Acknowledgement sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Kurt Roeckx <kurt@roeckx.be>.
(Sat, 24 Sep 2022 22:51:03 GMT) (full text, mbox, link).
Source: libid3tag
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
The build path is embedded in
/usr/lib/x86_64-linux-gnu/libid3tag.so.0.3.0:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/libid3tag.html
/build/1st/libid3tag-0.15.1b/ucs4.c:43
vs.
/build/2/libid3tag-0.15.1b/2nd/ucs4.c:43
The attached patch fixes this in debian/rules by adding
-ffile-prefix-map to CFLAGS passed to configure.
With this patch applied libid3tag should build reproducibly on
tests.reproducible-builds.org!
Thanks for maintaining libid3tag!
live well,
vagrant
Information forwarded
to Kurt Roeckx <kurt@roeckx.be>: Bug#1020661; Package src:libid3tag.
(Tue, 12 Mar 2024 22:36:16 GMT) (full text, mbox, link).
Acknowledgement sent
to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Kurt Roeckx <kurt@roeckx.be>.
(Tue, 12 Mar 2024 22:36:17 GMT) (full text, mbox, link).
Control: severity -1 wishlist
Dear Maintainer,
Because Debian builds packages from a fixed build path, neither the 'reprotest'
utility in Salsa-CI, nor the Reproducible Builds team's package test
infrastructure for Debian[1] currently check for equivalent binary package
output from differing source package build paths.
This means that your package will pass current reproducibility tests; however
we believe that source code and/or build steps still embed the build path into
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.
As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].
For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/
Thanks,
James
[1] - https://tests.reproducible-builds.org/debian/reproducible.html
[2] - https://www.debian.org/Bugs/Developer#severities
Severity set to 'wishlist' from 'normal'
Request was from James Addison <jay@jp-hosting.net>
to 1020661-maintonly@bugs.debian.org.
(Tue, 12 Mar 2024 22:36:17 GMT) (full text, mbox, link).
Information forwarded
to Kurt Roeckx <kurt@roeckx.be>: Bug#1020661; Package src:libid3tag.
(Wed, 13 Mar 2024 09:21:09 GMT) (full text, mbox, link).
Acknowledgement sent
to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Kurt Roeckx <kurt@roeckx.be>.
(Wed, 13 Mar 2024 09:21:09 GMT) (full text, mbox, link).
A correction for a mistake in my previous message:
> Because Debian builds packages from a fixed build path, neither the 'reprotest'
> utility in Salsa-CI, nor the Reproducible Builds team's package test
> infrastructure for Debian[1] currently check for equivalent binary package
> output from differing source package build paths.
>
> This means that your package will pass current reproducibility tests; ...
> [ snip ]
Currently the 'reprotest' job in Salsa-CI does in fact continue to exercise
variations of the build-path, and will fail if it builds binary packages that
contain different contents as a result.
Reply sent
to Andreas Tille <tille@debian.org>:
You have taken responsibility.
(Wed, 09 Oct 2024 06:24:01 GMT) (full text, mbox, link).
Notification sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer.
(Wed, 09 Oct 2024 06:24:01 GMT) (full text, mbox, link).
Source: libid3tag
Source-Version: 0.16.3-1
Done: Andreas Tille <tille@debian.org>
We believe that the bug you reported is fixed in the latest version of
libid3tag, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1020661@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <tille@debian.org> (supplier of updated libid3tag package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 09 Oct 2024 07:37:18 +0200
Source: libid3tag
Architecture: source
Version: 0.16.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Andreas Tille <tille@debian.org>
Closes: 539871555101990837993364102066110820421083201
Changes:
libid3tag (0.16.3-1) unstable; urgency=medium
.
* Team upload.
Closes: #1083201
.
[ Andreas Tille ]
* New upstream version
Closes: #1082042, #539871, #990837, #555101, #993364
* Maintenance in Debian Multimedia team
* Point watch file to https://codeberg.org/tenacityteam/libid3tag/
* DEP5 copyright
* Depends: pkg-config => pkgconf
* Make short description of lib and devel package distinct
* Replace cdbs by short dh
* Enable hardening flags
* Standards-Version: 4.7.0 (routine-update)
* debhelper-compat 13 (routine-update)
* Remove trailing whitespace in debian/changelog (routine-update)
* Remove trailing whitespace in debian/rules (routine-update)
* Rules-Requires-Root: no (routine-update)
* Trim trailing whitespace.
