966657">

Debian Bug report logs - #966657
json-c: please make the build reproducible

version graph

Package: src:json-c; Maintainer for src:json-c is Nicolas Mora <babelouest@debian.org>;

Reported by: "Chris Lamb" <lamby@debian.org>

Date: Sat, 1 Aug 2020 10:15:02 UTC

Severity: wishlist

Tags: fixed-upstream, patch

Found in version json-c/0.15-1

Fixed in version json-c/0.15-2

Done: Nicolas Mora <babelouest@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/json-c/json-c/pull/653

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Nicolas Mora <babelouest@debian.org>:
Bug#966657; Package src:json-c. (Sat, 01 Aug 2020 10:15:04 GMT) (full text, mbox, link).


Acknowledgement sent to "Chris Lamb" <lamby@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Nicolas Mora <babelouest@debian.org>. (Sat, 01 Aug 2020 10:15:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, wrote: > Source: json-c > Version: 0.15-1 > Severity: wishlist > Tags: patch > User: reproducible-builds@lists.alioth.debian.org > Usertags: buildpath > X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org > > Hi, > > Whilst working on the Reproducible Builds effort [0] we noticed that > json-c could not be built reproducibly. > > This is because it used the full, absolute path name as an (sanitised) > input to a filename, resulting in the binary package containing > > /usr/share/doc/libjson-c-dev/html/md__build_1st_json-c-0_815_issues_closed_for_0_813.html > ^^^^^^^^^^^^^^^^^^^^^^ > or > > /usr/share/doc/libjson-c-dev/html/md__build_2_json-c-0_815_2nd_issues_closed_for_0_813.html > ^^^^^^^^^^^^^^^^^^^^^^^^ > > (etc. etc.) > > > Patch attached. > > [0] https://reproducible-builds.org/ > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` lamby@debian.org / chris-lamb.co.uk > `-">reply):

From: "Chris Lamb" <lamby@debian.org>
To: submit@bugs.debian.org
Subject: json-c: please make the build reproducible
Date: Sat, 01 Aug 2020 11:11:49 +0100
[Message part 1 (text/plain, inline)]
Source: json-c
Version: 0.15-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0] we noticed that
json-c could not be built reproducibly.

This is because it used the full, absolute path name as an (sanitised)
input to a filename, resulting in the binary package containing

  /usr/share/doc/libjson-c-dev/html/md__build_1st_json-c-0_815_issues_closed_for_0_813.html
                                        ^^^^^^^^^^^^^^^^^^^^^^
or

  /usr/share/doc/libjson-c-dev/html/md__build_2_json-c-0_815_2nd_issues_closed_for_0_813.html
                                        ^^^^^^^^^^^^^^^^^^^^^^^^

(etc. etc.)


Patch attached.

 [0] https://reproducible-builds.org/


Regards,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-
[json-c.diff.txt (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Nicolas Mora <babelouest@debian.org>:
Bug#966657; Package src:json-c. (Sat, 01 Aug 2020 10:33:10 GMT) (full text, mbox, link).


Acknowledgement sent to "Chris Lamb" <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Nicolas Mora <babelouest@debian.org>. (Sat, 01 Aug 2020 10:33:10 GMT) (full text, mbox, link).


Message #10 received at 966657@bugs.debian.org (full text, mbox, wrote: > forwarded 966657 https://github.com/json-c/json-c/pull/653 > thanks > > I've forwarded this upstream here: > > https://github.com/json-c/json-c/pull/653 > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` lamby@debian.org / chris-lamb.co.uk > `- > > &References=<159627789082.409011.2708320248279344820@tinycat.chris-lamb.co.uk>">reply):

From: "Chris Lamb" <lamby@debian.org>
To: 966657@bugs.debian.org
Subject: Re: json-c: please make the build reproducible
Date: Sat, 01 Aug 2020 11:31:41 +0100
forwarded 966657 https://github.com/json-c/json-c/pull/653
thanks

I've forwarded this upstream here:

  https://github.com/json-c/json-c/pull/653


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-



Set Bug forwarded-to-address to 'https://github.com/json-c/json-c/pull/653'. Request was from "Chris Lamb" <lamby@debian.org> to control@bugs.debian.org. (Sat, 01 Aug 2020 10:33:11 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, Nicolas Mora <babelouest@debian.org>:
Bug#966657; Package src:json-c. (Sat, 01 Aug 2020 12:54:03 GMT) (full text, mbox, link).


