* [bug#57304] Fix mm-common reproduciblility issues
@ 2022-08-20 2:51 Vagrant Cascadian
2022-08-30 20:34 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Vagrant Cascadian @ 2022-08-20 2:51 UTC (permalink / raw)
To: 57304
[-- Attachment #1.1: Type: text/plain, Size: 1634 bytes --]
The userid used during the build is embedded in a shipped tarball in the
mm-common package. Some abbreviated diffoscope output from guix
challenge against builds from ci.guix.gnu.org and bordeax.guix.gnu.org:
│ │ │ │ --- /tmp/guix-directory.rKX8CR/share/doc/mm-common/skeletonmm.tar.xz
│ │ │ ├── +++ /tmp/guix-directory.rlW2tI/share/doc/mm-common/skeletonmm.tar.xz
│ │ │ │ ├── skeletonmm.tar
│ │ │ │ │ ├── file list
│ │ │ │ │ │ @@ -1,36 +1,36 @@
│ │ │ │ │ │ +-rw-r--r-- 0 nixbld (996) nixbld (30000) 60 2021-05-20 08:57:07.009229 skeletonmm/.gitignore
│ │ │ │ │ │ +-rw-r--r-- 0 nixbld (996) nixbld (30000) 59 2021-05-20 08:57:07.009229 skeletonmm/AUTHORS
│ │ │ │ │ │ +-rw-r--r-- 0 nixbld (996) nixbld (30000) 26527 2021-05-20 08:57:07.009229 skeletonmm/COPYING
...
│ │ │ │ │ │ --rw-r--r-- 0 nixbld (995) nixbld (30000) 60 2021-05-20 08:57:07.009229 skeletonmm/.gitignore
│ │ │ │ │ │ --rw-r--r-- 0 nixbld (995) nixbld (30000) 59 2021-05-20 08:57:07.009229 skeletonmm/AUTHORS
│ │ │ │ │ │ --rw-r--r-- 0 nixbld (995) nixbld (30000) 26527 2021-05-20 08:57:07.009229 skeletonmm/COPYING
The attached patch fixes this by setting the user, group, uid and gid
consistently.
$ guix refresh --list-dependent mm-common
Building the following 1138 packages would ensure 2236 dependent
packages are rebuilt: ...
Looks like it will have to wait for core-updates at least...
live well,
vagrant
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-gnu-mm-common-Build-reproducibly.patch --]
[-- Type: text/x-diff, Size: 3815 bytes --]
From 4b359c9bbc918e6dcf1cab1141a9651d6d7bf271 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 19 Aug 2022 19:32:08 -0700
Subject: [PATCH] gnu: mm-common: Build reproducibly.
* gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch:
New file.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/packages/gnome.scm (mm-common)[source]: Add patch.
---
gnu/local.mk | 1 +
gnu/packages/gnome.scm | 5 ++-
...consistent-user-and-group-in-tarball.patch | 40 +++++++++++++++++++
3 files changed, 45 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 4e4ad908ce..20d322e27f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1516,6 +1516,7 @@ dist_patch_DATA = \
%D%/packages/patches/mit-krb5-hurd.patch \
%D%/packages/patches/mixxx-link-qtscriptbytearray-qtscript.patch \
%D%/packages/patches/mixxx-system-googletest-benchmark.patch \
+ %D%/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch \
%D%/packages/patches/mpc123-initialize-ao.patch \
%D%/packages/patches/mpg321-CVE-2019-14247.patch \
%D%/packages/patches/mpg321-gcc-10.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index ae46e55c51..790881b9d8 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -1143,7 +1143,10 @@ (define-public mm-common
"mm-common-" version ".tar.xz"))
(sha256
(base32
- "1x8yvjy0yg17qyhmqws8xh2k8dvzrhpwqz7j1cfwzalrb1i9c5g8"))))
+ "1x8yvjy0yg17qyhmqws8xh2k8dvzrhpwqz7j1cfwzalrb1i9c5g8"))
+ (patches
+ (search-patches
+ "mm-common-consistent-user-and-group-in-tarball.patch"))))
(build-system meson-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch b/gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch
new file mode 100644
index 0000000000..f0890aaf57
--- /dev/null
+++ b/gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch
@@ -0,0 +1,40 @@
+From 024c121c844a4ec920133eb3f7e6b6ee8044c0b6 Mon Sep 17 00:00:00 2001
+From: Vagrant Cascadian <vagrant@reproducible-builds.org>
+Date: Sat, 12 Dec 2020 04:05:56 +0000
+Original-Patch: https://bugs.debian.org/977177
+Subject: [PATCH] Set uid, username, gid, and group name on files in
+ generated tarball.
