Bug#797415: apparmor: please make the build reproducible

[Reiner Herrmann]

Source: apparmor
Version: 2.10-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: locale
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org

Hi!

While working on the "reproducible builds" effort [1], we have noticed
that apparmor could not be built reproducibly.
The CAPABILITIES list, which is used for compiling apparmor_parser and the
apparmor.vim file, has a different order depending on the locale.

The attached patch fixes this by sorting with the locale set to C.

Regards,
 Reiner

[1]: https://wiki.debian.org/ReproducibleBuilds


diff --git a/debian/patches/series b/debian/patches/series
index f5229dc..6469e8b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -24,6 +24,7 @@ add-chromium-browser.patch
 pass-compiler-flags.patch
 raise-test-timeout.patch
 non-linux.patch
+sort-capabilities.patch
 
 #
 # Patches backported from upstream commits
diff --git a/debian/patches/sort-capabilities.patch b/debian/patches/sort-capabilities.patch
new file mode 100644
index 0000000..539b972
--- /dev/null
+++ b/debian/patches/sort-capabilities.patch
@@ -0,0 +1,16 @@
+Author: Reiner Herrmann <rei...@reiner-h.de>
+Description: Sort capabilities independent of configured locale
+
+Index: apparmor-2.10/common/Make.rules
+===================================================================
+--- apparmor-2.10.orig/common/Make.rules
++++ apparmor-2.10/common/Make.rules
+@@ -82,7 +82,7 @@ pod_clean:
+ # =====================
+ 
+ # emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
+-CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
++CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | LC_ALL=C sort)
+ 
+ .PHONY: list_capabilities
+ list_capabilities:

signature.asc
Description: OpenPGP digital signature