Acknowledgement sent to Nicolas Mora <nicolas@babelouest.org>:
Extra info received and forwarded to list. Copy sent to Nicolas Mora <babelouest@debian.org>. (Sat, 01 Aug 2020 12:54:03 GMT) (full text, mbox, link).


Message #17 received at 966657@bugs.debian.org (full text, mbox, reply):

From: Nicolas Mora <nicolas@babelouest.org>
To: Chris Lamb <lamby@debian.org>, 966657@bugs.debian.org
Subject: Re: Bug#966657: json-c: please make the build reproducible
Date: Sat, 1 Aug 2020 08:45:22 -0400
[Message part 1 (text/plain, inline)]
Thanks Chris!

Le 20-08-01 à 06 h 11, Chris Lamb a écrit :
> 
> This is because it used the full, absolute path name as an (sanitised)
> input to a filename, resulting in the binary package containing
> 

I've already added the following patch [1] in last release 0.15-1
This patch sets the following doxygen value:
FULL_PATH_NAMES        = NO

According to the documentation, both our patches are incompatible:

# This tag requires that the tag FULL_PATH_NAMES is set to YES.

I made that patch for the reproducibility as well although yours may be
better. What do you think?

[1] -
https://sources.debian.org/src/json-c/0.15-1/debian/patches/0002-doxygen.patch/

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Nicolas Mora <babelouest@debian.org>:
Bug#966657; Package src:json-c. (Sun, 02 Aug 2020 08:33:03 GMT) (full text, mbox, link).


Acknowledgement sent to "Chris Lamb" <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Nicolas Mora <babelouest@debian.org>. (Sun, 02 Aug 2020 08:33:03 GMT) (full text, mbox, link).


Message #22 received at 966657@bugs.debian.org (full text, mbox, wrote: > Hi Nicolas, > > > Thanks Chris! > > > > Le 20-08-01 à 06 h 11, Chris Lamb a écrit : > > > > > > This is because it used the full, absolute path name as an (sanitised) > > > input to a filename, resulting in the binary package containing > > > > > > > I've already added the following patch [1] in last release 0.15-1 > > This patch sets the following doxygen value: > > FULL_PATH_NAMES = NO > > I did not see that... unfortunately because your patch was not actually > sufficient. :) In other words, your package was still unreproducible > even with your 0002-doxygen patch. > > > I made that patch for the reproducibility as well although yours may be > > better. What do you think? > > I'm not sure whether applying means that you should back out yours; > clearly they don't cause a fatal error, at least. Up to you. > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` lamby@debian.org 🍥 chris-lamb.co.uk > `- > > &References=<159627655167.19801.14937700214137683600@08b5e94cde88> &In-Reply-To=&subject=Re: Bug#966657: json-c: please make the build reproducible">reply):

From: "Chris Lamb" <lamby@debian.org>
To: "Nicolas Mora" <nicolas@babelouest.org>, 966657@bugs.debian.org
Subject: Re: Bug#966657: json-c: please make the build reproducible
Date: Sun, 02 Aug 2020 08:29:05 -0000
Hi Nicolas,

> Thanks Chris!
>
> Le 20-08-01 à 06 h 11, Chris Lamb a écrit :
> >
> > This is because it used the full, absolute path name as an (sanitised)
> > input to a filename, resulting in the binary package containing
> >
>
> I've already added the following patch [1] in last release 0.15-1
> This patch sets the following doxygen value:
> FULL_PATH_NAMES        = NO

I did not see that... unfortunately because your patch was not actually
sufficient. :) In other words, your package was still unreproducible
even with your 0002-doxygen patch.

> I made that patch for the reproducibility as well although yours may be
> better. What do you think?

I'm not sure whether applying means that you should back out yours;
clearly they don't cause a fatal error, at least. Up to you.


Regards,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-



Information forwarded to debian-bugs-dist@lists.debian.org, Nicolas Mora <babelouest@debian.org>:
Bug#966657; Package src:json-c. (Sun, 02 Aug 2020 14:09:03 GMT) (full text, mbox, link).


Acknowledgement sent to Nicolas Mora <nicolas@babelouest.org>:
Extra info received and forwarded to list. Copy sent to Nicolas Mora <babelouest@debian.org>. (Sun, 02 Aug 2020 14:09:03 GMT) (full text, mbox, link).


