Source: nix Severity: normal Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: usrmerge X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
When built on a system with usrmerge enabled, and a system without
usrmerge usrmerge enabled, A file in the nix-bin package embeds
different paths for bash, bzip2, gzip and tar:
./usr/share/nix/corepkgs/config.nix
Offset 1, 18 lines modified Offset 1, 18 lines modified
1 let 1 let
2 ··fromEnv·=·var:·def: 2 ··fromEnv·=·var:·def:
3 ····let·val·=·builtins.getEnv·var;·in 3
····let·val·=·builtins.getEnv·var;·in
4 ····if·val·!=·""·then·val·else·def; 4
····if·val·!=·""·then·val·else·def;
5 in·rec·{ 5 in·rec·{
6 ··shell·=·"/bin/bash"; 6 ··shell·=·"/usr/bin/bash";
7 ··coreutils·=·"/usr/bin:/bin"; 7 ··coreutils·=·"/usr/bin:/bin";
8 ··bzip2·=·"/bin/bzip2"; 8 ··bzip2·=·"/usr/bin/bzip2";
9 ··gzip·=·"/bin/gzip"; 9 ··gzip·=·"/usr/bin/gzip";
10 ··xz·=·"/usr/bin/xz"; 10 ··xz·=·"/usr/bin/xz";
11 ··tar·=·"/bin/tar"; 11 ··tar·=·"/usr/bin/tar";
I'm not sure if this file is used in a practical way for the installed
package, but if it does, a package built on a usrmerge system will not
correctly run on a non-usrmerge system.
The attached patch hard-codes these to use the compatible paths in /bin
for these binaries, which should be present on both a usrmerge and
non-usrmerge system, resulting in a backwards compatible and
reproducible build.
Another approach might be if this file is not needed during runtime to
exclude it from the package; I'm not familiar enough with nix to know if
that is viable or not.
Thanks for maintaining nix!
live well,
vagrant
From 6a5712aeedc3b97dfd8de82432f375bc60b312bb Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagr...@reproducible-builds.org>
Date: Thu, 24 Sep 2020 18:13:51 +0000
Subject: [PATCH] Add patch to fix reproducible builds on usrmerge system.
---
...bash-bzip2-gzip-and-tar-to-fix-repro.patch | 41 +++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 42 insertions(+)
create mode 100644 debian/patches/Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch
diff --git a/debian/patches/Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch b/debian/patches/Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch
new file mode 100644
index 00000000..48774dc8
--- /dev/null
+++ b/debian/patches/Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch
@@ -0,0 +1,41 @@
+From 710cbeb21274b555bd72a6c5b2b876e8d036107c Mon Sep 17 00:00:00 2001
+From: Vagrant Cascadian <vagr...@reproducible-builds.org>
+Date: Thu, 24 Sep 2020 18:10:01 +0000
+Subject: [PATCH] Specify path to bash, bzip2, gzip and tar to fix reproducible
+ build when built on usrmerge system.
+
+When built on a system with usrmerge enabled, and a system without
+usrmerge usrmerge enabled, A file in the nix-bin package embeds
+different paths for bash, bzip2, gzip and tar.
+
+This patch hard-codes these binaries to use the paths present on both
+usrmerge and non-usrmerge systems.
+
+---
+ corepkgs/config.nix.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/corepkgs/config.nix.in b/corepkgs/config.nix.in
+index 32ce6b39..7d91ce85 100644
+--- a/corepkgs/config.nix.in
++++ b/corepkgs/config.nix.in
+@@ -3,12 +3,12 @@ let
+ let val = builtins.getEnv var; in
+ if val != "" then val else def;
+ in rec {
+- shell = "@bash@";
++ shell = "/bin/bash";
+ coreutils = "@coreutils@";
+- bzip2 = "@bzip2@";
+- gzip = "@gzip@";
++ bzip2 = "/bin/bzip2";
++ gzip = "/bin/gzip";
+ xz = "@xz@";
+- tar = "@tar@";
++ tar = "/bin/tar";
+ tarFlags = "@tarFlags@";
+ tr = "@tr@";
+ nixBinDir = fromEnv "NIX_BIN_DIR" "@bindir@";
+--
+2.20.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 0f7766da..0eece566 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
fix-service-file-path.patch
fix-Makefile.patch
remove_callout_graphics.patch
+Specify-path-to-bash-bzip2-gzip-and-tar-to-fix-repro.patch
--
2.20.1
signature.asc
Description: PGP signature
