Acknowledgement sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian OpenStack <team+openstack@tracker.debian.org>.
(Sun, 25 Sep 2022 19:39:03 GMT) (full text, mbox, link).
Source: python-omegaconf
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
The build path is embedded in several files
/usr/lib/python3/dist-packages/omegaconf/grammar/gen/OmegaConfGrammar*.py:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/python-omegaconf.html
/usr/lib/python3/dist-packages/omegaconf/grammar/gen/OmegaConfGrammarLexer.py
#·Generated·from·/build/1st/python-omegaconf-2.2.2/omegaconf/grammar/OmegaConfGrammarLexer.g4·by·ANTLR·4.9.3
vs.
#·Generated·from·/build/2/python-omegaconf-2.2.2/2nd/omegaconf/grammar/OmegaConfGrammarLexer.g4·by·ANTLR·4.9.3
The attached patch fixes this from the dh_auto_install override in
debian/rules by replacing the build path in these files with a
placeholder string.
With this patch applied python-omegaconf should build reproducibly on
tests.reproducible-builds.org!
Thanks for maintaining python-omegaconf!
live well,
vagrant
Information forwarded
to Debian OpenStack <team+openstack@tracker.debian.org>: Bug#1020723; Package src:python-omegaconf.
(Tue, 12 Mar 2024 22:36:29 GMT) (full text, mbox, link).
Acknowledgement sent
to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Debian OpenStack <team+openstack@tracker.debian.org>.
(Tue, 12 Mar 2024 22:36:29 GMT) (full text, mbox, link).
Control: severity -1 wishlist
Dear Maintainer,
Because Debian builds packages from a fixed build path, neither the 'reprotest'
utility in Salsa-CI, nor the Reproducible Builds team's package test
infrastructure for Debian[1] currently check for equivalent binary package
output from differing source package build paths.
This means that your package will pass current reproducibility tests; however
we believe that source code and/or build steps still embed the build path into
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.
As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].
For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/
Thanks,
James
[1] - https://tests.reproducible-builds.org/debian/reproducible.html
[2] - https://www.debian.org/Bugs/Developer#severities
Severity set to 'wishlist' from 'normal'
Request was from James Addison <jay@jp-hosting.net>
to 1020723-maintonly@bugs.debian.org.
(Tue, 12 Mar 2024 22:36:29 GMT) (full text, mbox, link).
Information forwarded
to Debian OpenStack <team+openstack@tracker.debian.org>: Bug#1020723; Package src:python-omegaconf.
(Wed, 13 Mar 2024 09:21:17 GMT) (full text, mbox, link).
Acknowledgement sent
to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Debian OpenStack <team+openstack@tracker.debian.org>.
(Wed, 13 Mar 2024 09:21:17 GMT) (full text, mbox, link).
A correction for a mistake in my previous message:
> Because Debian builds packages from a fixed build path, neither the 'reprotest'
> utility in Salsa-CI, nor the Reproducible Builds team's package test
> infrastructure for Debian[1] currently check for equivalent binary package
> output from differing source package build paths.
>
> This means that your package will pass current reproducibility tests; ...
> [ snip ]
Currently the 'reprotest' job in Salsa-CI does in fact continue to exercise
variations of the build-path, and will fail if it builds binary packages that
contain different contents as a result.
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Thu, 02 May 2024 06:39:03 GMT) (full text, mbox, link).
Notification sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer.
(Thu, 02 May 2024 06:39:03 GMT) (full text, mbox, link).
Source: python-omegaconf
Source-Version: 2.3.0-1
Done: Thomas Goirand <zigo@debian.org>
We believe that the bug you reported is fixed in the latest version of
python-omegaconf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1020723@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated python-omegaconf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 02 May 2024 07:53:22 +0200
Source: python-omegaconf
Architecture: source
Version: 2.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 10207231042251
Changes:
python-omegaconf (2.3.0-1) unstable; urgency=medium
.
* New upstream release.