Message #27 received at 966657@bugs.debian.org (full text, mbox, href="printbuf_8h.html">printbuf.h > > - 0002-doxygen patch: >

  • printbuf.h
  • > > - 0004-reproducible-build.patch: >
  • printbuf.h
  • > > Both our patches have the same result. I've compared the output html and > saw no differences. > > >> I made that patch for the reproducibility as well although yours may be > >> better. What do you think? > > > > I'm not sure whether applying means that you should back out yours; > > clearly they don't cause a fatal error, at least. Up to you. > > > Yours was applied upstream, so I can at least disable mine in the next > release. > > /Nicolas > > &In-Reply-To=<7ebbf07c-8273-52d0-42c6-cea76f5f78e2@babelouest.org>&subject=Re: Bug#966657: json-c: please make the build reproducible">reply):

    From: Nicolas Mora <nicolas@babelouest.org>
    To: Chris Lamb <lamby@debian.org>, 966657@bugs.debian.org
    Subject: Re: Bug#966657: json-c: please make the build reproducible
    Date: Sun, 2 Aug 2020 10:07:52 -0400
    Hello,
    
    Le 20-08-02 à 04 h 29, Chris Lamb a écrit :
    > 
    > I did not see that... unfortunately because your patch was not actually
    > sufficient. :) In other words, your package was still unreproducible
    > even with your 0002-doxygen patch.
    > 
    Sorry to insist but can you explain why the package is still
    unreproducible even with my patch?
    
    If I compare the 3 configurations, I have the following sample results.
    
    - Original doxygen configuration:
    <li>/src/workspace/json-c/<a class="el"
    href="printbuf_8h.html">printbuf.h</a></li>
    
    - 0002-doxygen patch:
    <li><a class="el" href="printbuf_8h.html">printbuf.h</a></li>
    
    - 0004-reproducible-build.patch:
    <li><a class="el" href="printbuf_8h.html">printbuf.h</a></li>
    
    Both our patches have the same result. I've compared the output html and
    saw no differences.
    
    >> I made that patch for the reproducibility as well although yours may be
    >> better. What do you think?
    > 
    > I'm not sure whether applying means that you should back out yours;
    > clearly they don't cause a fatal error, at least. Up to you.
    > 
    Yours was applied upstream, so I can at least disable mine in the next
    release.
    
    /Nicolas
    
    
    

    Information forwarded to debian-bugs-dist@lists.debian.org, Nicolas Mora <babelouest@debian.org>:
    Bug#966657; Package src:json-c. (Tue, 04 Aug 2020 08:33:05 GMT) (full text, mbox, link).


    Acknowledgement sent to "Chris Lamb" <lamby@debian.org>:
    Extra info received and forwarded to list. Copy sent to Nicolas Mora <babelouest@debian.org>. (Tue, 04 Aug 2020 08:33:05 GMT) (full text, mbox, link).


    Message #32 received at 966657@bugs.debian.org (full text, mbox, wrote: > Hi Nicolas, > > > Sorry to insist but can you explain why the package is still > > unreproducible even with my patch? > > With 0002-doxygen patch (ie. version 0.15-1), the build is not reproducible > in at least two ways I spotted: > > (a) Identical files have build-path dependent filenames. For example: > > /usr/share/doc/libjson-c-dev/html/md__build_1st_json-c-0_815_issues_closed_for_0_814.html > /usr/share/doc/libjson-c-dev/html/md__build_2_json-c-0_815_2nd_issues_closed_for_0_814.html > > (b) Links to the files in (a) then have different anchor href targets to match: > > This is because it used the full, absolute path name as an (sanitised) > input to a filename, resulting in the binary package containing: > > - + > You can also see this here: > > https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/json-c.html > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` lamby@debian.org 🍥 chris-lamb.co.uk > `- > > &References=<159627655167.19801.14937700214137683600@08b5e94cde88> <7ebbf07c-8273-52d0-42c6-cea76f5f78e2@babelouest.org> <9cba7682-944f-4402-8c4d-fa05fd66090f@www.fastmail.com>">reply):

    From: "Chris Lamb" <lamby@debian.org>
    To: "Nicolas Mora" <nicolas@babelouest.org>, 966657@bugs.debian.org
    Subject: Re: Bug#966657: json-c: please make the build reproducible
    Date: Tue, 04 Aug 2020 08:29:03 -0000
    Hi Nicolas,
    
    > Sorry to insist but can you explain why the package is still
    > unreproducible even with my patch?
    
