1020659">

Debian Bug report logs - #1020659
lookup: reproducible-builds: Embedded build path in /usr/bin/lookup

version graph

Package: src:lookup; Maintainer for src:lookup is Ludovic Drolez <ldrolez@debian.org>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Sat, 24 Sep 2022 22:21:01 UTC

Severity: wishlist

Tags: patch

Fixed in version lookup/1.08b-14

Done: Ludovic Drolez <ldrolez@debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Ludovic Drolez <ldrolez@debian.org>:
Bug#1020659; Package src:lookup. (Sat, 24 Sep 2022 22:21:03 GMT) (full text, mbox, link).


Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Ludovic Drolez <ldrolez@debian.org>. (Sat, 24 Sep 2022 22:21:03 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: lookup: reproducible-builds: Embedded build path in /usr/bin/lookup
Date: Sat, 24 Sep 2022 15:19:08 -0700
[Message part 1 (text/plain, inline)]
Source: lookup
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The build path is embedded in /usr/bin/lookup:

  https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/lookup.html

  /build/1st/lookup-1.08b/lookup.c:34
  vs.
  /build/2/lookup-1.08b/2nd/lookup.c:34

The attached patch fixes this by adding the -ffile-prefix-map argument
to CFLAGS in the upstream Makefile, and should be added to
debian/patches.

With this patch applied lookup should build reproducibly on
tests.reproducible-builds.org!

Thanks for maintaining lookup!

live well,
  vagrant
[0001-Makefile-Pass-ffile-prefix-map-in-CFLAGS-to-avoid-em.patch (text/x-diff, inline)]
From 885cd0118a719cb1d73904557063d56318ced514 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Sat, 24 Sep 2022 22:14:17 +0000
Subject: [PATCH] Makefile: Pass -ffile-prefix-map in CFLAGS to avoid embedding
 build paths.

https://reproducible-builds.org/docs/build-path/
---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 7bfce46..57aac3f 100644
--- a/Makefile
+++ b/Makefile
@@ -96,6 +96,7 @@ LOCAL_LIB=jefflib.a
 LIBS= $(LOCAL_LIB) $(OTHERLIBS)
 
 CFLAGS= $(OPTIONS) $(EXTRA) $(CFLAGS_EXTRA)
+CFLAGS += -ffile-prefix-map=$(CURDIR)=.
 
 objs=lookup.o commands.o apply_regex.o eval.o
 
-- 
2.30.2

[signature.asc (application/pgp-signature, inline)]

Information forwarded to Ludovic Drolez <ldrolez@debian.org>:
Bug#1020659; Package src:lookup. (Tue, 12 Mar 2024 22:36:13 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Ludovic Drolez <ldrolez@debian.org>. (Tue, 12 Mar 2024 22:36:13 GMT) (full text, mbox, link).


Message #10 received at 1020659-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Tue, 12 Mar 2024 22:33:24 +0000
Control: severity -1 wishlist

Dear Maintainer,

Because Debian builds packages from a fixed build path, neither the 'reprotest'
utility in Salsa-CI, nor the Reproducible Builds team's package test
infrastructure for Debian[1] currently check for equivalent binary package
output from differing source package build paths.

This means that your package will pass current reproducibility tests; however
we believe that source code and/or build steps still embed the build path into
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.

As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].

For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/

Thanks,
James

[1] - https://tests.reproducible-builds.org/debian/reproducible.html

[2] - https://www.debian.org/Bugs/Developer#severities



Severity set to 'wishlist' from 'normal' Request was from James Addison <jay@jp-hosting.net> to 1020659-maintonly@bugs.debian.org. (Tue, 12 Mar 2024 22:36:13 GMT) (full text, mbox, link).


Information forwarded to Ludovic Drolez <ldrolez@debian.org>:
Bug#1020659; Package src:lookup. (Wed, 13 Mar 2024 09:21:06 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Ludovic Drolez <ldrolez@debian.org>. (Wed, 13 Mar 2024 09:21:06 GMT) (full text, mbox, link).


