Bug#858431: strip-nondeterminism does not normalize Unix ownership from zip archives or .epub files
tags 858431 + pending thanks This is fixed in Git, pending upload: https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/f40f555085eeb086bfd4ee1fca1012550790a12d Makefile.PL | 1 + lib/File/StripNondeterminism/handlers/zip.pm | 31 +++- 2 files changed, 27 insertions(+), 5 deletions(-) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#858431: strip-nondeterminism does not normalize Unix ownership from zip archives or .epub files
forcemerge 858431 920732 retitle 858431 strip-nondeterminism does not normalize Unix ownership from zip archives or .epub files tags 858431 - wontfix thanks Two changes here: * .epub files are "just" .zip files, so merging and retitling to match. * Unmarking as wontfix; re-reading https://bugs.debian.org/858431#22, I believe we should indeed be normalising these. Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#858431: strip-nondeterminism does not normalize Unix ownership from zip archives
forwarded 858431 https://salsa.debian.org/reproducible-builds/strip-nondeterminism/issues/4 thanks I've forwarded this upstream here: https://salsa.debian.org/reproducible-builds/strip-nondeterminism/issues/4 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#858431: strip-nondeterminism does not normalize Unix ownership from zip archives
On Wed, Mar 22, 2017 at 07:29:03PM +, Chris Lamb wrote: > > > What I expect to see, and believe should happen, is all UIDs and GIDs in > > > the zip archive become 0, owned by root. > > > > That would be inconsistent with the current behaviour with tarballs, > > which also contain UIDs and GIDs and AFAIK are kept untouched by > > strip-nondeterminism. tarballs are currently not touched/supported at all by strip-nondeterminism. > Indeed, and given that we would want the behaviour to be consistent across > archive formats and I think this goes beyond what strip-nondetermism should > do, I am marking this as wontfix. I think it would be more consistent to also normalize UID/GID in zip files, as this is some non-determinism (that should be stripped). And strip-nondeterminism currently also normalizes permissions to 755/644, which is a bit related to UID/GID. signature.asc Description: Digital signature
Bug#858431: strip-nondeterminism does not normalize Unix ownership from zip archives
tags 858431 + wontfix thanks Santiago Vila wrote: > > What I expect to see, and believe should happen, is all UIDs and GIDs in > > the zip archive become 0, owned by root. > > That would be inconsistent with the current behaviour with tarballs, > which also contain UIDs and GIDs and AFAIK are kept untouched by > strip-nondeterminism. Indeed, and given that we would want the behaviour to be consistent across archive formats and I think this goes beyond what strip-nondetermism should do, I am marking this as wontfix. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#858431: strip-nondeterminism does not normalize Unix ownership from zip archives
On Wed, Mar 22, 2017 at 03:48:02AM -0700, Mike Swanson wrote: > root@turanga:sn# strip-nondeterminism ?.zip > root@turanga:sn# bsdtar -tvf 1.zip > -rwxr-xr-x 0 0 0 0 Mar 22 03:44 root > -rw-r--r-- 0 1000 10010 Mar 22 03:44 user > root@turanga:sn# bsdtar -tvf 2.zip > -rwxr-xr-x 0 0 0 0 Mar 22 03:44 root > -rw-r--r-- 0 1001 10020 Mar 22 03:44 user > > What I expect to see, and believe should happen, is all UIDs and GIDs in > the zip archive become 0, owned by root. That would be inconsistent with the current behaviour with tarballs, which also contain UIDs and GIDs and AFAIK are kept untouched by strip-nondeterminism. If those zipfiles are created in the build target of debian/rules, why not just use "fakeroot tar czvf tarball.tar.gz file1 file2" or "fakeroot zip zipfile.zip file1 file2"? Also: What if the zipfile or the tarball comes from the orig.tar.gz and we don't want to alter it in any way? Thanks.
Bug#858431: strip-nondeterminism does not normalize Unix ownership from zip archives
Package: strip-nondeterminism Version: 0.031-1 Zip archives may contain Unix metadata about its member files, including ownership, mode, and so forth. strip-nondeterminism fails to correct for ownership, allowing for archives to be created and maintained with basically arbitrary and unpredictable UIDs/GIDs, normally the UIDs/GIDs of the user the archive is being created under. Example run (starting out with an empty directory): chungy@turanga:sn$ fakeroot root@turanga:sn# mkdir 1 2 root@turanga:sn# touch {1,2}/{root,user} root@turanga:sn# chown 1000:1001 1/user && chown 1001:1002 2/user root@turanga:sn# chmod 700 1/root 2/root root@turanga:sn# zip -qj 1.zip 1/root 1/user && zip -qj 2.zip 2/user 2/root root@turanga:sn# bsdtar -tvf 1.zip -rwx-- 0 0 0 0 Mar 22 03:44 root -rw-r--r-- 0 1000 10010 Mar 22 03:44 user root@turanga:sn# bsdtar -tvf 2.zip -rw-r--r-- 0 1001 10020 Mar 22 03:44 user -rwx-- 0 0 0 0 Mar 22 03:44 root root@turanga:sn# strip-nondeterminism ?.zip root@turanga:sn# bsdtar -tvf 1.zip -rwxr-xr-x 0 0 0 0 Mar 22 03:44 root -rw-r--r-- 0 1000 10010 Mar 22 03:44 user root@turanga:sn# bsdtar -tvf 2.zip -rwxr-xr-x 0 0 0 0 Mar 22 03:44 root -rw-r--r-- 0 1001 10020 Mar 22 03:44 user What I expect to see, and believe should happen, is all UIDs and GIDs in the zip archive become 0, owned by root.