1020723">

Debian Bug report logs - #1020723
python-omegaconf: reproducible-builds: Embedded build path in OmegaConfGrammer*.py

version graph

Package: src:python-omegaconf; Maintainer for src:python-omegaconf is Debian OpenStack <team+openstack@tracker.debian.org>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Sun, 25 Sep 2022 19:39:01 UTC

Severity: wishlist

Tags: patch

Fixed in version python-omegaconf/2.3.0-1

Done: Thomas Goirand <zigo@debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian OpenStack <team+openstack@tracker.debian.org>:
Bug#1020723; Package src:python-omegaconf. (Sun, 25 Sep 2022 19:39:03 GMT) (full text, mbox, link).


Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian OpenStack <team+openstack@tracker.debian.org>. (Sun, 25 Sep 2022 19:39:03 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: python-omegaconf: reproducible-builds: Embedded build path in OmegaConfGrammer*.py
Date: Sun, 25 Sep 2022 12:35:37 -0700
[Message part 1 (text/plain, inline)]
Source: python-omegaconf
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The build path is embedded in several files
/usr/lib/python3/dist-packages/omegaconf/grammar/gen/OmegaConfGrammar*.py:

  https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/python-omegaconf.html

  /usr/lib/python3/dist-packages/omegaconf/grammar/gen/OmegaConfGrammarLexer.py

  #·Generated·from·/build/1st/python-omegaconf-2.2.2/omegaconf/grammar/OmegaConfGrammarLexer.g4·by·ANTLR·4.9.3
  vs.
  #·Generated·from·/build/2/python-omegaconf-2.2.2/2nd/omegaconf/grammar/OmegaConfGrammarLexer.g4·by·ANTLR·4.9.3

The attached patch fixes this from the dh_auto_install override in
debian/rules by replacing the build path in these files with a
placeholder string.

With this patch applied python-omegaconf should build reproducibly on
tests.reproducible-builds.org!

Thanks for maintaining python-omegaconf!

live well,
  vagrant
[0001-debian-rules-Replace-build-path-in-OmegaConfGrammer-.patch (text/x-diff, inline)]
From 6f5873415c94145a89c70978c26295fc96ac343f Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Sun, 25 Sep 2022 19:28:43 +0000
Subject: [PATCH] debian/rules: Replace build path in OmegaConfGrammer*.py with
 a placeholder string for reproducible builds.

https://reproducible-builds.org/docs/build-path/
---
 debian/rules | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/rules b/debian/rules
index 42ab50c..0941c33 100755
--- a/debian/rules
+++ b/debian/rules
@@ -21,6 +21,12 @@ override_dh_auto_build:
 
 override_dh_auto_install:
 	pkgos-dh_auto_install --no-py2 --in-tmp
+	# Replace build path with a placeholder string for reproducible builds
+	sed -i -e "s,$(CURDIR),BUILDPATH,g" \
+		debian/tmp/usr/lib/python3/dist-packages/omegaconf/grammar/gen/OmegaConfGrammarParserVisitor.py \
+		debian/tmp/usr/lib/python3/dist-packages/omegaconf/grammar/gen/OmegaConfGrammarParserListener.py \
+		debian/tmp/usr/lib/python3/dist-packages/omegaconf/grammar/gen/OmegaConfGrammarParser.py \
+		debian/tmp/usr/lib/python3/dist-packages/omegaconf/grammar/gen/OmegaConfGrammarLexer.py \
 
 ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS)))
 	for i in `py3versions -rv` ; do \
-- 
2.37.2

[signature.asc (application/pgp-signature, inline)]

Information forwarded to Debian OpenStack <team+openstack@tracker.debian.org>:
Bug#1020723; Package src:python-omegaconf. (Tue, 12 Mar 2024 22:36:29 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Debian OpenStack <team+openstack@tracker.debian.org>. (Tue, 12 Mar 2024 22:36:29 GMT) (full text, mbox, link).


Message #10 received at 1020723-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Tue, 12 Mar 2024 22:33:24 +0000
Control: severity -1 wishlist

Dear Maintainer,

Because Debian builds packages from a fixed build path, neither the 'reprotest'
utility in Salsa-CI, nor the Reproducible Builds team's package test
infrastructure for Debian[1] currently check for equivalent binary package
output from differing source package build paths.

This means that your package will pass current reproducibility tests; however
we believe that source code and/or build steps still embed the build path into
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.

As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].

For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/

Thanks,
James

[1] - https://tests.reproducible-builds.org/debian/reproducible.html

[2] - https://www.debian.org/Bugs/Developer#severities



Severity set to 'wishlist' from 'normal' Request was from James Addison <jay@jp-hosting.net> to 1020723-maintonly@bugs.debian.org. (Tue, 12 Mar 2024 22:36:29 GMT) (full text, mbox, link).


Information forwarded to Debian OpenStack <team+openstack@tracker.debian.org>:
Bug#1020723; Package src:python-omegaconf. (Wed, 13 Mar 2024 09:21:17 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Debian OpenStack <team+openstack@tracker.debian.org>. (Wed, 13 Mar 2024 09:21:17 GMT) (full text, mbox, link).


