960590">

Debian Bug report logs - #960590
wolfssl: please make the libwolfssl.a file reproducible

version graph

Package: src:wolfssl; Maintainer for src:wolfssl is Jacob Barthelmeh <sirkilamole@msn.com>;

Reported by: "Chris Lamb" <lamby@debian.org>

Date: Thu, 14 May 2020 11:00:02 UTC

Severity: wishlist

Tags: patch

Found in version wolfssl/4.4.0+dfsg-2

Fixed in version wolfssl/4.4.0+dfsg-4

Done: Felix Lechner <felix.lechner@lease-up.com>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Felix Lechner <felix.lechner@lease-up.com>:
Bug#960590; Package src:wolfssl. (Thu, 14 May 2020 11:00:04 GMT) (full text, mbox, link).


Acknowledgement sent to "Chris Lamb" <lamby@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Felix Lechner <felix.lechner@lease-up.com>. (Thu, 14 May 2020 11:00:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, wrote: > Source: wolfssl > Version: 4.4.0+dfsg-2 > Severity: wishlist > Tags: patch > User: reproducible-builds@lists.alioth.debian.org > Usertags: timestamps environment > X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org > > Hi, > > Whilst working on the Reproducible Builds effort [0] we noticed that > wolfssl could not be built reproducibly. > > This is because it used ar's "U" argument to deliberately inherit the > build system's filesystem timestamps, umask, etc. I do not know why > this was introduced and am assuming it is merely a debugging thing. > > Patch attached that simply removes this behaviour. > > [0] https://reproducible-builds.org/ > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` lamby@debian.org / chris-lamb.co.uk > `- &References=<53c22547-7208-442e-9bb7-5dbf4a8d2690@sloti26t01>&In-Reply-To=<53c22547-7208-442e-9bb7-5dbf4a8d2690@sloti26t01>">reply):

From: "Chris Lamb" <lamby@debian.org>
To: submit@bugs.debian.org
Subject: wolfssl: please make the libwolfssl.a file reproducible
Date: Thu, 14 May 2020 11:56:36 +0100
[Message part 1 (text/plain, inline)]
Source: wolfssl
Version: 4.4.0+dfsg-2
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: timestamps environment
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0] we noticed that
wolfssl could not be built reproducibly.

This is because it used ar's "U" argument to deliberately inherit the
build system's filesystem timestamps, umask, etc. I do not know why
this was introduced and am assuming it is merely a debugging thing.

Patch attached that simply removes this behaviour.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-
[wolfssl.diff.txt (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#960590; Package src:wolfssl. (Thu, 14 May 2020 21:09:03 GMT) (full text, mbox, link).


Acknowledgement sent to Felix Lechner <felix.lechner@lease-up.com>:
Extra info received and forwarded to list. (Thu, 14 May 2020 21:09:03 GMT) (full text, mbox, link).


Message #10 received at 960590@bugs.debian.org (full text, mbox, > build system's filesystem timestamps, umask, etc. I do not know why > > this was introduced and am assuming it is merely a debugging thing. > > The U argument was added to fix this warning in Ubuntu: > > ar: 'u' modifier ignored since 'D' is the default (see 'U') [1] > > [1] https://github.com/wolfSSL/wolfssl/commit/1b9cff1c5d09adb0af858992e2a2df01b1d4dc58 > > The manpage for 'ar' says about 'D': > > If binutils was configured with --enable-deterministic-archives, then > this mode is on by default. > > I would like to ask upstream to revert [1], but Ubuntu is a > Debian-derivative. Should our binutils be built differently (or have > they changed since [1] was authored)? > > Kind regards > Felix Lechner > > ">reply):

From: Felix Lechner <felix.lechner@lease-up.com>
To: reproducible-bugs@lists.alioth.debian.org
Cc: 960590@bugs.debian.org, Chris Lamb <lamby@debian.org>
Subject: Re: Bug#960590: wolfssl: please make the libwolfssl.a file reproducible
Date: Thu, 14 May 2020 14:06:58 -0700
Hi,

On Thu, May 14, 2020 at 4:00 AM Chris Lamb <lamby@debian.org> wrote:
>
> This is because it used ar's "U" argument to deliberately inherit the
> build system's filesystem timestamps, umask, etc. I do not know why
> this was introduced and am assuming it is merely a debugging thing.