    With 0002-doxygen patch (ie. version 0.15-1), the build is not reproducible
    in at least two ways I spotted:
    
    (a) Identical files have build-path dependent filenames. For example:
    
    /usr/share/doc/libjson-c-dev/html/md__build_1st_json-c-0_815_issues_closed_for_0_814.html
    /usr/share/doc/libjson-c-dev/html/md__build_2_json-c-0_815_2nd_issues_closed_for_0_814.html
    
    (b) Links to the files in (a) then have different anchor href targets to match:
    
    This is because it used the full, absolute path name as an (sanitised)
    input to a filename, resulting in the binary package containing:
    
     -<a class="el" href="md__build_1st_json-c-0_815_issues_closed_for_0_813.html"
     +<a class="el" href="md__build_2_json-c-0_815_2nd_issues_closed_for_0_813.html"
    
    You can also see this here:
    
    https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/json-c.html
    
    
    Regards,
    
    --
          ,''`.
         : :'  :     Chris Lamb
         `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
           `-
    
    
    

    Added tag(s) fixed-upstream. Request was from debian-bts-link@lists.debian.org to control@bugs.debian.org. (Mon, 10 Aug 2020 18:39:23 GMT) (full text, mbox, link).


    Information forwarded to debian-bugs-dist@lists.debian.org, Nicolas Mora <babelouest@debian.org>:
    Bug#966657; Package src:json-c. (Mon, 09 Nov 2020 18:09:03 GMT) (full text, mbox, link).


    Acknowledgement sent to "Chris Lamb" <lamby@debian.org>:
    Extra info received and forwarded to list. Copy sent to Nicolas Mora <babelouest@debian.org>. (Mon, 09 Nov 2020 18:09:03 GMT) (full text, mbox, link).


    Message #39 received at 966657@bugs.debian.org (full text, mbox, wrote: > Chris Lamb wrote: > > > [..] > > Friendly ping on this? > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` lamby@debian.org / chris-lamb.co.uk > `- > > &References=<160491450071.1991101.10421424495443838500@tinycat.chris-lamb.co.uk>">reply):

    From: "Chris Lamb" <lamby@debian.org>
    To: 966657@bugs.debian.org, reproducible-bugs@lists.alioth.debian.org
    Subject: Re: Bug#966657: json-c: please make the build reproducible
    Date: Mon, 09 Nov 2020 17:58:03 -0000
    Chris Lamb wrote:
    
    > [..]
    
    Friendly ping on this?
    
    
    Regards,
    
    -- 
          ,''`.
         : :'  :     Chris Lamb
         `. `'`      lamby@debian.org / chris-lamb.co.uk
           `-
    
    
    

    Reply sent to Nicolas Mora <babelouest@debian.org>:
    You have taken responsibility. (Wed, 03 Feb 2021 16:21:05 GMT) (full text, mbox, link).


    Notification sent to "Chris Lamb" <lamby@debian.org>:
    Bug acknowledged by developer. (Wed, 03 Feb 2021 16:21:05 GMT) (full text, mbox, link).


    Message #44 received at 966657-close@bugs.debian.org (full text, mbox, reply):

    From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
    To: 966657-close@bugs.debian.org
    Subject: Bug#966657: fixed in json-c 0.15-2
    Date: Wed, 03 Feb 2021 16:19:16 +0000
    Source: json-c
    Source-Version: 0.15-2
    Done: Nicolas Mora <babelouest@debian.org>
    
    We believe that the bug you reported is fixed in the latest version of
    json-c, which is due to be installed in the Debian FTP archive.
    
    A summary of the changes between this version and the previous one is
    attached.
    
    Thank you for reporting the bug, which will now be closed.  If you
    have further comments please address them to 966657@bugs.debian.org,
    and the maintainer will reopen the bug report if appropriate.
    
