1020736">

Debian Bug report logs - #1020736
libreswan: reproducible builds: Embeds build hostname in binaries

version graph

Package: src:libreswan; Maintainer for src:libreswan is Daniel Kahn Gillmor <dkg@fifthhorseman.net>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Sun, 25 Sep 2022 21:09:05 UTC

Severity: normal

Tags: patch

Found in version libreswan/4.6-1

Fixed in version libreswan/4.9-1

Done: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/libreswan/libreswan/issues/989

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug#1020736; Package src:libreswan. (Sun, 25 Sep 2022 21:09:06 GMT) (full text, mbox, link).


Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Daniel Kahn Gillmor <dkg@fifthhorseman.net>. (Sun, 25 Sep 2022 21:09:07 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: libreswan: reproducible builds: Embeds build username and hostname in binaries
Date: Sun, 25 Sep 2022 13:58:43 -0700
[Message part 1 (text/plain, inline)]
Source: libreswan
Version: 4.6-1
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: hostname
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

Ever since version 4.6-1, libreswan has been embedding the hostname in
various binaries:

  https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/libreswan.html

  /usr/libexec/ipsec/_import_crl

  ./lib/libipsecconf/../../OBJ.linux.amd64.ionos5-amd64/lib/libipsecconf/lex.yy.c.tmp:1806
  vs.
  ./lib/libipsecconf/../../OBJ.linux.amd64.i-capture-the-hostname/lib/libipsecconf/lex.yy.c.tmp:1806

The attached patch fixes this by setting OBJDIR from debian/rules.

I am not positive there are not other outstanding issue, but this
*might* be enough to make libreswan build reproducibly again.

Thanks for maintaining libreswan!

live well,
  vagrant
[0001-debian-rules-Pass-OBJDIR-to-avoid-embedding-hostname.patch (text/x-diff, inline)]
From c68ea5c4e44bf175b1223e7bb3f3f7516a602f22 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Sun, 25 Sep 2022 20:50:29 +0000
Subject: [PATCH] debian/rules: Pass OBJDIR to avoid embedding hostname.

By default, OBJDIR is defined in mk/objdir.mk, which includes the
system hostname, and this value gets  embedded in the generated
binaries.
---
 debian/rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/rules b/debian/rules
index 5491fbf..b7dd981 100755
--- a/debian/rules
+++ b/debian/rules
@@ -31,6 +31,7 @@ NSS_AVA_MISSING=$(shell if printf '#include <cert.h>\nint main() { return CERT_C
 
 DEBIAN_LIBRESWAN_BUILD_FLAGS = \
 		ARCH=$(DEB_HOST_ARCH) \
+		OBJDIR=OBJ.$(DEB_HOST_ARCH_OS).$(DEB_HOST_ARCH) \
 		IPSECVERSION=$(DEB_VERSION_UPSTREAM) \
 		PREFIX=/usr \
 		FINALLIBEXECDIR=/usr/libexec/ipsec \
-- 
2.37.2

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug#1020736; Package src:libreswan. (Sun, 25 Sep 2022 21:57:10 GMT) (full text, mbox, link).


Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Extra info received and forwarded to list. Copy sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>. (Sun, 25 Sep 2022 21:57:10 GMT) (full text, mbox, link).


Message #10 received at 1020736@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: 1020736@bugs.debian.org
Subject: Re: libreswan: reproducible builds: Embeds build hostname in binaries
Date: Sun, 25 Sep 2022 14:54:45 -0700
[Message part 1 (text/plain, inline)]
Control: retitle 1020736 libreswan: reproducible builds: Embeds build hostname in binaries

Fixed title; it only embeds the hostname.
[signature.asc (application/pgp-signature, inline)]

Changed Bug title to 'libreswan: reproducible builds: Embeds build hostname in binaries' from 'libreswan: reproducible builds: Embeds build username and hostname in binaries'. Request was from Vagrant Cascadian <vagrant@reproducible-builds.org> to 1020736-submit@bugs.debian.org. (Sun, 25 Sep 2022 21:57:11 GMT) (full text, mbox, link).


Reply sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
You have taken responsibility. (Thu, 19 Jan 2023 23:54:07 GMT) (full text, mbox, link).


