1020889">

Debian Bug report logs - #1020889
libapache2-mod-auth-pgsql: reproducible-builds: Embedded build paths in mod_auth_pgsql.so

version graph

Package: src:libapache2-mod-auth-pgsql; Maintainer for src:libapache2-mod-auth-pgsql is Marco Nenciarini <mnencia@debian.org>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Tue, 27 Sep 2022 23:18:02 UTC

Severity: wishlist

Tags: patch

Fixed in version 2.0.3-6.1+rm

Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Marco Nenciarini <mnencia@debian.org>:
Bug#1020889; Package src:libapache2-mod-auth-pgsql. (Tue, 27 Sep 2022 23:18:04 GMT) (full text, mbox, link).


Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Marco Nenciarini <mnencia@debian.org>. (Tue, 27 Sep 2022 23:18:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: libapache2-mod-auth-pgsql: reproducible-builds: Embedded build paths in mod_auth_pgsql.so
Date: Tue, 27 Sep 2022 16:14:22 -0700
[Message part 1 (text/plain, inline)]
Source: libapache2-mod-auth-pgsql
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The build path is embedded in /usr/lib/apache2/modules/mod_auth_pgsql.so:

  https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/libapache2-mod-auth-pgsql.html

  /build/1st/libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c:298
  vs.
  /build/2/libapache2-mod-auth-pgsql-2.0.3/2nd/mod_auth_pgsql.c:298

The attached patch to the upstream Makefile debian/rules fixes this by
passing -ffile-prefix-map to apxs2.

According to my local tests, with this patch applied
libapache2-mod-auth-pgsql should build reproducibly on
tests.reproducible-builds.org!

Thanks for maintaining libapache2-mod-auth-pgsql!

live well,
  vagrant
[0001-Makefile-call-apxs2-using-ffile-prefix-map-to-avoid-.patch (text/x-diff, inline)]
From 9ed137525ae08db8e93ee7097d87c2467fda27aa Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Tue, 27 Sep 2022 23:09:04 +0000
Subject: [PATCH] Makefile: call apxs2 using -ffile-prefix-map to avoid
 embedding build paths.

https://reproducible-builds.org/docs/build-path/
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index eccaea6..fb17c60 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ PGSQL_LIB=/usr/lib
 PGSQL_INCLUDE=$(shell pg_config --includedir)
 
 shared:
-	${APACHE2_HOME}/bin/apxs2 -a -c -I ${PGSQL_INCLUDE} -L ${PGSQL_LIB} -lpq mod_auth_pgsql.c
+	${APACHE2_HOME}/bin/apxs2 -a -c -Wc,-ffile-prefix-map=$(CURDIR)=. -I ${PGSQL_INCLUDE} -L ${PGSQL_LIB} -lpq mod_auth_pgsql.c
 
 indent:
 	indent -kr -ts4 mod_auth_pgsql.c
-- 
2.37.2

[signature.asc (application/pgp-signature, inline)]

Information forwarded to Marco Nenciarini <mnencia@debian.org>:
Bug#1020889; Package src:libapache2-mod-auth-pgsql. (Tue, 12 Mar 2024 22:37:15 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Marco Nenciarini <mnencia@debian.org>. (Tue, 12 Mar 2024 22:37:15 GMT) (full text, mbox, link).


Message #10 received at 1020889-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Tue, 12 Mar 2024 22:33:24 +0000
Control: severity -1 wishlist

Dear Maintainer,

Because Debian builds packages from a fixed build path, neither the 'reprotest'
utility in Salsa-CI, nor the Reproducible Builds team's package test
infrastructure for Debian[1] currently check for equivalent binary package
output from differing source package build paths.

This means that your package will pass current reproducibility tests; however
we believe that source code and/or build steps still embed the build path into
the binary package output, making it more difficult than necessary for
independent consumers to check the integrity of those packages by rebuilding
them themselves.

As a result, this bugreport will remain open and be re-assigned the 'wishlist'
severity[2].

For more information about build paths and how they can affect reproducibility,
please refer to: https://reproducible-builds.org/docs/build-path/

Thanks,
James

[1] - https://tests.reproducible-builds.org/debian/reproducible.html

[2] - https://www.debian.org/Bugs/Developer#severities



Severity set to 'wishlist' from 'normal' Request was from James Addison <jay@jp-hosting.net> to 1020889-maintonly@bugs.debian.org. (Tue, 12 Mar 2024 22:37:15 GMT) (full text, mbox, link).


Information forwarded to Marco Nenciarini <mnencia@debian.org>:
Bug#1020889; Package src:libapache2-mod-auth-pgsql. (Wed, 13 Mar 2024 09:21:52 GMT) (full text, mbox, link).


Acknowledgement sent to James Addison <jay@jp-hosting.net>:
Extra info received and forwarded to maintainer. Copy sent to Marco Nenciarini <mnencia@debian.org>. (Wed, 13 Mar 2024 09:21:52 GMT) (full text, mbox, link).


Message #17 received at 1020889-maintonly@bugs.debian.org (full text, mbox, reply):

From: James Addison <jay@jp-hosting.net>
To: undisclosed-recipients:;
Date: Wed, 13 Mar 2024 09:18:02 +0000
A correction for a mistake in my previous message:

> Because Debian builds packages from a fixed build path, neither the 'reprotest'
> utility in Salsa-CI, nor the Reproducible Builds team's package test
> infrastructure for Debian[1] currently check for equivalent binary package
> output from differing source package build paths.
>
> This means that your package will pass current reproducibility tests; ...
> [ snip ]

Currently the 'reprotest' job in Salsa-CI does in fact continue to exercise
variations of the build-path, and will fail if it builds binary packages that
contain different contents as a result.



Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Wed, 01 May 2024 12:21:06 GMT) (full text, mbox, link).


Notification sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer. (Wed, 01 May 2024 12:21:06 GMT) (full text, mbox, link).


Message #22 received at 1020889-done@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 785669-done@bugs.debian.org,785670-done@bugs.debian.org,865553-done@bugs.debian.org,947039-done@bugs.debian.org,1020889-done@bugs.debian.org,
Cc: libapache2-mod-auth-pgsql@packages.debian.org
Subject: Bug#1070165: Removed package(s) from unstable
Date: Wed, 01 May 2024 12:17:44 +0000
Version: 2.0.3-6.1+rm

Dear submitter,

as the package libapache2-mod-auth-pgsql has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1070165

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 30 May 2024 07:36:31 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 31 00:56:28 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.