Bug#976307: sudo: reproducible builds: different binaries when built on usrmerge system

Thu, 03 Dec 2020 00:27:15 -0800 

Source: sudo
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

When built on a system with usrmerge enabled, and a system without
usrmerge enabled, the visudo binary embeds different paths for the
"mv" program:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/sudo.html

  189   ··0x00023ba0·30256f20·2573002f·62696e2f·6d76002b·0%o·%s./bin/mv.+       
189     ··0x00023ba0·30256f20·2573002f·7573722f·62696e2f·0%o·%s./usr/bin/
  190   ··0x00023bb0·31006e65·78006e76·69007669·6d00656c·1.nex.nvi.vim.el       
190     ··0x00023bb0·6d76002b·31006e65·78006e76·69007669·mv.+1.nex.nvi.vi

The attached patch fixes this by passing an argument to configure to use
/bin/mv.


Thanks for maintaining sudo!


live well,
  vagrant

From a88dfde16b4aac231342bbdd07ec25180dded8f7 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagr...@reproducible-builds.org>
Date: Thu, 3 Dec 2020 08:09:10 +0000
Subject: [PATCH] debian/rules: Pass MVPROG=/bin/mv to configure to ensure
 reproducible build.

When built on a system with usrmerge enabled, and a system without
usrmerge enabled, the visudo binary embeds different paths for the
"mv" program.

Passing the /bin location to configure ensures using the most
compatible path, as a usrmerge system should have compatibility
symlinks available for /bin, while a non-usrmerge system is unlikely
to have compatibility symlinks for the /usr/bin location.
---
 debian/rules | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/debian/rules b/debian/rules
index 5b438ea..1117b57 100755
--- a/debian/rules
+++ b/debian/rules
@@ -14,6 +14,10 @@ ifeq ($(DEB_HOST_ARCH_OS),linux)
   configure_args += --with-selinux --with-linux-audit --enable-tmpfiles.d=yes
 endif
 
+# Consistently use /bin/mv to ensure reproducible builds regardless of
+# building on a usrmerge or non-usrmerge system.
+configure_args += MVPROG=/bin/mv
+
 reconf-stamp:
 	cp -f /usr/share/misc/config.sub config.sub
 	cp -f /usr/share/misc/config.guess config.guess
-- 
2.20.1

Attachment: signature.asc
Description: PGP signature

Reply via email to