Report forwarded
to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>: Bug#990323; Package src:volume-key.
(Fri, 25 Jun 2021 17:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>.
(Fri, 25 Jun 2021 17:42:03 GMT) (full text, mbox, link).
Source: volume-key
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath usrmerge shell
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
The build path, several binary paths, and the value of the SHELL
variable are embedded in example Makefiles shipped in the package:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/volume-key.html
./usr/share/doc/volume_key/contrib/Makefile.gz
ACLOCAL·=·${SHELL}·'/build/1st/volume-key-0.3.12/admin/missing'·aclocal-1.16
vs.
ACLOCAL·=·${SHELL}·'/build/2/volume-key-0.3.12/2nd/admin/missing'·aclocal-1.16
GREP·=·/bin/grep
vs.
GREP·=·/usr/bin/grep
SHELL·=·/bin/bash
vs.
SHELL·=·/bin/sh
Since these values may differ with the installed system, in order to use
the example Makefiles, a person would have to regenerate them from
Makefile.am or Makefile.in, which are also provided.
The attached patch adjusts debian/rules to remove the Makefile before
running dh_install.
If that is somehow not an option, an alternate option would be to
sanitize the Makefiles stripping the build path (or replacing with
/usr/src?), and possibly passing various variables to configure
(e.g. GREP=/bin/grep, SHELL=/bin/sh, ...).
Thanks for maintaining volume-key!
live well,
vagrant
From a751749dabf2dd4b87796cb5924ba7e0d0cf7cf5 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 25 Jun 2021 17:25:14 +0000
Subject: [PATCH] debian/rules: Remove Makefile to resolve reproducibility
issues.
The build path, several binary paths, and the value of the SHELL
variable are embedded in a Makefile shipped in the package.
Since these values may differ with the installed system, in order to use
the example Makefiles, a person would have to regenerate them from
Makefile.am or Makefile.in, which are also provided.
---
debian/rules | 2 ++
1 file changed, 2 insertions(+)
diff --git a/debian/rules b/debian/rules
index 3e2b027..0ba6e6a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -16,6 +16,8 @@ override_dh_auto_configure:
override_dh_install:
find debian/tmp -name '*.la' -print -delete
+ # Remove example Makefile to fix reproducibility issues
+ find contrib -name Makefile -print -delete
dh_install
override_dh_missing:
--
2.32.0
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>: Bug#990323; Package src:volume-key.
(Fri, 25 Jun 2021 19:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Biebl <biebl@debian.org>:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>.
(Fri, 25 Jun 2021 19:03:03 GMT) (full text, mbox, link).
Am 25.06.21 um 19:39 schrieb Vagrant Cascadian:
> The attached patch adjusts debian/rules to remove the Makefile before
> running dh_install.
Personally, I would probably just drop the following line from
debian/volume-key.install
contrib usr/share/doc/volume_key
Any objections? Does anyone find those scripts particularly useful?
Source: volume-key
Source-Version: 0.3.12-4
Done: Michael Biebl <biebl@debian.org>
We believe that the bug you reported is fixed in the latest version of
volume-key, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 990323@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated volume-key package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 02 Sep 2022 13:51:10 +0200
Source: volume-key
Architecture: source
Version: 0.3.12-4
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Closes: 990323
Changes:
volume-key (0.3.12-4) unstable; urgency=medium
.
* Team upload
* Add proper meta data to the patch from the NMU
* Bump debhelper-compat to 13
* Drop no longer needed override for dh_missing.
In compat 13 and later, --fail-missing is the default.
* Use execute_before instead of override for dh_install
* Bump Standards-Version to 4.6.1
* Stop installing AUTHORS and README file twice.
They are already installed via debian/docs.
* Stop installing contrib/ directory.
Besides some example scripts, the directory contains a generated
Makefile that embeds build paths and thus breaks reproducibility.
(Closes: #990323)
* Mark libvolume-key1 and libvolume-key-dev as Multi-Arch: same
Checksums-Sha1:
490774e27006cda63e86a5ab1a479c3e6062cd72 2286 volume-key_0.3.12-4.dsc
820165b0a26d38e0fd2a0976340cbb5cfa377c0a 5564 volume-key_0.3.12-4.debian.tar.xz
7c2a0ecceb0887691f2e2fa97e13aa2e6975deb3 12845 volume-key_0.3.12-4_source.buildinfo
Checksums-Sha256:
148d80e9f690b6d73bb347875297e94324127c43d0c434494fdaecc0335325a6 2286 volume-key_0.3.12-4.dsc
e9e439145fdfd7874646f6fb38039d784b69cb52161ff5437e7645708625d6a2 5564 volume-key_0.3.12-4.debian.tar.xz
a01fe8388807de53a2a8617606d397480797cd11c6d85346d3ef8a20dbdf375f 12845 volume-key_0.3.12-4_source.buildinfo
Files:
ed55c639f3d3a6834f5900863675b4cb 2286 utils optional volume-key_0.3.12-4.dsc
1c6da9598f4fac44e6f161634a8ec2cb 5564 utils optional volume-key_0.3.12-4.debian.tar.xz
b9936eeab4fff3982387f44cf9d73dd9 12845 utils optional volume-key_0.3.12-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmMR9MoACgkQauHfDWCP
Itxjtg/8DLIFEnbZvFFoJB/oZDUKh2UtajwPqFpXA2wzxmGNtZF/h6vvteE+BokZ
O1R32Q14M1MhJT2furCWohVFfHy70lZCInPF0OtdBzOt3gyLuQ+Yjc8k7SMbxcxu
n1Vakj6nWZOtP7RbtKTSBuWurZ62zyg/jVW5ti+Fn8+5AUvFeYRCOELc6mDBV/Sk
sliH3H2FqZv9wPQkrqOjSG9Hb4BT3e2Wl3/ODloeYEZbS2EojlU4Bx8mcc++737D
kmJlC9Eba5E5xyp6e7co+ad8voeiJBIrAfbTw8+1FunJF/OJGgBvWFp6wrQuerOP
0N1yXyf0CvTQohm77TfWO9oLgYOR6q7eQbQsV2pN74VCX6/TuPJmCp5k3RJCaW/U
i59NUEvblc22j2G/8kudlCVEfrVgbLLZmsbDLogvI/jmiXLden4+z8qTvJFuA1kd
S4UyHxLlwZJidIG1ocadOjlQvHkY011pJqEE902Fk80AM4O4M3ATb6xVEFpwBNP+
0HuGfQAgJnUpVJEAdrLDOOH95SlHW1IPsIQFlhjobeTaBI9wrAP2oNLUsoMFcFGA
kHXekV+qGFvO7DuDO1jnFgeaD+UWawj7vY0ElHhsgKF+sLp9cCeDiBmoeD/iQKYK
d28OuWKy88ATojjyDpIpxSQ605CRfDS6wEpsqfw0HnI1ropm4H0=
=D3ct
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 11 Oct 2022 07:25:54 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.