The U argument was added to fix this warning in Ubuntu:

    ar: 'u' modifier ignored since 'D' is the default (see 'U') [1]

[1] https://github.com/wolfSSL/wolfssl/commit/1b9cff1c5d09adb0af858992e2a2df01b1d4dc58

The manpage for 'ar' says about 'D':

    If binutils was configured with --enable-deterministic-archives, then
    this mode is on by default.

I would like to ask upstream to revert [1], but Ubuntu is a
Debian-derivative. Should our binutils be built differently (or have
they changed since [1] was authored)?

Kind regards
Felix Lechner



Information forwarded to debian-bugs-dist@lists.debian.org, Felix Lechner <felix.lechner@lease-up.com>:
Bug#960590; Package src:wolfssl. (Fri, 15 May 2020 23:06:02 GMT) (full text, mbox, link).


Acknowledgement sent to "Chris Lamb" <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Felix Lechner <felix.lechner@lease-up.com>. (Fri, 15 May 2020 23:06:02 GMT) (full text, mbox, link).


Message #15 received at 960590@bugs.debian.org (full text, mbox, wrote: > Felix, > > > I would like to ask upstream to revert [1], but Ubuntu is a > > Debian-derivative. Should our binutils be built differently (or have > > they changed since [1] was authored)? > > I read this question as a false dichotomy, or at we are focusing on > the wrong thing here. Let us take a few steps back -- here are my > assumptions and inferences, do let me know if any of them are wrong: > > * We do not want these timestamps inside the .ar archive. > > * It appears that wolfssl wishes to include them (infered from their > inclusion of "U") > > * The "ignored" message is a warning, not an error. On my local > system it does not appear to cause a failure to create an ar > archive. > > * Debian has configured binutils with --enable-deterministic- > archives since March 2015. > > From a narrow point of view, I do not mind what steps are taken so > that wolfssl does not embed this metadata, but I sincerely doubt > asking binutils to change a compile flag is the right way to go (or > will be effective). > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` lamby@debian.org 🍥 chris-lamb.co.uk > `- > > &subject=Re: =?UTF-8?Q?Re:_Bug#960590:_wolfssl:_please_make_the_libwolfssl.a_file_rep?= =?UTF-8?Q?roducible?=">reply):

From: "Chris Lamb" <lamby@debian.org>
To: "Felix Lechner" <felix.lechner@lease-up.com>, reproducible-bugs@lists.alioth.debian.org
Cc: 960590@bugs.debian.org
Subject: Re: Bug#960590: wolfssl: please make the libwolfssl.a file reproducible
Date: Fri, 15 May 2020 22:58:02 -0000
Felix,

> I would like to ask upstream to revert [1], but Ubuntu is a
> Debian-derivative. Should our binutils be built differently (or have
> they changed since [1] was authored)?

I read this question as a false dichotomy, or at we are focusing on
the wrong thing here. Let us take a few steps back -- here are my
assumptions and inferences, do let me know if any of them are wrong:

  * We do not want these timestamps inside the .ar archive.

  * It appears that wolfssl wishes to include them (infered from their
    inclusion of "U")

  * The "ignored" message is a warning, not an error. On my local
    system it does not appear to cause a failure to create an ar
    archive.

  * Debian has configured binutils with --enable-deterministic-
    archives since March 2015.

From a narrow point of view, I do not mind what steps are taken so
that wolfssl does not embed this metadata, but I sincerely doubt
asking binutils to change a compile flag is the right way to go (or
will be effective).


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#960590; Package src:wolfssl. (Sat, 16 May 2020 00:33:03 GMT) (full text, mbox, link).


Acknowledgement sent to Felix Lechner <felix.lechner@lease-up.com>:
Extra info received and forwarded to list. (Sat, 16 May 2020 00:33:03 GMT) (full text, mbox, link).