    Debian distribution maintenance software
    pp.
    Nicolas Mora <babelouest@debian.org> (supplier of updated json-c package)
    
    (This message was generated automatically at their request; if you
    believe that there is a problem with it please contact the archive
    administrators by mailing ftpmaster@ftp-master.debian.org)
    
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    Format: 1.8
    Date: Wed, 03 Feb 2021 07:28:20 -0500
    Source: json-c
    Architecture: source
    Version: 0.15-2
    Distribution: unstable
    Urgency: low
    Maintainer: Nicolas Mora <babelouest@debian.org>
    Changed-By: Nicolas Mora <babelouest@debian.org>
    Closes: 966657
    Changes:
     json-c (0.15-2) unstable; urgency=low
     .
       [Debian Janitor]
       * Set upstream metadata fields: Bug-Database, Repository, Repository-Browse.
     .
       [Nicolas Mora]
       * d/patches make build reproductible (Closes: #966657)
       * d/control: Update standards version to 4.5.1 (no change)
    Checksums-Sha1:
     50a595c2b4226a4c1c000385df914a9f76a83f7f 2084 json-c_0.15-2.dsc
     673595fab1ae532d07f45859b41340a3917a0d9a 11140 json-c_0.15-2.debian.tar.xz
     5245ab2010cbc401a898c857162499a3bcc00339 7877 json-c_0.15-2_amd64.buildinfo
    Checksums-Sha256:
     f16458d0da837e811ebd854182f1d606e95525a362da1da7f99e6a887a571b5f 2084 json-c_0.15-2.dsc
     f1282bb4894df30e4061ae7bad88afb6351d62e06f10b0b070603a8107fffde4 11140 json-c_0.15-2.debian.tar.xz
     8e4934db7c5641adefbd983d7a47176e79dcb20323150d30acaf8d34bfccacf9 7877 json-c_0.15-2_amd64.buildinfo
    Files:
     286f1d64af82a9999b8eb4c6a4b67cfc 2084 libs optional json-c_0.15-2.dsc
     3d0d93162438e2f5efddf5d2c4633c83 11140 libs optional json-c_0.15-2.debian.tar.xz
     127101a83576dd3ca43471b3e6024b21 7877 libs optional json-c_0.15-2_amd64.buildinfo
    
    -----BEGIN PGP SIGNATURE-----
    
    iQIzBAEBCgAdFiEEhAWwL8wo75dEyPJT/oITlEC9IrkFAmAaymMACgkQ/oITlEC9
    IrnxjA//UUdYrw+2ypSBaVed6KEK+tNN1sTO+QPboF+swwZSB+Um8BAQ1LJ+cuzo
    sXia7RdfZu8SwSDc3LemuXIS4SoN+zZD/4A/0y/PiWdEJlSluCVCPj8MF1zHteBR
    48dPUCzDAXC72Ad4WAaSkTQ+7gTv5gkEWRP/c/KgRXxZmBMT8n+hckerzVs+Fb2X
    xRo1KY5+s+N5gE7ozu8YYJUc2efhCuqH/y0+fZ4+3vYwbARS6bTXHtG5jtqtyZ3D
    jy3FEXOMnqxdRR502SgwrZlIEfZ04vHDVgsDHDbHWqEsOH+nhPK+LicMXX2BnEc6
    AspSJcCUR5n5tu8K9Ahx4kGJGCl/Fk9fFKP9bqW3GmriBkjtfRe3KULAtTAIGLfo
    dQU3ySkJnsaNRFybRUiG5Co/QC1Bcq26SQY8FpQ/9DqfRC+/1XkV6Zzat7QZBSh0
    skU/k6Sol0zpv3tpqBJW0+c/3Hb1fW7DHUhuce/ieb/jw5+N5rnKybpRlN7IkLcy
    YOx55D5tZf4W4QjFKYSsMCuHkQ3Vt3RJmqZZwAFZVH1Jm2xBfr36FOe9T2c+uuAe
    ZM84l+ywtqZhsKziIoO4BkGObgpbWXphprr2ppI0kuFQ4wfe58hViq3+KW+AIMes
    lCjGTduRvgkk4ZjocMjDk226ctRATpKpNG0I+bYwCbUnxZRq59o=
    =+yOp
    -----END PGP SIGNATURE-----
    
    
    
    

    Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 04 Mar 2021 07:29:43 GMT) (full text, mbox, link).


    Send a report that this bug log contains spam.


    Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Jan 31 01:01:40 2025; Machine Name: bembo

    Debian Bug tracking system

    Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

    Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.