Message #17 received at 1020723-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Wed, 13 Mar 2024 09:18:02 +0000
A correction for a mistake in my previous message:

> Because Debian builds packages from a fixed build path, neither the 'reprotest'
> utility in Salsa-CI, nor the Reproducible Builds team's package test
> infrastructure for Debian[1] currently check for equivalent binary package
> output from differing source package build paths.
>
> This means that your package will pass current reproducibility tests; ...
> [ snip ]

Currently the 'reprotest' job in Salsa-CI does in fact continue to exercise
variations of the build-path, and will fail if it builds binary packages that
contain different contents as a result.



Reply sent to Thomas Goirand <zigo@debian.org>:
You have taken responsibility. (Thu, 02 May 2024 06:39:03 GMT) (full text, mbox, link).


Notification sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer. (Thu, 02 May 2024 06:39:03 GMT) (full text, mbox, link).


Message #22 received at 1020723-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1020723-close@bugs.debian.org
Subject: Bug#1020723: fixed in python-omegaconf 2.3.0-1
Date: Thu, 02 May 2024 06:38:19 +0000
[Message part 1 (text/plain, inline)]
Source: python-omegaconf
Source-Version: 2.3.0-1
Done: Thomas Goirand <zigo@debian.org>

We believe that the bug you reported is fixed in the latest version of
python-omegaconf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1020723@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated python-omegaconf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 02 May 2024 07:53:22 +0200
Source: python-omegaconf
Architecture: source
Version: 2.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1020723 1042251
Changes:
 python-omegaconf (2.3.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Add missing (build-)depends python3-attr (Closes: #1042251).
   * Add --disable-warnings --disable-warnings -p no:warnings when running
     tests, as the package FTBFS otherwise.
   * Add disable-broken-test.patch.
   * Add d/rules patch from Vagrant Cascadian for build reproducibility
     (Closes: #1020723).
Checksums-Sha1:
 52c970350a17bf8a4dd63aff7883ffb7c33231bc 2293 python-omegaconf_2.3.0-1.dsc
 19f683e994c264536398c5071142eda944909fcd 3116804 python-omegaconf_2.3.0.orig.tar.xz
 beae9a4d15b46a2a20de2a6f7159cf18e88a8aec 3888 python-omegaconf_2.3.0-1.debian.tar.xz
 1ed4036959039555c3b1229e3640a5d72fb91da3 11751 python-omegaconf_2.3.0-1_amd64.buildinfo
Checksums-Sha256:
 068966579f6bad277d4eb04a1248f31ff4592cff1b3b817e06331387ed89159f 2293 python-omegaconf_2.3.0-1.dsc
 86d0249a8970b32c831735f463be29b2d58a608ac93eda4f91bed701854e6f06 3116804 python-omegaconf_2.3.0.orig.tar.xz
 68d0053feb828eb5218df4c1f6b33801006838d52db1ecad0ff98cb28598104e 3888 python-omegaconf_2.3.0-1.debian.tar.xz
 a052a98ad3666576ca50a44cee9b7151b59a1709c4ccbe94531d764db1f008a3 11751 python-omegaconf_2.3.0-1_amd64.buildinfo
Files:
 1dde2d5194a727bee3aff4e39f0c7739 2293 python optional python-omegaconf_2.3.0-1.dsc
 9f521a6cdd77fdf53b5da44cf0aa1b71 3116804 python optional python-omegaconf_2.3.0.orig.tar.xz
 aeec336fe3a7dc94090d317e0b1997ac 3888 python optional python-omegaconf_2.3.0-1.debian.tar.xz
 99c27aaf58748226bf6c4d19897c8b2e 11751 python optional python-omegaconf_2.3.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmYzMN0ACgkQ1BatFaxr
Q/5NPg/+MMRCt0q4Xb2HjQd5nXlEVi6tb2pzfg7qBuKKOv2jOdlaYCKQBXxeQGHD
YjbC/vQidXDY3F+xW9dFS87uZ1FFS4uZD1Yex2G9KeMO03gpps4+L2cVw25k2t4o
7EqxLPMpp0pgNzvl8FB+AYcf7BY0vCueJkrjrpNA7ks4c51g5MNUAjEQo9fysNHx
P78pt0P7LhtTqX86+U7aajBIuKNpY23fEjuRsCeyQ2gJCIMhqD5D9U0sGGz/UNv8
Ht+dA+NrX6DJKGQOgrqMkJZW+54G8dBdLPFeXhfTh9jRRRKDTpJ6wdgTzzMraQ5B
UkX60paYhC0sw/OQtOQhb47qYqFuHmAZ5Pfm/cw2nPmsC6F+wlBJ4rHm834oD6PH
IcJHDctU1nA9c3QFpTc6Gh7pZZYAxTiCIT+t6v9gw88bJowIerWMOTQ9gEnqZU40
oDKIdrK7SE5EdbXKIP1AsvDtlnSZsN6vKYe2TDzBqxTrEskhXqai5QKNGfZ/HzGg
oWW6YjQbncR521pSEE0khrAhtj7y1H8Rdfm3vDhNRuf/4NbSLOavUgh+Rb0JbpPQ
OoqQlwJD/a1IG1oS8/K94ka6xfvCX7MjzoNZeDxnOcBIMbjBc0rwGUbuIe7XyVei
Qso4oP5rjUoJX9g7J72tQqW+2G+4YC9DJmY3X+HD6yyT7+URKhw=
=9aPT
-----END PGP SIGNATURE-----

[Message part 2 (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 01 Jun 2024 07:27:11 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 31 00:43:19 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.