1020881">

Debian Bug report logs - #1020881
kafs-client: reproducible-builds: Embedded build paths in binaries

version graph

Package: src:kafs-client; Maintainer for src:kafs-client is Bill MacAllister <bill@ca-zephyr.org>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Tue, 27 Sep 2022 21:45:02 UTC

Severity: wishlist

Tags: patch

Fixed in version kafs-client/0.5-5

Done: Russ Allbery <rra@debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Bill MacAllister <bill@ca-zephyr.org>:
Bug#1020881; Package src:kafs-client. (Tue, 27 Sep 2022 21:45:04 GMT) (full text, mbox, link).


Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Bill MacAllister <bill@ca-zephyr.org>. (Tue, 27 Sep 2022 21:45:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: kafs-client: reproducible-builds: Embedded build paths in binaries
Date: Tue, 27 Sep 2022 14:41:56 -0700
[Message part 1 (text/plain, inline)]
Source: kafs-client
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The build path is embedded in various binaries or triggers differences
in buildid:

  https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/kafs-client.html

  /usr/libexec/kafs-dns

  /build/1st/kafs-client-0.5/src/dns_main.c:221
  vs.
  /build/2/kafs-client-0.5/2nd/src/dns_main.c:221

The attached patch to the upstream Makefile fixes this by adding
-ffile-prefix-map to CFLAGS.

According to my local tests, with this patch applied kafs-client should
build reproducibly on tests.reproducible-builds.org!

Thanks for maintaining kafs-client!

live well,
  vagrant
[0001-Makefile-Add-ffile-prefix-map-to-CFLAGS-to-avoid-emb.patch (text/x-diff, inline)]
From eecef6a737037f42c241d4ffe3a814cdfe94ae08 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Tue, 27 Sep 2022 21:37:47 +0000
Subject: [PATCH] Makefile: Add -ffile-prefix-map to CFLAGS to avoid embedding
 build paths.

https://reproducible-builds.org/docs/build-path/
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 00fe618..2c28567 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-CFLAGS		= -g -O2 -Wall -Wsign-compare
+CFLAGS		= -g -O2 -Wall -Wsign-compare -ffile-prefix-map=$(CURDIR)=.
 MKDIR		= mkdir
 INSTALL		= install
 DESTDIR		=
-- 
2.37.2

[signature.asc (application/pgp-signature, inline)]

Information forwarded to Bill MacAllister <bill@ca-zephyr.org>:
Bug#1020881; Package src:kafs-client. (Tue, 12 Mar 2024 22:37:07 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Bill MacAllister <bill@ca-zephyr.org>. (Tue, 12 Mar 2024 22:37:07 GMT) (full text, mbox, link).


Message #10 received at 1020881-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Tue, 12 Mar 2024 22:33:24 +0000
Control: severity -1 wishlist

Dear Maintainer,

Because Debian builds packages from a fixed build path, neither the 'reprotest'
utility in Salsa-CI, nor the Reproducible Builds team's package test
infrastructure for Debian[1] currently check for equivalent binary package
output from differing source package build paths.

This means that your package will pass current reproducibility tests; however
we believe that source code and/or build steps still embed the build path into
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.

As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].

For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/

Thanks,
James

[1] - https://tests.reproducible-builds.org/debian/reproducible.html

[2] - https://www.debian.org/Bugs/Developer#severities



Severity set to 'wishlist' from 'normal' Request was from James Addison <jay@jp-hosting.net> to 1020881-maintonly@bugs.debian.org. (Tue, 12 Mar 2024 22:37:07 GMT) (full text, mbox, link).


Information forwarded to Bill MacAllister <bill@ca-zephyr.org>:
Bug#1020881; Package src:kafs-client. (Wed, 13 Mar 2024 09:21:46 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Bill MacAllister <bill@ca-zephyr.org>. (Wed, 13 Mar 2024 09:21:46 GMT) (full text, mbox, link).


Message #17 received at 1020881-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Wed, 13 Mar 2024 09:18:02 +0000
A correction for a mistake in my previous message:

> Because Debian builds packages from a fixed build path, neither the 'reprotest'
> utility in Salsa-CI, nor the Reproducible Builds team's package test
> infrastructure for Debian[1] currently check for equivalent binary package
> output from differing source package build paths.
>
> This means that your package will pass current reproducibility tests; ...
> [ snip ]

Currently the 'reprotest' job in Salsa-CI does in fact continue to exercise
variations of the build-path, and will fail if it builds binary packages that
contain different contents as a result.



