1020806">

Debian Bug report logs - #1020806
perl-byacc: reproducible-builds: differing buildid in in /usr/bin/pbyacc

version graph

Package: src:perl-byacc; Maintainer for src:perl-byacc is Debian QA Group <packages@qa.debian.org>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Tue, 27 Sep 2022 00:03:02 UTC

Severity: wishlist

Tags: patch

Fixed in version 2.0-9

Done: Petter Reinholdtsen <pere@hungry.com>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#1020806; Package src:perl-byacc. (Tue, 27 Sep 2022 00:03:04 GMT) (full text, mbox, link).


Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian QA Group <packages@qa.debian.org>. (Tue, 27 Sep 2022 00:03:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: perl-byacc: reproducible-builds: differing buildid in in /usr/bin/pbyacc
Date: Mon, 26 Sep 2022 16:59:54 -0700
[Message part 1 (text/plain, inline)]
Source: perl-byacc
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The buildid differs in /usr/bin/pbyacc when built with a different build
path:

  https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/perl-byacc.html

The attached patch fixes this in the upstream Makefile by adding
-ffile-prefix-map to CFLAGS.

According to my local tests, with this patch applied perl-byacc should
build reproducibly on tests.reproducible-builds.org!

Thanks for maintaining perl-byacc!

live well,
  vagrant
[0001-Makefile-Add-ffile-prefix-map-to-CFLAGS-to-avoid-emb.patch (text/x-diff, inline)]
From 1002dd61fdf333b0266ce59cd3053e6812905727 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Mon, 26 Sep 2022 23:55:37 +0000
Subject: [PATCH] Makefile: Add -ffile-prefix-map to CFLAGS to avoid embedding
 build path.

https://reproducible-builds.org/docs/build-path/
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 077e9ea..1dd3c07 100644
--- a/Makefile
+++ b/Makefile
@@ -26,7 +26,7 @@ SIG_TYPE      = void
 
 CPPFLAGS      = $(RINDEX) -DPROGRAM=\"$(PROGRAM)\" -DSIG_TYPE=$(SIG_TYPE)
 
-CFLAGS	      = -O2 -g $(CPPFLAGS)
+CFLAGS	      = -O2 -g -ffile-prefix-map=$(CURDIR)=. $(CPPFLAGS)
 
 CC	      = gcc -Wall
 CPP	      = /lib/cpp	      
-- 
2.37.2

[signature.asc (application/pgp-signature, inline)]

Information forwarded to Debian QA Group <packages@qa.debian.org>:
Bug#1020806; Package src:perl-byacc. (Tue, 12 Mar 2024 22:36:44 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Debian QA Group <packages@qa.debian.org>. (Tue, 12 Mar 2024 22:36:44 GMT) (full text, mbox, link).


Message #10 received at 1020806-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Tue, 12 Mar 2024 22:33:24 +0000
Control: severity -1 wishlist

Dear Maintainer,

Because Debian builds packages from a fixed build path, neither the 'reprotest'
utility in Salsa-CI, nor the Reproducible Builds team's package test
infrastructure for Debian[1] currently check for equivalent binary package
output from differing source package build paths.

This means that your package will pass current reproducibility tests; however
we believe that source code and/or build steps still embed the build path into
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.

As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].

For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/

Thanks,
James

[1] - https://tests.reproducible-builds.org/debian/reproducible.html

[2] - https://www.debian.org/Bugs/Developer#severities



Severity set to 'wishlist' from 'normal' Request was from James Addison <jay@jp-hosting.net> to 1020806-maintonly@bugs.debian.org. (Tue, 12 Mar 2024 22:36:45 GMT) (full text, mbox, link).


Information forwarded to Debian QA Group <packages@qa.debian.org>:
Bug#1020806; Package src:perl-byacc. (Wed, 13 Mar 2024 09:21:29 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Debian QA Group <packages@qa.debian.org>. (Wed, 13 Mar 2024 09:21:30 GMT) (full text, mbox, link).


Message #17 received at 1020806-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Wed, 13 Mar 2024 09:18:02 +0000
A correction for a mistake in my previous message:

> Because Debian builds packages from a fixed build path, neither the 'reprotest'
> utility in Salsa-CI, nor the Reproducible Builds team's package test
> infrastructure for Debian[1] currently check for equivalent binary package
> output from differing source package build paths.
>
> This means that your package will pass current reproducibility tests; ...
> [ snip ]

Currently the 'reprotest' job in Salsa-CI does in fact continue to exercise
variations of the build-path, and will fail if it builds binary packages that
contain different contents as a result.



Reply sent to Petter Reinholdtsen <pere@hungry.com>:
You have taken responsibility. (Thu, 25 Apr 2024 13:00:09 GMT) (full text, mbox, link).


Notification sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer. (Thu, 25 Apr 2024 13:00:09 GMT) (full text, mbox, link).


