Bug#846842: nethogs: please make the build reproducible

2017-01-10 Thread Arnout Engelen 
On Fri, Dec 23, 2016 at 11:52 AM, Chris Lamb  wrote:

> > To me it doesn't sound unreasonable to consider the last segment of the
> > build path part of the build environment
>
> Could you elaborate why? We feel that the entire build path including
> the basename(1) (or "last segment") to be:
>
>   a) something up to the local package builder to decide.
>
>   b) A poor method of storing metadata. It seems quite fragile and also
>  non-intuitive; if a user searches the source tree for the version
>  number, they won't actually find it within any of the files!
>

Not having the version in the source tree is actually intentional: this
way, we can promote a certain commit to 'release' without having to add
'bump version to X'/'bump version to (X+1)-SNAPSHOT'-style commits to the
history.

This way we avoid some risks:

- if you commit the released versions, people branching from that commit
might accidentally build binaries that seem/claim to also be that version
even though they aren't. When using tags instead, you can't really
accidentally tag multiple commits with the same tag.

- if you don't commit the final version (and commit 'x.y.z+1-SNAPSHOT' or
something similar instead), there is no commit that is byte-per-byte
identical to a git commit. I like to have that (I can even sign that commit
which is nice).

Our comprehensive testing framework deliberately varies this build path to
> flush out these issues FYI.
>

Yes I figured it was probably intentional, so I thought I'd reach out and
find out why :).


Kind regards,

Arnout

Bug#846842: nethogs: please make the build reproducible

2016-12-23 Thread Chris Lamb 
[Please retain 846...@bugs.debian.org in CC]

Hey Arnout,

Thanks for getting in touch and for your kind words on reproducible
builds. :)

> To me it doesn't sound unreasonable to consider the last segment of the
> build path part of the build environment

Could you elaborate why? We feel that the entire build path including
the basename(1) (or "last segment") to be:

  a) something up to the local package builder to decide.

  b) A poor method of storing metadata. It seems quite fragile and also
 non-intuitive; if a user searches the source tree for the version
 number, they won't actually find it within any of the files!

Our comprehensive testing framework deliberately varies this build path
to flush out these issues FYI.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#846842: Fwd: Re: Bug#846842: nethogs: please make the build reproducible

2016-12-23 Thread Chris Lamb 
[Forwarding to BTS]

- Original message -
From: Arnout Engelen <arn...@bzzt.net>
To: Chris Lamb <la...@debian.org>
Subject: Re: Bug#846842: nethogs: please make the build reproducible
Date: Fri, 23 Dec 2016 11:37:55 +0100

Hi Chris,

First off, thanks for your efforts in making the builds more reproducible,
this is an important topic.

I'm the upstream nethogs author/maintainer, and I'd like to see if there's
something more I can do to help.

'determineVersion.sh' indeed uses `pwd` (when building from outside git).
Indeed in general leaking the full build path into the artifact seems like
a bad idea (https://reproducible-builds.org/docs/build-path/). In this
particular case, though, I only use the last segment of the path to
determine the version.

To me it doesn't sound unreasonable to consider the last segment of the
build path part of the build environment (so I already consider the nethogs
build 'reproducible' in that regard). Do you have any thoughts on that?


Kind regards,

Arnout

On Sat, Dec 3, 2016 at 6:00 PM, Chris Lamb <la...@debian.org> wrote:

> Source: nethogs
> Version: 0.8.5-1
> Severity: wishlist
> Tags: patch
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: builpath
> X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
>
> Hi,
>
> Whilst working on the Reproducible Builds effort [0], we noticed
> that nethogs could not be built reproducibly.
>
> This is due to upstream's determineVersion.sh using the output
> of "pwd".
>
> Patch attached. It overrides from debian/changelog.
>
>
>  [0] https://reproducible-builds.org/


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#846842: nethogs: please make the build reproducible

2016-12-03 Thread Chris Lamb 
Source: nethogs
Version: 0.8.5-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: builpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed
that nethogs could not be built reproducibly.

This is due to upstream's determineVersion.sh using the output
of "pwd". 

Patch attached. It overrides from debian/changelog.


 [0] https://reproducible-builds.org/


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
--- a/debian/rules  2016-12-03 16:48:52.021297391 +
--- b/debian/rules  2016-12-03 16:59:09.759387921 +
@@ -7,3 +7,6 @@
 
 %:
dh $@
+
+override_dh_auto_build:
+   dh_auto_build -- VERSION="$(shell dpkg-parsechangelog --show-field 
Version)"