[Reproducible-builds] Bug#826309: gnupg2: Please make the build reproducible wrt. varying build hostname
Package: gnupg2 Version: 2.1.11-7 Severity: wishlist Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: hostname X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Hi, the attached patch fixes (in my local rebuild.sh test environment) the non-determinism in /usr/share/win32/gpgv.exe caused by varying build hostname. Please have a look and let me know if you think it should be implemented differently. For the record, the hostname is captured in gpgv.exe since upstream commit 049b3d9, whose message explains what the change is, but does not make its rationale clear. Thank you for maintaining GnuPG in Debian! Cheers, -- intrigeri commit 073b11eb65f5cd7beb5cbf1e1b5e957c0ae37333 Author: intrigeri Date: Sat Jun 4 11:46:50 2016 + 0007-Don-t-include-BUILD_HOSTNAME-nor-BUILD_TIMESTAMP-in-.patch: new patch (don't include BUILD_HOSTNAME nor BUILD_TIMESTAMP in W32INFO_FILEVERSION, for build reproducibility). diff --git a/debian/patches/0007-Don-t-include-BUILD_HOSTNAME-nor-BUILD_TIMESTAMP-in-.patch b/debian/patches/0007-Don-t-include-BUILD_HOSTNAME-nor-BUILD_TIMESTAMP-in-.patch new file mode 100644 index 000..d304f03 --- /dev/null +++ b/debian/patches/0007-Don-t-include-BUILD_HOSTNAME-nor-BUILD_TIMESTAMP-in-.patch @@ -0,0 +1,23 @@ +From: intrigeri +Date: Sat, 4 Jun 2016 11:45:46 + +Subject: Don't include BUILD_HOSTNAME nor BUILD_TIMESTAMP in + W32INFO_FILEVERSION, for build reproducibility. + +--- + common/w32info-rc.h.in | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/common/w32info-rc.h.in b/common/w32info-rc.h.in +index d7909dd..0c9d761 100644 +--- a/common/w32info-rc.h.in b/common/w32info-rc.h.in +@@ -22,8 +22,7 @@ either version 3 of the License, or (at your option) any later version.\0" + #define W32INFO_VI_FILEVERSION@BUILD_FILEVERSION@ + #define W32INFO_VI_PRODUCTVERSION @BUILD_FILEVERSION@ + +-#define W32INFO_FILEVERSION "@VERSION@ (@BUILD_REVISION@) \ +-built on @BUILD_HOSTNAME@ at @BUILD_TIMESTAMP@\0" ++#define W32INFO_FILEVERSION "@VERSION@ (@BUILD_REVISION@)\0" + + #define W32INFO_PRODUCTNAME"GNU Privacy Guard (GnuPG)\0" + #define W32INFO_PRODUCTVERSION "@VERSION@\0" diff --git a/debian/patches/series b/debian/patches/series index 540d51d..f6f9089 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,4 @@ 0004-avoid-gpgtar.test-when-disable-gpgtar-is-configured.patch 0005-common-Change-simple_query-to-ignore-status-messages.patch 0006-w32-Do-not-error-out-if-gpgconf-is-not-installed.patch +0007-Don-t-include-BUILD_HOSTNAME-nor-BUILD_TIMESTAMP-in-.patch ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] [Tails-dev] tails binary and source packages lists URL has changed…
Holger Levsen wrote (18 May 2016 08:27:05 GMT) : > On Tue, May 17, 2016 at 06:48:49PM +0200, intrigeri wrote: >> > I'll gladly merge this whenever you tell me I should. >> Please go ahead :) > cool, done. thanks! > https://jenkins.debian.net/view/reproducible/view/Debian_misc/job/reproducible_create_meta_pkg_sets/401/console > worked nicely, so yay! :) ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] [Tails-dev] tails binary and source packages lists URL has changed…
Hi Holger, Holger Levsen wrote (17 May 2016 11:29:56 GMT) : > On Tue, May 17, 2016 at 01:16:28PM +0200, intrigeri wrote: >> I'm working on it and hope to fix it today. Repaired! > I'll gladly merge this whenever you tell me I should. Please go ahead :) Cheers, -- intrigeri ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] [Tails-dev] tails binary and source packages lists URL has changed…
Hi, Holger Levsen wrote (11 May 2016 10:22:11 GMT) : > once again these two URLs have changed: > http://nightly.tails.boum.org/build_Tails_ISO_feature-stretch/lastSuccessful/archive/latest.iso.binpkgs > http://nightly.tails.boum.org/build_Tails_ISO_feature-stretch/lastSuccessful/archive/latest.iso.srcpkg The ISO build from our feature/stretch branch, that generates these files, has been broken for a while, and after some weeks our Jenkins set up deletes artifacts it considers to be obsolete… so these files have indeed disappeared. Sorry for the inconvenience, and thanks for the heads up: I didn't consciously realize that such breakage would impact you folks :/ I'm working on it and hope to fix it today. > We need to them to create the package lists for: > https://tests.reproducible-builds.org/unstable/amd64/pkg_set_tails.html > https://tests.reproducible-builds.org/unstable/amd64/pkg_set_tails_build-depends.html Right, it's lovely that we have these, thank you! :) And by the way, once the above is fixed, I want to quickly switch our pkgset generation process from our (very hackish and inaccurate) .binpkgs/.srcpkgs files, to our new (accurate) .build-manifest one. I've prepared a branch that does this switch and adjusts bin/reproducible_create_meta_pkg_sets.sh accordingly: * repo: https://git-tails.immerda.ch/jenkins.debian.net.git * branch: support-tails-build-manifest I'll notify you once the above has been fixed and this can be merged and deployed to production, but IMO this branch is ready for a code review. Note that: * I used explicit argument passing to the function this branch introduces, instead of global variables; if you prefer, I can of course adjust this to use global variables, to match the current code's style more closely, regardless of whatever my personal taste in such matters is. * I really didn't want to parse YAML by hand, hence the inline Python script. I've seen a Perl one in the same file already, so I've assumed it would be OK. If you prefer I can certainly move that function into its own, dedicated script. Cheers, -- intrigeri ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Please whitelist reproducible mails
Hi, Mattia Rizzolo wrote (14 Sep 2015 19:58:38 GMT) : > I'd ask you to either whitelist our mail, Done. Sorry for the burden. > or to completely open the ML (as a silent standard in Debian). That's how I personally would do it, but IIRC some other team members preferred the current setup to lower the amount of spam. Cheers, -- intrigeri ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