Message #22 received at 1020806-done@bugs.debian.org (full text, mbox, reply):

From: Petter Reinholdtsen <pere@hungry.com>
To: 1020806-done@bugs.debian.org
Subject: [Debian FTP Masters] Accepted perl-byacc 2.0-9 (source) into unstable
Date: Thu, 25 Apr 2024 15:02:58 +0200
[Message part 1 (text/plain, inline)]
Version: 2.0-9

I forgot to close this bug in d/changelog.

-------------------- Start of forwarded message --------------------
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: debian-devel-changes@lists.debian.org
Subject: Accepted perl-byacc 2.0-9 (source) into unstable
Date: Thu, 25 Apr 2024 09:06:37 +0000

[Message part 2 (text/plain, inline)]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 24 Apr 2024 19:14:14 +0200
Source: perl-byacc
Architecture: source
Version: 2.0-9
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Changes:
 perl-byacc (2.0-9) unstable; urgency=medium
 .
   * QA upload.
 .
   * Updated vcs in d/control to Salsa.
   * Added d/gbp.conf to enforce the use of pristine-tar.
   * Updated Standards-Version from 3.9.8 to 4.7.0.
   * Moved to debhelper compat level 13 and enabled hardening and reproducible build.
Checksums-Sha1:
 a34413b43fad9194c8badca1aa6865d11b403937 1792 perl-byacc_2.0-9.dsc
 9312e49e3929820c3e41d651563da242d7259530 84540 perl-byacc_2.0.orig.tar.gz
 23cef06d2409b67d0e5f9f15ca12eb7b5a3cc0e4 13912 perl-byacc_2.0-9.debian.tar.xz
 003b3378b4b3b2b54afb70da58855f45dc995756 6361 perl-byacc_2.0-9_source.buildinfo
Checksums-Sha256:
 467e253c37476f5002ca7cd59ad4beba140acfbb4894b44ae6893a0be4f570c7 1792 perl-byacc_2.0-9.dsc
 ce370945ca19299bb65c8223d8e7370f3edfe5e32322d21fb41d19325a72cbef 84540 perl-byacc_2.0.orig.tar.gz
 ca3f5f9d599e4ca3d1e7a0ebc48a6efe806d9b52a77942d69da17b29b2414d8d 13912 perl-byacc_2.0-9.debian.tar.xz
 d4504424b32fc7f4a4f492faa7e8725c37b603ee6d0099e86d6d3cecaded6362 6361 perl-byacc_2.0-9_source.buildinfo
Files:
 bff7bb9d01bc8f17e92e62c152b6acd8 1792 devel optional perl-byacc_2.0-9.dsc
 4c206de09d6af335e9376f78659ed4f2 84540 devel optional perl-byacc_2.0.orig.tar.gz
 371111f52ef24a92af5ec8be16467c76 13912 devel optional perl-byacc_2.0-9.debian.tar.xz
 f9dd1c403088e7e01579f33bc8affdcd 6361 devel optional perl-byacc_2.0-9_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmYqGAUACgkQgSgKoIe6
+w5rGA//Z0b9vdPG+ou4AO+4p0Vv377EcMyY61L+F+SvuxloP4AY++6KYEKqv3Y7
XQvrtW55NChsCObYfU+tPrf1nKIrM4cVYNci5JJQhjK9V4Aw6a8izS26sv0T80sh
kQhLzFNMT4zoc+PmLSTHEetMIRfPylBsn6KvO0UTwCt44Jpex8qTGWDOt04tQa4b
QxYfH3idg9JvA5DaCL3x39YzAR/j20iknfIDcy/Gb3oOG2xu90QKCSSnaNUhdTQR
yuV8oy/HZtb3QFXHCnRe8BBMGpQ0J0C3lM9IwHGrUdKnuaBj+IASGcIu3J3HbM9U
Ekf101eHmo9hi30rCAch6Qt+2cgWyazCjXevbryo23mqSFqpwiJQT2Fk4jifrVMH
IXg+uKyWE9JeOn3cueezHZDE5pNgozwPRe+/YtNkZA3SwlH/d9gP/0BWijmITJRP
91oUWHy0TYHuS4cYHzTBUCqil3Ep/euVFko7rZf5iEFM6IPJoywhz7GChFgwZS7W
rnWmnvIXc0f7wE7XKnaqCUWcNcqg9WBdCj9ZN8ImZuovJ6blYytAb9XG/pBZ5lSf
tllC7gykGKtObjlkOBQW9HuvHW09ExDMJI3BEQUd6m7RH615v0B5wK+a4gj7NzWW
9HZoSCEB0Zf+WrMPq7TqKgQszhS0sjKmdVneIV069D3VPUpAB4g=
=iW8x
-----END PGP SIGNATURE-----

[Message part 3 (application/pgp-signature, inline)]
[Message part 4 (text/plain, inline)]
-------------------- End of forwarded message --------------------

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 29 May 2024 07:25:10 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 31 00:25:00 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.