Message #20 received at 960590@bugs.debian.org (full text, mbox, > Thanks for pointing it out. As someone not well-versed in reproducible > builds, I did not immediately understand the cause and appropriate > remedies. I asked upstream to revert [1], and will release a patched > version even if upstream does not. > > Kind regards > Felix Lechner > > [1] https://github.com/wolfSSL/wolfssl/commit/1b9cff1c5d09adb0af858992e2a2df01b1d4dc58#commitcomment-39214117 > > ">reply):

From: Felix Lechner <felix.lechner@lease-up.com>
To: Chris Lamb <lamby@debian.org>
Cc: reproducible-bugs@lists.alioth.debian.org, 960590@bugs.debian.org
Subject: Re: Bug#960590: wolfssl: please make the libwolfssl.a file reproducible
Date: Fri, 15 May 2020 17:30:09 -0700
Hi Chris,

On Fri, May 15, 2020 at 3:58 PM Chris Lamb <lamby@debian.org> wrote:
>
>   * The "ignored" message is a warning, not an error.

Thanks for pointing it out. As someone not well-versed in reproducible
builds, I did not immediately understand the cause and appropriate
remedies. I asked upstream to revert [1], and will release a patched
version even if upstream does not.

Kind regards
Felix Lechner

[1] https://github.com/wolfSSL/wolfssl/commit/1b9cff1c5d09adb0af858992e2a2df01b1d4dc58#commitcomment-39214117



Reply sent to Felix Lechner <felix.lechner@lease-up.com>:
You have taken responsibility. (Wed, 01 Jul 2020 13:24:06 GMT) (full text, mbox, link).


Notification sent to "Chris Lamb" <lamby@debian.org>:
Bug acknowledged by developer. (Wed, 01 Jul 2020 13:24:06 GMT) (full text, mbox, link).


Message #25 received at 960590-close@bugs.debian.org (full text, mbox, make[2]: warning: -j5 forced in submake: resetting jobserver mode." > * Refresh patches > Checksums-Sha1: > 59c4db28cf14305383a712db445fcdc046720c11 2081 wolfssl_4.4.0+dfsg-4.dsc > ddcb39740c44f6fd0deea68cb8245628982a1bdb 29484 wolfssl_4.4.0+dfsg-4.debian.tar.xz > e520043a2b690efb55197f6291542caf763d63e5 5748 wolfssl_4.4.0+dfsg-4_source.buildinfo > Checksums-Sha256: > 122afd16043e79fc95dc8989f1d94a12794dfe1898e6f1536c7da3631e0e0f5f 2081 wolfssl_4.4.0+dfsg-4.dsc > e42623f50dc1da48b26a2208d07b9c3b32b982c8d23ff0f626fe988538486428 29484 wolfssl_4.4.0+dfsg-4.debian.tar.xz > a500f97e458593e97221758448144e2c354bfa6e6947b31db17f9c8c1ede835d 5748 wolfssl_4.4.0+dfsg-4_source.buildinfo > Files: > 8de0b18360ec77e7554c6f460f67a381 2081 libs optional wolfssl_4.4.0+dfsg-4.dsc > d6fbb266d01ad2f26addd991e766e2b5 29484 libs optional wolfssl_4.4.0+dfsg-4.debian.tar.xz > 9a9808ee7e8cbca7e787f61e4908bef4 5748 libs optional wolfssl_4.4.0+dfsg-4_source.buildinfo > > -----BEGIN PGP SIGNATURE----- > > iQKvBAEBCgCZFiEE8E0cIgLi+g0BiFTarFipTxFhjuAFAl78iRNfFIAAAAAALgAo &References=&In-Reply-To=">reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 960590-close@bugs.debian.org
Subject: Bug#960590: fixed in wolfssl 4.4.0+dfsg-4
Date: Wed, 01 Jul 2020 13:21:51 +0000
Source: wolfssl
Source-Version: 4.4.0+dfsg-4
Done: Felix Lechner <felix.lechner@lease-up.com>

