Source: authselect Version: 1.6.2-1 Severity: wishlist Tags: patch User: [email protected] Usertags: filesystem X-Debbugs-Cc: [email protected]
Hi, Whilst working on the Reproducible Builds effort [0], we noticed that authselect could not be built reproducibly. This is because the build process generated a nondetermistic "checksum" file that was then shipped with the binary package. This file varied on the filesystem order, as well as the absolute build path. Patch attached that fixes both of these problems, but it may be simpler to simply not ship this file if it is not needed at runtime — in Debian, there are other ways of reasoning about the integrity and provenance of the source files. [0] https://reproducible-builds.org/ Regards, -- ,''`. : :' : Chris Lamb `. `'` [email protected] / chris-lamb.co.uk `-
--- a/debian/patches/0001_reproducible-build.patch 1969-12-31 16:00:00.000000000 -0800 --- b/debian/patches/0001_reproducible-build.patch 2025-12-18 10:42:34.835490267 -0800 @@ -0,0 +1,15 @@ +Description: Make the build reproducible +Author: Chris Lamb <[email protected]> +Last-Update: 2025-12-18 + +--- authselect-1.6.2.orig/profiles/Makefile.am ++++ authselect-1.6.2/profiles/Makefile.am +@@ -66,6 +66,6 @@ dist_profile_DATA = $(top_srcdir)/profil + $(NULL) + + install-data-hook: +- $(FIND) "$(DESTDIR)$(authselect_profile_dir)" -mindepth 2 -type f \ +- -printf "%P\n" -exec $(SHA256SUM) {} + | $(SHA256SUM) \ ++ cd "$(DESTDIR)$(authselect_profile_dir)"; $(FIND) -mindepth 2 -type f \ ++ -exec $(SHA256SUM) {} + | LC_ALL=C sort | $(SHA256SUM) \ + > "$(DESTDIR)$(authselect_profile_dir)/checksum" --- a/debian/patches/series 1969-12-31 16:00:00.000000000 -0800 --- b/debian/patches/series 2025-12-18 10:33:38.175867795 -0800 @@ -0,0 +1 @@ +0001_reproducible-build.patch
