On 2021-01-01, Vagrant Cascadian wrote: > The lirc package ships a /usr/share/lirc/lirc-VERSION.tar.gz tarball. > > This tarball contains timestamps produced during the build, can be > affected by the umask of the build environment. > > > https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/lirc.html > > /usr/share/lirc/lirc-0.10.1.tar.gz > > > -rw-r--r--···0·root···(0)·root···(0)··1667·2017-09-10·08:52:19.000000·lirc-0.10.1/README.rst > vs. > > -rw-rw-r--···0·root···(0)·root···(0)··1667·2017-09-10·08:52:19.000000·lirc-0.10.1/README.rst > > > I do not know enough about lirc to know if this tarball needed to be > shipped in the package, or could they be shipped as files in the > filesystem instead? > > > If it is ok to remove the tarball entirely, the attached patch fixes > these issues by removing the tarball from debian/rules.
The attached patch instead normalizes the timestamps, umask and user/group information rather than deleting the tarball. I would like to upload an NMU to fix this in the near future, as well as the proposed fixes for: #988907 lirc should build verbosely by default #979023 lirc: reproducible builds: File contents may vary depending on locale #979019 lirc: reproducible builds: Embeds timestamps and kernel version in various files live well, vagrant
From cc118d68518f93f6c3918b56a6c90e0b8ffefc55 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagr...@reproducible-builds.org> Date: Wed, 29 Nov 2023 16:42:57 -0800 Subject: [PATCH 4/4] debian/rules: Normalize shipped tarball of python source code. (Closes: #979024) The tarball includes timestamps and various other things that may vary between builds. https://reproducible-builds.org/docs/archives/ --- debian/rules | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/debian/rules b/debian/rules index cb7b70a..4bad31b 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,7 @@ #!/usr/bin/make -f include /usr/share/dpkg/architecture.mk +include /usr/share/dpkg/pkg-info.mk export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed @@ -77,6 +78,18 @@ endif override_dh_install: dh_install --fail-missing + # Normalize python tarball + tar --extract --file debian/lirc/usr/share/lirc/lirc-$(DEB_VERSION_UPSTREAM).tar.gz + rm -v debian/lirc/usr/share/lirc/lirc-$(DEB_VERSION_UPSTREAM).tar.gz + tar --sort=name \ + --mtime="@$(SOURCE_DATE_EPOCH)" \ + --owner=0 --group=0 --numeric-owner \ + --mode=u=rwX,go=rX \ + --create \ + --file debian/lirc/usr/share/lirc/lirc-$(DEB_VERSION_UPSTREAM).tar \ + lirc-$(DEB_VERSION_UPSTREAM) + gzip --best --no-name debian/lirc/usr/share/lirc/lirc-$(DEB_VERSION_UPSTREAM).tar + rm -rvf lirc-$(DEB_VERSION_UPSTREAM) override_dh_installinit: dh_installinit --package=lirc --name=lircd -- 2.39.2
signature.asc
Description: PGP signature
