02-02 Thread Vasudev Kamath 
Theppitak Karoonboonyanan  writes:

> Package: fontforge
> Version: 1:20170731~dfsg-1
> Followup-For: Bug #774274
>
> Dear Maintainer,
>
> This bug still exists for Type 1 font generation, which causes my package
> fonts-sipa-arundina to be unreproducible.
>
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/fonts-sipa-arundina.html
>
> Creation date timestamps are still taken from build time without obeying
> SOURCE_DATE_EPOCH.
>
> There have been some upstream changes in Fontforge after the version in Sid,
> beginning at this one:
>
> https://github.com/fontforge/fontforge/commit/4e850c134200d5a62bdecdd68a4ee31ef7688360
>
> And the relevant calls to the new GetTime() function have been added here:
>
> https://github.com/fontforge/fontforge/commit/078a1738a86717b46e02276bd85bb76893688eea
>
> So, please update Fontforge in Debian to solve more build reproducibility
> problems.

I currently do not have enough time to figure out patches needed as
there is no official release by upstream. But any help is welcome. If
you know set of patches which is going to fix this issue feel free to
record the commit hashes and I will try to get those applied.

Cheers,

Bug#774274: fontforge: please use SOURCE_DATE_EPOCH for reproducible font modification time

2019-01-11 Thread Theppitak Karoonboonyanan 
Package: fontforge
Version: 1:20170731~dfsg-1
Followup-For: Bug #774274

Dear Maintainer,

This bug still exists for Type 1 font generation, which causes my package
fonts-sipa-arundina to be unreproducible.

https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/fonts-sipa-arundina.html

Creation date timestamps are still taken from build time without obeying
SOURCE_DATE_EPOCH.

There have been some upstream changes in Fontforge after the version in Sid,
beginning at this one:

https://github.com/fontforge/fontforge/commit/4e850c134200d5a62bdecdd68a4ee31ef7688360

And the relevant calls to the new GetTime() function have been added here:

https://github.com/fontforge/fontforge/commit/078a1738a86717b46e02276bd85bb76893688eea

So, please update Fontforge in Debian to solve more build reproducibility
problems.

Thanks,
-- 
Theppitak Karoonboonyanan
http://linux.thai.net/~thep/

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500,
'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8),
LANGUAGE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fontforge depends on:
ii  fontforge-common  1:20170731~dfsg-1
ii  libc6 2.28-4
ii  libfontforge2 1:20170731~dfsg-1
ii  libgdraw5 1:20170731~dfsg-1
ii  libltdl7  2.4.6-6
ii  libx11-6  2:1.6.7-1

fontforge recommends no packages.

Versions of packages fontforge suggests:
pn  autotrace 
pn  fontforge-doc 
ii  fontforge-extras  0.3-4
pn  potrace   
ii  python-fontforge  1:20170731~dfsg-1

-- no debconf information

Bug#774274: [Pkg-fonts-devel] Bug#774274: fontforge: please use SOURCE_DATE_EPOCH for reproducible font modification time

2017-05-06 Thread Vasudev Kamath 
Justin Cappos  writes:

> found 774274
> forwarded 774274 https://github.com/fontforge/fontforge/issues/2490
> done
>
> The changelog doesn't seem to indicate that the upstream patch was
> applied.  This seems to be fixed in upstream master on November 16th, 2016
> as per ( https://github.com/fontforge/fontforge/issues/2490 ).

The commit you mentioned in above pull request is already in Debian
package ¹. It was merged by upstream and not patched by us in Debian
hence not mentioned in changelog.

¹ 
https://anonscm.debian.org/cgit/pkg-fonts/fontforge.git/commit/fontforge/tottf.c?id=3d6c16da24d8ae105dfbb3c3a0e0e507e04b835d

>
> This may or may not address / relate to
> https://github.com/fontforge/fontforge/issues/2943.  The issues seem to
> contradict each other about whether the same merged patch set addresses
> both.

Well its Debian's patch which got merged please see first commit in the
PR its mine and taken from Debian patch I created which is already
included in fontforge. ²

² 
https://anonscm.debian.org/cgit/pkg-fonts/fontforge.git/tree/debian/patches/1001_reproducibe_buildtimestamps.patch


>
> This comes up as an issue with many packages (e.g.,
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/dkg-handwriting.html
> seems to be impacted by 2490 and

I don't think its impacted by 2490 the message clearly suggest a new
patch is in WIP at ³ Also 2490 related one patch is already into
fontforge. Once the below WIP patch is submitted upstream I will happily
merge it in our packaging.

³ 
https://gist.githubusercontent.com/lamby/60a545b37b778e148702c342bbf86bd9/raw/19a39af51d669fde042b261236f65ba72f75662a/903_reproducubile_build.diff

> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/essays1743.html
> seems to be impacted by 2943 ).

Not really sure about this also because related patch is already in
fontforge.

I'm not really experienced in reproducible builds so I'm just pointing
at things which are already included in package. If more things needs to
be included please let me know I will get included those in the pacakge.

Cheers,

Bug#774274: fontforge: please use SOURCE_DATE_EPOCH for reproducible font modification time

2017-05-05 Thread Justin Cappos 
found 774274
forwarded 774274 https://github.com/fontforge/fontforge/issues/2490
done

The changelog doesn't seem to indicate that the upstream patch was
applied.  This seems to be fixed in upstream master on November 16th, 2016
as per ( https://github.com/fontforge/fontforge/issues/2490 ).

This may or may not address / relate to
https://github.com/fontforge/fontforge/issues/2943.  The issues seem to
contradict each other about whether the same merged patch set addresses
both.

This comes up as an issue with many packages (e.g.,
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/dkg-handwriting.html
seems to be impacted by 2490 and
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/essays1743.html
seems to be impacted by 2943 ).

Thanks,
Justin