Bug#1090395: closed by Debian FTP Masters (reply to Matthias Klose ) (Bug#1090395: fixed in binutils 2.43.50.20250108-1)

James Addison Wed, 08 Jan 2025 17:24:26 -0800
Thank you, Matthias!

On Thu, 9 Jan 2025 at 00:24, Debian Bug Tracking System
<ow...@bugs.debian.org> wrote:
>
> This is an automatic notification regarding your Bug report
> which was filed against the binutils-doc package:
>
> #1090395: binutils-doc: examples.tar.gz archive metadata includes build user 
> uid
>
> It has been closed by Debian FTP Masters <ftpmas...@ftp-master.debian.org> 
> (reply to Matthias Klose <d...@debian.org>).
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Debian FTP Masters 
> <ftpmas...@ftp-master.debian.org> (reply to Matthias Klose <d...@debian.org>) 
> by
> replying to this email.
>
>
> --
> 1090395: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090395
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>
>
>
> ---------- Forwarded message ----------
> From: Debian FTP Masters <ftpmas...@ftp-master.debian.org>
> To: 1090395-cl...@bugs.debian.org
> Cc:
> Bcc:
> Date: Thu, 09 Jan 2025 00:22:25 +0000
> Subject: Bug#1090395: fixed in binutils 2.43.50.20250108-1
> Source: binutils
> Source-Version: 2.43.50.20250108-1
> Done: Matthias Klose <d...@debian.org>
>
> We believe that the bug you reported is fixed in the latest version of
> binutils, which is due to be installed in the Debian FTP archive.
>
> A summary of the changes between this version and the previous one is
> attached.
>
> Thank you for reporting the bug, which will now be closed.  If you
> have further comments please address them to 1090...@bugs.debian.org,
> and the maintainer will reopen the bug report if appropriate.
>
> Debian distribution maintenance software
> pp.
> Matthias Klose <d...@debian.org> (supplier of updated binutils package)
>
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing ftpmas...@ftp-master.debian.org)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Thu, 09 Jan 2025 00:34:21 +0100
> Source: binutils
> Architecture: source
> Version: 2.43.50.20250108-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Matthias Klose <d...@debian.org>
> Changed-By: Matthias Klose <d...@debian.org>
> Closes: 1090395 1090761
> Changes:
>  binutils (2.43.50.20250108-1) unstable; urgency=medium
>  .
>    * New upstream snapshot, taken from the trunk.
>    * Avoid warning in env-package-metadata.diff patch (Nicolas Boulenguez).
>      Closes: #1090761.
>    * binutils-doc: Make package reproducible. Closes: #1090395.
> Checksums-Sha1:
>  96557a5fb9c8290dc761a7096fa242c0f65096d6 11395 
> binutils_2.43.50.20250108-1.dsc
>  46d6402e312a4b52ef32f34bae41dde8b1aa7c6d 24086204 
> binutils_2.43.50.20250108.orig.tar.xz
>  80c0afcb989d3d0b9c7e55008b5331ec136331c9 125416 
> binutils_2.43.50.20250108-1.debian.tar.xz
>  28a96a8a8608b32051908bbffb5137fd6231b2b4 6743 
> binutils_2.43.50.20250108-1_source.buildinfo
> Checksums-Sha256:
>  b6fcee50b285a8cff589781eacf83f216a985bb1b1353b48fa25718c62bb0975 11395 
> binutils_2.43.50.20250108-1.dsc
>  ac59e6318dbc68e05619d5745e604ea3d533e244f2b8b921a6228bfe50a86c8b 24086204 
> binutils_2.43.50.20250108.orig.tar.xz
>  26ab589b27244ee6111b73e0551ea87a6ecfc258910cbf626a7989efcafdcd9b 125416 
> binutils_2.43.50.20250108-1.debian.tar.xz
>  93051c5f111f99ab0b84c83916c19062db16d30a7cbb28d821d529b9187ccf9a 6743 
> binutils_2.43.50.20250108-1_source.buildinfo
> Files:
>  2d42215dff691cee967c55669826446f 11395 devel optional 
> binutils_2.43.50.20250108-1.dsc
>  39e264858794fa04a44ffe1122d59c19 24086204 devel optional 