Reply sent to Russ Allbery <rra@debian.org>:
You have taken responsibility. (Tue, 09 Jul 2024 02:39:03 GMT) (full text, mbox, link).


Notification sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer. (Tue, 09 Jul 2024 02:39:03 GMT) (full text, mbox, link).


Message #22 received at 1020881-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1020881-close@bugs.debian.org
Subject: Bug#1020881: fixed in kafs-client 0.5-5
Date: Tue, 09 Jul 2024 02:36:25 +0000
[Message part 1 (text/plain, inline)]
Source: kafs-client
Source-Version: 0.5-5
Done: Russ Allbery <rra@debian.org>

We believe that the bug you reported is fixed in the latest version of
kafs-client, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1020881@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Russ Allbery <rra@debian.org> (supplier of updated kafs-client package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 08 Jul 2024 19:09:23 -0700
Source: kafs-client
Architecture: source
Version: 0.5-5
Distribution: unstable
Urgency: medium
Maintainer: Bill MacAllister <bill@ca-zephyr.org>
Changed-By: Russ Allbery <rra@debian.org>
Closes: 976557 1020881 1069757 1075106
Changes:
 kafs-client (0.5-5) unstable; urgency=medium
 .
   * Disable upstream build code that adds -m32 or -m64 based on the
     dynamically calculated word size. This code is unnecessary on Debian,
     where the default compiler behavior should be used, and causes
     problems on some Debian architectures that don't support -m64. Thanks
     to Yue Gui, Lucas Nussbaum, and wuruilong for the reports.
     (Closes: #976557, #1069757)
   * Add reproducible=+fixfilepath to DEB_BUILD_MAINT_OPTIONS to avoid
     embedding the build path into binaries, which breaks binary
     reproducibility. Thanks to Vagrant Cascadian for the report.
     (Closes: #1020881)
   * Add missing include to the kafs-check-config patch to support using
     the default cell, fixing build failures with GCC 14. Thanks to
     Matthias Klose for the report. (Closes: #1075106)
   * Update standards version to 4.7.0 (no changes required).
Checksums-Sha1:
 b54f121033336a326568e27f89e3083ad7701f59 1805 kafs-client_0.5-5.dsc
 45dd4c330c26cfc60f258a0e3171e399f28ac354 25512 kafs-client_0.5-5.debian.tar.xz
Checksums-Sha256:
 49a9145505d9f3cfe97c7ea31801f92f2474e48075db5bd3f417960de27505c8 1805 kafs-client_0.5-5.dsc
 792ed2c85b5737fd2819a5c6c9fb0edc474a945d9ca26c8e5db47daae92da941 25512 kafs-client_0.5-5.debian.tar.xz
Files:
 814bbacffd40bf25ef31e9c9f9319dfd 1805 net optional kafs-client_0.5-5.dsc
 47f2ca17667e5ed8597379efe41260ba 25512 net optional kafs-client_0.5-5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAmaMnLAACgkQfYAxXFc2
3nWmxAgAtoqSML/UA3dPGiNcidL87IzDN4moqD9L2WhDQorDuG+Q24+hrjXQ43en
X5Ak7pJ7VUnngqBYTl3dO4h0EMcRyemQOxY2Ssiesz8EiuJljRErnNj7HovWfdld
AV8ng7mWt7YH1WNz34UmCROzhWTacfwBrXgCrkIlATp3fCLua3X6krXNMp/BvEzg
X4jW/cJcrIXLshKwFAi+ceQQ8C1gS+jO/6u4PkOxZ3aqxO0qdyFVVJ9B74UUDLbd
3bai6yw7jpxLCyq0wKnncd/A1OTSjCaemmK2cHYiDYzZe10rqQEpY+W/qV9yW1yA
rGpv2UNpkZXVzVJRzqSaqYg64M85yA==
=vNRO
-----END PGP SIGNATURE-----

[Message part 2 (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 11 Aug 2024 07:29:48 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 31 00:20:29 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.