Notification sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer. (Thu, 19 Jan 2023 23:54:07 GMT) (full text, mbox, link).


Message #17 received at 1020736-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1020736-close@bugs.debian.org
Subject: Bug#1020736: fixed in libreswan 4.9-1
Date: Thu, 19 Jan 2023 23:52:01 +0000
Source: libreswan
Source-Version: 4.9-1
Done: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

We believe that the bug you reported is fixed in the latest version of
libreswan, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1020736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <dkg@fifthhorseman.net> (supplier of updated libreswan package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 19 Jan 2023 17:41:25 -0500
Source: libreswan
Architecture: source
Version: 4.9-1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Changed-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Closes: 1015517 1020736
Changes:
 libreswan (4.9-1) unstable; urgency=medium
 .
   [ Daniel Kahn Gillmor ]
   * New upstream release
     - upstream fixed LTO (Closes: #1015517)
   * d/upstream/signing-key.asc: update with better bindings
   * Standards-Version: bump to 4.6.2 (no changes needed)
 .
   [ Vagrant Cascadian ]
   * debian/rules: Pass OBJDIR to avoid embedding hostname. (Closes: #1020736)
 .
   [ Daniel Kahn Gillmor ]
   * refresh patches
   * d/copyright: remove reference to upstream-deleted BSDKAME code
   * update lintian overrides
   * d/copyright: update years to relevant years
Checksums-Sha1:
 78cabebcb939c05c4b055868d5c184819d4021f3 2018 libreswan_4.9-1.dsc
 12b7351ca7e6ba1ac787239e67027a4d82f02f10 3706966 libreswan_4.9.orig.tar.gz
 c49020c0ad28bbc2566e79570054ebfd392b8044 862 libreswan_4.9.orig.tar.gz.asc
 4bdc00eb659ca482ac1f1b8f7e99393fca7d58e9 14548 libreswan_4.9-1.debian.tar.xz
 eaffad26007574ad03b7bd2f993dabc7497c666e 11218 libreswan_4.9-1_amd64.buildinfo
Checksums-Sha256:
 5f19b596ae00aa89f3049836a5808c2fa30fe9e1f10a0485bbd929d8ec101da6 2018 libreswan_4.9-1.dsc
 f642dcb635e909564ca8fd99ea44ab43f60723b4d76c158ed812978c45b398b9 3706966 libreswan_4.9.orig.tar.gz
 db26966571a9cee1c978be016c5852f4455d414af6c9e56144724e4cc8bd8ba4 862 libreswan_4.9.orig.tar.gz.asc
 878aafb095ae4caecd7b89ae7f6189f58214721744933f994edfbaf870ef1438 14548 libreswan_4.9-1.debian.tar.xz
 60c3dc8b27fef3815422c1d083128babb8dc874044e0f19c4f2bda8745feaa06 11218 libreswan_4.9-1_amd64.buildinfo
Files:
 416838e26557e1ffda9550e22713edfe 2018 net optional libreswan_4.9-1.dsc
 584ee91ace5208db1a517b4c8e7a3971 3706966 net optional libreswan_4.9.orig.tar.gz
 d9c2b9c85aa084b1789c1bfdb328ab21 862 net optional libreswan_4.9.orig.tar.gz.asc
 51ba6383c1247a36242cf558fb618582 14548 net optional libreswan_4.9-1.debian.tar.xz
 de103783bb87435d4c4e1a3a4d141aff 11218 net optional libreswan_4.9-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQttUkcnfDcj0MoY88+nXFzcd5WXAUCY8nNuAAKCRA+nXFzcd5W
XM1nAQCO9HGkwqYk6y9vQ+ElPJH/ISa+XpqlEKz7uEdnSqZw5gD+JcPRCQqxjdLw
mFEisxNN91wajg7JJddMZ08b/0rUkAM=
=IpOR
-----END PGP SIGNATURE-----




Set Bug forwarded-to-address to 'https://github.com/libreswan/libreswan/issues/989'. Request was from Daniel Kahn Gillmor <dkg@fifthhorseman.net> to control@bugs.debian.org. (Mon, 23 Jan 2023 16:15:02 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 31 Mar 2023 07:26:58 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 31 00:43:19 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.