Message #17 received at 1020659-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Wed, 13 Mar 2024 09:18:02 +0000
A correction for a mistake in my previous message:

> Because Debian builds packages from a fixed build path, neither the 'reprotest'
> utility in Salsa-CI, nor the Reproducible Builds team's package test
> infrastructure for Debian[1] currently check for equivalent binary package
> output from differing source package build paths.
>
> This means that your package will pass current reproducibility tests; ...
> [ snip ]

Currently the 'reprotest' job in Salsa-CI does in fact continue to exercise
variations of the build-path, and will fail if it builds binary packages that
contain different contents as a result.



Reply sent to Ludovic Drolez <ldrolez@debian.org>:
You have taken responsibility. (Mon, 26 Aug 2024 20:45:03 GMT) (full text, mbox, link).


Notification sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer. (Mon, 26 Aug 2024 20:45:03 GMT) (full text, mbox, link).


Message #22 received at 1020659-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1020659-close@bugs.debian.org
Subject: Bug#1020659: fixed in lookup 1.08b-14
Date: Mon, 26 Aug 2024 20:40:15 +0000
[Message part 1 (text/plain, inline)]
Source: lookup
Source-Version: 1.08b-14
Done: Ludovic Drolez <ldrolez@debian.org>

We believe that the bug you reported is fixed in the latest version of
lookup, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1020659@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ludovic Drolez <ldrolez@debian.org> (supplier of updated lookup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 26 Aug 2024 22:13:00 +0200
Source: lookup
Architecture: source
Version: 1.08b-14
Distribution: unstable
Urgency: medium
Maintainer: Ludovic Drolez <ldrolez@debian.org>
Changed-By: Ludovic Drolez <ldrolez@debian.org>
Closes: 1020659 1075232
Changes:
 lookup (1.08b-14) unstable; urgency=medium
 .
   * Fixes for GCC-14. Closes: #1075232
   * Added Build path patch. Closes: #1020659
Checksums-Sha1:
 3012d718c449f5a93b4f9f63d878db3e0d732f35 1341 lookup_1.08b-14.dsc
 8441efabc795b8d63b28bb4e5ee69f10d6f42219 9544 lookup_1.08b-14.debian.tar.xz
 a639866b92099373c4240a2c91d68a4e02098472 5604 lookup_1.08b-14_amd64.buildinfo
Checksums-Sha256:
 3bb6805a28a6607b75547bfc128d5d31fe63039626f804d5874131f09e0ee9cb 1341 lookup_1.08b-14.dsc
 69c4bb4c845795f57568f85cba923ce91c6fc19b930d29596d7145e36eae710d 9544 lookup_1.08b-14.debian.tar.xz
 2c3af3becce73c1c7b09fcee7f8d713276845b6b0b3c433d0b41ec82ebcbaed5 5604 lookup_1.08b-14_amd64.buildinfo
Files:
 cca8eb85a903da05e52528712869454b 1341 text optional lookup_1.08b-14.dsc
 3fa19b46d7f243269a13b4135892315f 9544 text optional lookup_1.08b-14.debian.tar.xz
 ce8ed900c722565df261afa4b9ef6215 5604 text optional lookup_1.08b-14_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFHBAEBCAAxFiEEKrWNbKjxjlSqtxlZi3UoEkf5wXwFAmbM5DcTHGxkcm9sZXpA
ZGViaWFuLm9yZwAKCRCLdSgSR/nBfHKKB/sEieiJy7XygAPx23f1OUVNkwV6qSec
7L1DH17WIHX2+6tGTUOrApZ6YhzpG6my36+6mWbUkjyt8rqYkylaRRzIMOXvZKuV
p4JmvYKOEumtpUshS3Il9IcT8/QqSv5mIEM3N6F167SEd0vCboxs+kdNs0EXJzsS
ul3PSP5QfooxuXOvLwjz+Y1zI3GnBTfHbYL20UIBONqSe/FYXZLy1kRZDGSQb2Bq
doQcFNRYaym3Nom4gkNUDaGb++2NRqqiyDPsD5tsVsKMNpB81OQEYbhESErpQdqz
DKLU4IJCRTG1JTzvokcxLrAD/WHE5P8MurA3CTbyAYr8gPK4ROOK8R5l
=kVO2
-----END PGP SIGNATURE-----

[Message part 2 (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Sep 2024 07:29:55 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 31 00:31:58 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.