Acknowledgement sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Bill MacAllister <bill@ca-zephyr.org>.
(Tue, 27 Sep 2022 21:45:04 GMT) (full text, mbox, link).
Source: kafs-client
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
The build path is embedded in various binaries or triggers differences
in buildid:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/kafs-client.html
/usr/libexec/kafs-dns
/build/1st/kafs-client-0.5/src/dns_main.c:221
vs.
/build/2/kafs-client-0.5/2nd/src/dns_main.c:221
The attached patch to the upstream Makefile fixes this by adding
-ffile-prefix-map to CFLAGS.
According to my local tests, with this patch applied kafs-client should
build reproducibly on tests.reproducible-builds.org!
Thanks for maintaining kafs-client!
live well,
vagrant
Information forwarded
to Bill MacAllister <bill@ca-zephyr.org>: Bug#1020881; Package src:kafs-client.
(Tue, 12 Mar 2024 22:37:07 GMT) (full text, mbox, link).
Acknowledgement sent
to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Bill MacAllister <bill@ca-zephyr.org>.
(Tue, 12 Mar 2024 22:37:07 GMT) (full text, mbox, link).
Control: severity -1 wishlist
Dear Maintainer,
Because Debian builds packages from a fixed build path, neither the 'reprotest'
utility in Salsa-CI, nor the Reproducible Builds team's package test
infrastructure for Debian[1] currently check for equivalent binary package
output from differing source package build paths.
This means that your package will pass current reproducibility tests; however
we believe that source code and/or build steps still embed the build path into
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.
As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].
For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/
Thanks,
James
[1] - https://tests.reproducible-builds.org/debian/reproducible.html
[2] - https://www.debian.org/Bugs/Developer#severities
Severity set to 'wishlist' from 'normal'
Request was from James Addison <jay@jp-hosting.net>
to 1020881-maintonly@bugs.debian.org.
(Tue, 12 Mar 2024 22:37:07 GMT) (full text, mbox, link).
Information forwarded
to Bill MacAllister <bill@ca-zephyr.org>: Bug#1020881; Package src:kafs-client.
(Wed, 13 Mar 2024 09:21:46 GMT) (full text, mbox, link).
Acknowledgement sent
to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Bill MacAllister <bill@ca-zephyr.org>.
(Wed, 13 Mar 2024 09:21:46 GMT) (full text, mbox, link).
A correction for a mistake in my previous message:
> Because Debian builds packages from a fixed build path, neither the 'reprotest'
> utility in Salsa-CI, nor the Reproducible Builds team's package test
> infrastructure for Debian[1] currently check for equivalent binary package
> output from differing source package build paths.
>
> This means that your package will pass current reproducibility tests; ...
> [ snip ]
Currently the 'reprotest' job in Salsa-CI does in fact continue to exercise
variations of the build-path, and will fail if it builds binary packages that
contain different contents as a result.
Reply sent
to Russ Allbery <rra@debian.org>:
You have taken responsibility.
(Tue, 09 Jul 2024 02:39:03 GMT) (full text, mbox, link).
Notification sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer.
(Tue, 09 Jul 2024 02:39:03 GMT) (full text, mbox, link).
Source: kafs-client
Source-Version: 0.5-5
Done: Russ Allbery <rra@debian.org>
We believe that the bug you reported is fixed in the latest version of
kafs-client, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1020881@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Russ Allbery <rra@debian.org> (supplier of updated kafs-client package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 08 Jul 2024 19:09:23 -0700
Source: kafs-client
Architecture: source
Version: 0.5-5
Distribution: unstable
Urgency: medium
Maintainer: Bill MacAllister <bill@ca-zephyr.org>
Changed-By: Russ Allbery <rra@debian.org>
Closes: 976557102088110697571075106
Changes:
kafs-client (0.5-5) unstable; urgency=medium
.
* Disable upstream build code that adds -m32 or -m64 based on the
dynamically calculated word size. This code is unnecessary on Debian,
where the default compiler behavior should be used, and causes
problems on some Debian architectures that don't support -m64. Thanks
to Yue Gui, Lucas Nussbaum, and wuruilong for the reports.
(Closes: #976557, #1069757)
* Add reproducible=+fixfilepath to DEB_BUILD_MAINT_OPTIONS to avoid
embedding the build path into binaries, which breaks binary
reproducibility. Thanks to Vagrant Cascadian for the report.
(Closes: #1020881)
* Add missing include to the kafs-check-config patch to support using
the default cell, fixing build failures with GCC 14. Thanks to
Matthias Klose for the report. (Closes: #1075106)
* Update standards version to 4.7.0 (no changes required).
Checksums-Sha1:
b54f121033336a326568e27f89e3083ad7701f59 1805 kafs-client_0.5-5.dsc
45dd4c330c26cfc60f258a0e3171e399f28ac354 25512 kafs-client_0.5-5.debian.tar.xz
Checksums-Sha256:
49a9145505d9f3cfe97c7ea31801f92f2474e48075db5bd3f417960de27505c8 1805 kafs-client_0.5-5.dsc
792ed2c85b5737fd2819a5c6c9fb0edc474a945d9ca26c8e5db47daae92da941 25512 kafs-client_0.5-5.debian.tar.xz
Files:
814bbacffd40bf25ef31e9c9f9319dfd 1805 net optional kafs-client_0.5-5.dsc
47f2ca17667e5ed8597379efe41260ba 25512 net optional kafs-client_0.5-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAmaMnLAACgkQfYAxXFc2
3nWmxAgAtoqSML/UA3dPGiNcidL87IzDN4moqD9L2WhDQorDuG+Q24+hrjXQ43en
X5Ak7pJ7VUnngqBYTl3dO4h0EMcRyemQOxY2Ssiesz8EiuJljRErnNj7HovWfdld
AV8ng7mWt7YH1WNz34UmCROzhWTacfwBrXgCrkIlATp3fCLua3X6krXNMp/BvEzg
X4jW/cJcrIXLshKwFAi+ceQQ8C1gS+jO/6u4PkOxZ3aqxO0qdyFVVJ9B74UUDLbd
3bai6yw7jpxLCyq0wKnncd/A1OTSjCaemmK2cHYiDYzZe10rqQEpY+W/qV9yW1yA
rGpv2UNpkZXVzVJRzqSaqYg64M85yA==
=vNRO
-----END PGP SIGNATURE-----
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.