Acknowledgement sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Ludovic Drolez <ldrolez@debian.org>.
(Sat, 24 Sep 2022 22:21:03 GMT) (full text, mbox, link).
Source: lookup
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
The build path is embedded in /usr/bin/lookup:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/lookup.html
/build/1st/lookup-1.08b/lookup.c:34
vs.
/build/2/lookup-1.08b/2nd/lookup.c:34
The attached patch fixes this by adding the -ffile-prefix-map argument
to CFLAGS in the upstream Makefile, and should be added to
debian/patches.
With this patch applied lookup should build reproducibly on
tests.reproducible-builds.org!
Thanks for maintaining lookup!
live well,
vagrant
Information forwarded
to Ludovic Drolez <ldrolez@debian.org>: Bug#1020659; Package src:lookup.
(Tue, 12 Mar 2024 22:36:13 GMT) (full text, mbox, link).
Acknowledgement sent
to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Ludovic Drolez <ldrolez@debian.org>.
(Tue, 12 Mar 2024 22:36:13 GMT) (full text, mbox, link).
Control: severity -1 wishlist
Dear Maintainer,
Because Debian builds packages from a fixed build path, neither the 'reprotest'
utility in Salsa-CI, nor the Reproducible Builds team's package test
infrastructure for Debian[1] currently check for equivalent binary package
output from differing source package build paths.
This means that your package will pass current reproducibility tests; however
we believe that source code and/or build steps still embed the build path into
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.
As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].
For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/
Thanks,
James
[1] - https://tests.reproducible-builds.org/debian/reproducible.html
[2] - https://www.debian.org/Bugs/Developer#severities
Severity set to 'wishlist' from 'normal'
Request was from James Addison <jay@jp-hosting.net>
to 1020659-maintonly@bugs.debian.org.
(Tue, 12 Mar 2024 22:36:13 GMT) (full text, mbox, link).
Information forwarded
to Ludovic Drolez <ldrolez@debian.org>: Bug#1020659; Package src:lookup.
(Wed, 13 Mar 2024 09:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Ludovic Drolez <ldrolez@debian.org>.
(Wed, 13 Mar 2024 09:21:06 GMT) (full text, mbox, link).
A correction for a mistake in my previous message:
> Because Debian builds packages from a fixed build path, neither the 'reprotest'
> utility in Salsa-CI, nor the Reproducible Builds team's package test
> infrastructure for Debian[1] currently check for equivalent binary package
> output from differing source package build paths.
>
> This means that your package will pass current reproducibility tests; ...
> [ snip ]
Currently the 'reprotest' job in Salsa-CI does in fact continue to exercise
variations of the build-path, and will fail if it builds binary packages that
contain different contents as a result.
Reply sent
to Ludovic Drolez <ldrolez@debian.org>:
You have taken responsibility.
(Mon, 26 Aug 2024 20:45:03 GMT) (full text, mbox, link).
Notification sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer.
(Mon, 26 Aug 2024 20:45:03 GMT) (full text, mbox, link).
Source: lookup
Source-Version: 1.08b-14
Done: Ludovic Drolez <ldrolez@debian.org>
We believe that the bug you reported is fixed in the latest version of
lookup, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1020659@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ludovic Drolez <ldrolez@debian.org> (supplier of updated lookup package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 26 Aug 2024 22:13:00 +0200
Source: lookup
Architecture: source
Version: 1.08b-14
Distribution: unstable
Urgency: medium
Maintainer: Ludovic Drolez <ldrolez@debian.org>
Changed-By: Ludovic Drolez <ldrolez@debian.org>
Closes: 10206591075232
Changes:
lookup (1.08b-14) unstable; urgency=medium
.
* Fixes for GCC-14. Closes: #1075232
* Added Build path patch. Closes: #1020659
Checksums-Sha1:
3012d718c449f5a93b4f9f63d878db3e0d732f35 1341 lookup_1.08b-14.dsc
8441efabc795b8d63b28bb4e5ee69f10d6f42219 9544 lookup_1.08b-14.debian.tar.xz
a639866b92099373c4240a2c91d68a4e02098472 5604 lookup_1.08b-14_amd64.buildinfo
Checksums-Sha256:
3bb6805a28a6607b75547bfc128d5d31fe63039626f804d5874131f09e0ee9cb 1341 lookup_1.08b-14.dsc
69c4bb4c845795f57568f85cba923ce91c6fc19b930d29596d7145e36eae710d 9544 lookup_1.08b-14.debian.tar.xz
2c3af3becce73c1c7b09fcee7f8d713276845b6b0b3c433d0b41ec82ebcbaed5 5604 lookup_1.08b-14_amd64.buildinfo
Files:
cca8eb85a903da05e52528712869454b 1341 text optional lookup_1.08b-14.dsc
3fa19b46d7f243269a13b4135892315f 9544 text optional lookup_1.08b-14.debian.tar.xz
ce8ed900c722565df261afa4b9ef6215 5604 text optional lookup_1.08b-14_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFHBAEBCAAxFiEEKrWNbKjxjlSqtxlZi3UoEkf5wXwFAmbM5DcTHGxkcm9sZXpA
ZGViaWFuLm9yZwAKCRCLdSgSR/nBfHKKB/sEieiJy7XygAPx23f1OUVNkwV6qSec
7L1DH17WIHX2+6tGTUOrApZ6YhzpG6my36+6mWbUkjyt8rqYkylaRRzIMOXvZKuV
p4JmvYKOEumtpUshS3Il9IcT8/QqSv5mIEM3N6F167SEd0vCboxs+kdNs0EXJzsS
ul3PSP5QfooxuXOvLwjz+Y1zI3GnBTfHbYL20UIBONqSe/FYXZLy1kRZDGSQb2Bq
doQcFNRYaym3Nom4gkNUDaGb++2NRqqiyDPsD5tsVsKMNpB81OQEYbhESErpQdqz
DKLU4IJCRTG1JTzvokcxLrAD/WHE5P8MurA3CTbyAYr8gPK4ROOK8R5l
=kVO2
-----END PGP SIGNATURE-----
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.