Package: libfile-scan-perl
Version: 1.43-2
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness timestamp
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org
This package can't currently be built reproducibly
because the code generated by Makefile.PL embeds
a timestamp and uses unsorted hash keys.
Two patches attached. The test suite is very minimal,
so eyeballs would be welcome.
--
Niko Tyni nt...@debian.org
>From 7a16ea0eef83cfee6db7cdeee2ca0afdec6effe7 Mon Sep 17 00:00:00 2001
From: Niko Tyni <nt...@debian.org>
Date: Mon, 8 Jun 2015 22:55:27 +0300
Subject: [PATCH 1/2] Don't put a timestamp in generated Scan.pm
This is done to make the build reproducible.
---
Makefile.PL | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/Makefile.PL b/Makefile.PL
index dadcfd6..a8cc8b5 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -152,9 +152,8 @@ sub make_module {
sub get_code {
my $patterns = shift;
- my $today = &string_date();
my $code = <<ENDOFCODE1;
-# generated in: $today
+# generated data follows
sub get_app_sign {
\$_ = pop;
--
2.1.4
>From eab4aff7f62428d05f8b4243dfd4e6f0ceaab3b8 Mon Sep 17 00:00:00 2001
From: Niko Tyni <nt...@debian.org>
Date: Mon, 8 Jun 2015 22:55:36 +0300
Subject: [PATCH 2/2] Make the Scan.pm generation reproducible by sorting hash
keys
---
Makefile.PL | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/Makefile.PL b/Makefile.PL
index a8cc8b5..8a3db0d 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -159,7 +159,7 @@ sub get_app_sign {
\$_ = pop;
ENDOFCODE1
my $c = 0;
- for my $key (keys(%{$app_signatures})) {
+ for my $key (sort keys(%{$app_signatures})) {
$c++;
$conversion{$key} = $c;
my $n = length($key)/2;
@@ -223,10 +223,11 @@ ENDOFCODE3
$code .= "\t\t\t\t/" . $script_lang->{'in'}->{$sl} . "/os and \$script = \"$sl\", last TEST;\n";
}
$code .= "\t\t\t}\n\t\t}\n\t\tif(\$script) {\n";
- for my $sl (keys(%{$script_lang->{'in'}})) {
+ for my $sl (sort keys(%{$script_lang->{'in'}})) {
if(scalar(keys(%{$patterns->{$sl}->{'0'}}))) {
$code .= "\t\t\tif(\$script eq \"$sl\") {\n";
- while(my($key, $value) = each(%{$patterns->{$sl}->{'0'}})) {
+ for my $key (sort keys %{$patterns->{$sl}->{'0'}}) {
+ my $value = $patterns->{$sl}->{'0'}{$key};
$code .= "\t\t\t\t/$value/s and \$virus = \"$key\", last LINE;\n";
}
$code .= "\t\t\t}\n";
@@ -237,16 +238,18 @@ ENDOFCODE3
/<\\/script[^>]*>/s and \$script = "";
} else {
ENDOFCODE4
- for my $sl (keys(%{$script_lang->{'out'}})) {
- while(my($key, $value) = each(%{$patterns->{$sl}->{'0'}})) {
+ for my $sl (sort keys(%{$script_lang->{'out'}})) {
+ for my $key (sort keys %{$patterns->{$sl}->{'0'}}) {
+ my $value = $patterns->{$sl}->{'0'}{$key};
$code .= "\t\t\t/$value/s and \$virus = \"$key\", last LINE;\n";
}
}
$code .= "\t\t}\n";
if(scalar(keys(%{$script_lang->{'mix'}}))) {
$code .= "\t\tunless(\$script eq \"HTMLJS\") {\n";
- for my $sl (keys(%{$script_lang->{'mix'}})) {
- while(my($key, $value) = each(%{$patterns->{$sl}->{'0'}})) {
+ for my $sl (sort keys(%{$script_lang->{'mix'}})) {
+ for my $key (sort keys %{$patterns->{$sl}->{'0'}}) {
+ my $value = $patterns->{$sl}->{'0'}{$key};
$code .= "\t\t\t/$value/s and \$virus = \"$key\", last LINE;\n";
}
}
@@ -300,7 +303,7 @@ ENDOFCODE6
}
ENDOFCODE7
my $lcode = "";
- for my $key (keys(%{$app_signatures})) {
+ for my $key (sort keys(%{$app_signatures})) {
my $c = $conversion{$key};
$lcode .= ($lcode) ? "\t\t} els" : "\t\t";
$lcode .= "if(\$type == $c) {\n";
@@ -337,13 +340,14 @@ sub subgene {
my $tab = shift;
my $code = "";
- for my $limit (keys(%{$pat})) {
+ for my $limit (sort keys(%{$pat})) {
my $tabs = $tab;
if($limit) {
$code .= $tabs . "if($limit) \{\n";
$tabs .= "\t";
}
- while(my($key, $value) = each(%{$pat->{$limit}})) {
+ for my $key (sort keys %{$pat->{$limit}}) {
+ my $value = $pat->{$limit}{$key};
$code .= $tabs . "/$value/s and \$virus = \"$key\", last LINE;\n";
}
$code .= "$tab\}\n" if($limit);
--
2.1.4