We believe that the bug you reported is fixed in the latest version of
wolfssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 960590@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Lechner <felix.lechner@lease-up.com> (supplier of updated wolfssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Jul 2020 05:56:56 -0700
Source: wolfssl
Architecture: source
Version: 4.4.0+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Felix Lechner <felix.lechner@lease-up.com>
Changed-By: Felix Lechner <felix.lechner@lease-up.com>
Closes: 960590 962149
Changes:
 wolfssl (4.4.0+dfsg-4) unstable; urgency=medium
 .
   * Make static library reproducible. (Closes: #960590)
   * Import upstream patch for spelling of compatibility flags (Closes: #962149)
   * Disable jobserver mode in autopkgtest by specifying -j1 to fix "FAIL stderr:
     make[2]: warning: -j5 forced in submake: resetting jobserver mode."
   * Refresh patches
Checksums-Sha1:
 59c4db28cf14305383a712db445fcdc046720c11 2081 wolfssl_4.4.0+dfsg-4.dsc
 ddcb39740c44f6fd0deea68cb8245628982a1bdb 29484 wolfssl_4.4.0+dfsg-4.debian.tar.xz
 e520043a2b690efb55197f6291542caf763d63e5 5748 wolfssl_4.4.0+dfsg-4_source.buildinfo
Checksums-Sha256:
 122afd16043e79fc95dc8989f1d94a12794dfe1898e6f1536c7da3631e0e0f5f 2081 wolfssl_4.4.0+dfsg-4.dsc
 e42623f50dc1da48b26a2208d07b9c3b32b982c8d23ff0f626fe988538486428 29484 wolfssl_4.4.0+dfsg-4.debian.tar.xz
 a500f97e458593e97221758448144e2c354bfa6e6947b31db17f9c8c1ede835d 5748 wolfssl_4.4.0+dfsg-4_source.buildinfo
Files:
 8de0b18360ec77e7554c6f460f67a381 2081 libs optional wolfssl_4.4.0+dfsg-4.dsc
 d6fbb266d01ad2f26addd991e766e2b5 29484 libs optional wolfssl_4.4.0+dfsg-4.debian.tar.xz
 9a9808ee7e8cbca7e787f61e4908bef4 5748 libs optional wolfssl_4.4.0+dfsg-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKvBAEBCgCZFiEE8E0cIgLi+g0BiFTarFipTxFhjuAFAl78iRNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYw
NEQxQzIyMDJFMkZBMEQwMTg4NTREQUFDNThBOTRGMTE2MThFRTAbHGZlbGl4Lmxl
Y2huZXJAbGVhc2UtdXAuY29tAAoJEKxYqU8RYY7g0qEQANib0f3I6QNGfm67Nuu5
FjhIxTPg6iASbWq13b60PEHl+9uORE9GQlFREHMZ6guota+jHZXR1PgFQsZNDVE0
w/TnXVTkdL4agh7A9LIcz3hURXTfYw1a1/0tKKyarMiMlv96OoAKYIcztKJ8dLoo
tMWZrMYoTlm7RbvvTWwBlrPJ1/qgGGQnMDl+uLkyYABJftBFPva3X1W3aCTZFhfs
zNU1j/YB3R5PJlAiS2BMRROzAiVD3lg9hAveEKeK2/2zmm048ZDMusB4UYZVhjFZ
Z5Uv64XlnKB7WlYhFXjPdq57Kz2y4drQSZQQ63233mOq3cPuHvBlG7srQbRcV0i8
FpPmn8cMHeFVsznwjCePQFrsJiNJiCN5o5W1Zvv3EzYZBX9V9hGW0y2TResF1PBv
3fkeVCWIF4Lt3C9c/jMdvuObEgr8bh/AnSGULU2sQwjYLYwRsQzbXDODbJXue4lc
At6RZQqeYtpbZpqNWejpTFf6VBylijeukyB2LGM9BQljNEP1Ov3aaA4rEOuk8SyM
JJWiwHoP/uaGZePYHY+lwMrl6SmKYL1IbR8kzthCs3pAzChkVmrHrBL1L1Q43XFV
PCk7LQON4Z3K01GscNLs8vSgmvJJYcHXBWSOYyc8yxM7fxdNaH4o+OupVCUPeZoJ
l6OmgjU8ae3s0KHRq5/Vo0r4
=muE+
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 03 Aug 2020 07:27:28 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Feb 3 05:54:48 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.