* Add missing (build-)depends python3-attr (Closes: #1042251).
* Add --disable-warnings --disable-warnings -p no:warnings when running
tests, as the package FTBFS otherwise.
* Add disable-broken-test.patch.
* Add d/rules patch from Vagrant Cascadian for build reproducibility
(Closes: #1020723).
Checksums-Sha1:
52c970350a17bf8a4dd63aff7883ffb7c33231bc 2293 python-omegaconf_2.3.0-1.dsc
19f683e994c264536398c5071142eda944909fcd 3116804 python-omegaconf_2.3.0.orig.tar.xz
beae9a4d15b46a2a20de2a6f7159cf18e88a8aec 3888 python-omegaconf_2.3.0-1.debian.tar.xz
1ed4036959039555c3b1229e3640a5d72fb91da3 11751 python-omegaconf_2.3.0-1_amd64.buildinfo
Checksums-Sha256:
068966579f6bad277d4eb04a1248f31ff4592cff1b3b817e06331387ed89159f 2293 python-omegaconf_2.3.0-1.dsc
86d0249a8970b32c831735f463be29b2d58a608ac93eda4f91bed701854e6f06 3116804 python-omegaconf_2.3.0.orig.tar.xz
68d0053feb828eb5218df4c1f6b33801006838d52db1ecad0ff98cb28598104e 3888 python-omegaconf_2.3.0-1.debian.tar.xz
a052a98ad3666576ca50a44cee9b7151b59a1709c4ccbe94531d764db1f008a3 11751 python-omegaconf_2.3.0-1_amd64.buildinfo
Files:
1dde2d5194a727bee3aff4e39f0c7739 2293 python optional python-omegaconf_2.3.0-1.dsc
9f521a6cdd77fdf53b5da44cf0aa1b71 3116804 python optional python-omegaconf_2.3.0.orig.tar.xz
aeec336fe3a7dc94090d317e0b1997ac 3888 python optional python-omegaconf_2.3.0-1.debian.tar.xz
99c27aaf58748226bf6c4d19897c8b2e 11751 python optional python-omegaconf_2.3.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmYzMN0ACgkQ1BatFaxr
Q/5NPg/+MMRCt0q4Xb2HjQd5nXlEVi6tb2pzfg7qBuKKOv2jOdlaYCKQBXxeQGHD
YjbC/vQidXDY3F+xW9dFS87uZ1FFS4uZD1Yex2G9KeMO03gpps4+L2cVw25k2t4o
7EqxLPMpp0pgNzvl8FB+AYcf7BY0vCueJkrjrpNA7ks4c51g5MNUAjEQo9fysNHx
P78pt0P7LhtTqX86+U7aajBIuKNpY23fEjuRsCeyQ2gJCIMhqD5D9U0sGGz/UNv8
Ht+dA+NrX6DJKGQOgrqMkJZW+54G8dBdLPFeXhfTh9jRRRKDTpJ6wdgTzzMraQ5B
UkX60paYhC0sw/OQtOQhb47qYqFuHmAZ5Pfm/cw2nPmsC6F+wlBJ4rHm834oD6PH
IcJHDctU1nA9c3QFpTc6Gh7pZZYAxTiCIT+t6v9gw88bJowIerWMOTQ9gEnqZU40
oDKIdrK7SE5EdbXKIP1AsvDtlnSZsN6vKYe2TDzBqxTrEskhXqai5QKNGfZ/HzGg
oWW6YjQbncR521pSEE0khrAhtj7y1H8Rdfm3vDhNRuf/4NbSLOavUgh+Rb0JbpPQ
OoqQlwJD/a1IG1oS8/K94ka6xfvCX7MjzoNZeDxnOcBIMbjBc0rwGUbuIe7XyVei
Qso4oP5rjUoJX9g7J72tQqW+2G+4YC9DJmY3X+HD6yyT7+URKhw=
=9aPT
-----END PGP SIGNATURE-----
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.