> binutils_2.43.50.20250108.orig.tar.xz
>  b8b38be82c46088ee543a1b13e14125b 125416 devel optional 
> binutils_2.43.50.20250108-1.debian.tar.xz
>  54b510690686ea3d2b58e53e07476408 6743 devel optional 
> binutils_2.43.50.20250108-1_source.buildinfo
> -----BEGIN PGP SIGNATURE-----
>
> iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmd/D+wQHGRva29AZGVi
> aWFuLm9yZwAKCRC9fqpgd4+m9XqBD/wNNfjC4EDUplsjvAstP9A8E5IopjZYyJZv
> dIWfxdhTURMXJH75eWAMaffK+Ba9W95J5oJgTHDXXY0ZS1Hk4oHLY6gXht9BQKhP
> YaolMVzGsEFjwrH0eY9WXCfLr29YGJ77lGu8kLdDqiUCR09fWnUHCzwLSx+trjac
> RFOpcA/n+ZxXZQOzblbaFz+YKU5b9ot8FQ2JeXO2E447pQGtGLB7zTqJY9IMXR+w
> CMnV3XcaB+26Yd9ksRTUSUS/3Fm01/8euV8jEHbSytOrvrP3sBK8y212e7DBHPkQ
> V4+kSQyjLCa9WiifIu8OxwJaqhxji4hmHw9TUInQRryeHPPGXb124gH7QyB1sldN
> elu722ZlIqAeQt+QkoJQCw/QeXQZ8ZItRtGHrrW+VRpDvSEKbPa+aiA7cJVmIYDo
> xS5Hv9a64ArGRsAKT+YROWGDjN/+UnTASPyNGt2ztYZSUWA/XAhw2u1SZz5bVLnF
> QENBUU2o5dKq8IeIEnf9dVqDDSpaiFoyPIl4WbqHCe+ol2NfSyve6xiyY36YPqqH
> 9YDerzErY5L0q/xkl+NAY+rvoOYW4xY3eUo8LCXi/lvs/dHRktQi0ctw/CUPadpX
> WFhw1fvp2gfl+LAiGGJLHQY34QdGsoCFTHxF32XR+xvutU35NByLABXoSe725Rlg
> 5wRkKga1eQ==
> =laRJ
> -----END PGP SIGNATURE-----
>
>
>
>
> ---------- Forwarded message ----------
> From: James Addison <j...@jp-hosting.net>
> To: Debian Bug Tracking System <sub...@bugs.debian.org>
> Cc:
> Bcc:
> Date: Wed, 18 Dec 2024 00:37:28 +0000
> Subject: binutils-doc: examples.tar.gz archive metadata includes build user 
> uid
> Package: binutils-doc
> Version: 2.43.50.20241112-1
> Severity: minor
> Tags: upstream
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: username
>
> Dear Maintainer,
>
> I'm an occasional volunteer contributor to the Reproducible Builds[1] project,
> and noticed recently that the Debian binutils-doc package began failing
> automated reproducible build testing[2].
>
> The cause appears to relate to the examples.tar.gz file, that I think began
> appearing (as intended) in the package recently, likely related to some
> upstream work/fixes[3][4][5] that landed in mid-October 2024.
>
> However: the tar invocation used to construct the file does not guarantee a
> deterministic output, because the constructed tarfile encodes the uid and
> username of the build user.
>
> A solution for this is described in the Reproducible Builds documentation at:
>
>   https://reproducible-builds.org/docs/archives/#users-groups-and-numeric-ids
>
>
> In particular I believe the goal should be to adjust the tar invocations at:
>
>   
> https://sources.debian.org/src/binutils/2.43.50.20241215-1/gprofng/doc/Makefile.am/#L64
>   
> https://sources.debian.org/src/binutils/2.43.50.20241215-1/gprofng/doc/Makefile.in/#L898
>
> ...to include '--owner=0 --group=0 --numeric-owner'.
>
>
> However, I'm not yet entirely sure how to apply that, given that automake may
> be involved based on the filename(s).
>
> I'll attempt to provide a patch, either in this bugthread and/or by providing 
> a
> merge request on Salsa.
>
> Thanks,
> James
>
> [1] - https://reproducible-builds.org/
>
> [2] - 
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/binutils.html
>
> [3] - 
> https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=61621e018c847e578b4ce2eae2f6f2899e0c3a1a
>
> [4] - 
> https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=8789556ab4b3b6f736ac101a27b0278fcc3b0e82
>
> [5] - 
> https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=aaa4688f9dbbfb0ff887a15703a657180924334d
Bug#1090395: closed by Debian FTP Masters (reply to Matthias Klose ) (Bug#1090395: fixed in binutils 2.43.50.20250108-1)

Reply via email to