* Strip unusual field spacing from debian/control.
* Refer to specific version of license GPL-2+.
* Fix day-of-week for changelog entry 0.15.1b-8.
* Pass -ffile-prefix-map in CFLAGS to enable reproducible builds
Closes: #1020661
* Build-Depends: cmake
* Remove upstream tarball signature file which is not provided at the
new location
Checksums-Sha1:
4529ab8e57892c4c6b4134f07e9290eed2a6331b 2007 libid3tag_0.16.3-1.dsc
bc28759b6ef743b90980118a4dc302c8e1145df8 53229 libid3tag_0.16.3.orig.tar.gz
a19c30295c0cdd3cff9e87e72a103a4c1bfe3a91 7252 libid3tag_0.16.3-1.debian.tar.xz
a61dd3a27332bb8bd011d40cc324315278ca2bb2 7511 libid3tag_0.16.3-1_amd64.buildinfo
Checksums-Sha256:
f83dbe1aabe978a0cb29bcca6d515b69c6797266919cf6475a3d47243bb80e85 2007 libid3tag_0.16.3-1.dsc
e335334c4504c5def4c0bc04833a34a8ef032767a078cb93429a9094481a9925 53229 libid3tag_0.16.3.orig.tar.gz
319472814a6f328aeac50aeaf5c8bd1d219f92369a23efe5d3c80ae87e963fe5 7252 libid3tag_0.16.3-1.debian.tar.xz
4bf2bcf1bc389b4c5fc9e27af8b9f071570efc4359cdf7f81ea005cc3e964583 7511 libid3tag_0.16.3-1_amd64.buildinfo
Files:
ad00b2c86cf685ffa1546a65ada1357d 2007 sound optional libid3tag_0.16.3-1.dsc
32ab8fd3749a718724e3410b05912734 53229 sound optional libid3tag_0.16.3.orig.tar.gz
cac638bb99ae633b30265db59d92a3a2 7252 sound optional libid3tag_0.16.3-1.debian.tar.xz
457a8f65fbf73bf77abf62f331b4bc65 7511 sound optional libid3tag_0.16.3-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmcGHMERHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtFnpQ/+PeJ1FV0wqIuVkQCMzZENtWf/jPfOpQV5
D6GPgXUcn+x1MsaDVkyZD+Q5j0kKbWtw6YDnPJGSOfZ6wsIGWiHUidJrqjTmetcu
3a5zH1ThfG7f8KswM12O+oa1IacM3Sgwq1DCPtCGmdXLqns6gEQgPTJ4eMizUTcY
qzPs41zfx33EEDeYw37r00z8HpFsKCYh5NWvFSEKOowMhjyhvYegwqY9I+48Mwnp
9ROVaSlfID/sFJzlufWaqyXYZ7haG1eE/hI0udqk6Q8sEh3RxHKF5oei12OBvdDt
sT1w540gWSbS0ZFy/MOs7v71QzoLPLLBOtMX0KLWe8E/In4dDNu+jcWe8Cd4OlDB
gpgpGWa38UBNTs9ShIEaM/hNU3K0PvKg1sWCaFEzPj/6OYTtfNY/3WpVkKuA1llY
85p3CDdD2LT1hgTwj4P/khswWzwHFKOZeoMocDcvINSBuYikdqFq7jwrWborDP19
NZ2xKdHkHUCBQD/+hTuK5GW/TExvkg/K+6FWkplzcznOA1/deO+wwh7gUSfATPNw
nnK3zN59ZsBcZGt/5idtvYcd4Y3sFfnEKSFjqc+xHu5a9e/piKpEUUXf/VUZQuPW
LHVfSUpDYzuvliPC8s/HZQOo5PXUzxIPyURNRoAI1lwfMTHnihmasoYmLgXnKf45
eimGnkWraWM=
=uV0M
-----END PGP SIGNATURE-----
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.