+
+The user and group may otherwise vary between builds on different systems.
+
+---
+ util/meson_aux/skeletonmm-tarball.py | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/util/meson_aux/skeletonmm-tarball.py b/util/meson_aux/skeletonmm-tarball.py
+index db9e650..89049b6 100755
+--- a/util/meson_aux/skeletonmm-tarball.py
++++ b/util/meson_aux/skeletonmm-tarball.py
+@@ -39,10 +39,18 @@ elif output_file.endswith('.gz'):
+ else:
+ mode = 'w'
+
++def reproducible(tarinfo):
++ # Set consistent user and group on files in the tar archive
++ tarinfo.uid = 0
++ tarinfo.uname = 'root'
++ tarinfo.gid = 0
++ tarinfo.gname = 'root'
++ return tarinfo
++
+ with tarfile.open(output_file, mode=mode) as tar_file:
+ os.chdir(source_dir) # Input filenames are relative to source_dir.
+ for file in sys.argv[3:]:
+- tar_file.add(file)
++ tar_file.add(file, filter=reproducible)
+ # Errors raise exceptions. If an exception is raised, Meson+ninja will notice
+ # that the command failed, despite exit(0).
+ sys.exit(0)
+--
+2.29.2
+
--
2.35.1
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#57304] Fix mm-common reproduciblility issues
2022-08-20 2:51 [bug#57304] Fix mm-common reproduciblility issues Vagrant Cascadian
@ 2022-08-30 20:34 ` Ludovic Courtès
2022-08-31 0:46 ` bug#57304: " Vagrant Cascadian
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2022-08-30 20:34 UTC (permalink / raw)
To: Vagrant Cascadian; +Cc: 57304
Hi,
Vagrant Cascadian <vagrant@reproducible-builds.org> skribis:
> The userid used during the build is embedded in a shipped tarball in the
> mm-common package. Some abbreviated diffoscope output from guix
> challenge against builds from ci.guix.gnu.org and bordeax.guix.gnu.org:
Good catch.
> The attached patch fixes this by setting the user, group, uid and gid
> consistently.
>
> $ guix refresh --list-dependent mm-common
> Building the following 1138 packages would ensure 2236 dependent
> packages are rebuilt: ...
>
> Looks like it will have to wait for core-updates at least...
Yeah, let’s apply it on ‘core-updates’.
> From 4b359c9bbc918e6dcf1cab1141a9651d6d7bf271 Mon Sep 17 00:00:00 2001
> From: Vagrant Cascadian <vagrant@reproducible-builds.org>
> Date: Fri, 19 Aug 2022 19:32:08 -0700
> Subject: [PATCH] gnu: mm-common: Build reproducibly.
>
> * gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch:
> New file.
> * gnu/local.mk (dist_patch_DATA): Add patch.
> * gnu/packages/gnome.scm (mm-common)[source]: Add patch.
[...]
> + %D%/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch \
I’d suggest a shorter name to appease ‘tar’, say
‘mm-common-reproducible-tarball.patch’.
Otherwise LGTM, thanks!
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#57304: Fix mm-common reproduciblility issues
2022-08-30 20:34 ` Ludovic Courtès
@ 2022-08-31 0:46 ` Vagrant Cascadian
0 siblings, 0 replies; 3+ messages in thread
From: Vagrant Cascadian @ 2022-08-31 0:46 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 57304-done
[-- Attachment #1: Type: text/plain, Size: 1613 bytes --]
On 2022-08-30, Ludovic Courtès wrote:
> Vagrant Cascadian <vagrant@reproducible-builds.org> skribis:
>> The userid used during the build is embedded in a shipped tarball in the
>> mm-common package. Some abbreviated diffoscope output from guix
>> challenge against builds from ci.guix.gnu.org and bordeax.guix.gnu.org:
>
> Good catch.
>
>> The attached patch fixes this by setting the user, group, uid and gid
>> consistently.
>>
>> $ guix refresh --list-dependent mm-common
>> Building the following 1138 packages would ensure 2236 dependent
>> packages are rebuilt: ...
>>
>> Looks like it will have to wait for core-updates at least...
>
> Yeah, let’s apply it on ‘core-updates’.
>
>> From 4b359c9bbc918e6dcf1cab1141a9651d6d7bf271 Mon Sep 17 00:00:00 2001
>> From: Vagrant Cascadian <vagrant@reproducible-builds.org>
>> Date: Fri, 19 Aug 2022 19:32:08 -0700
>> Subject: [PATCH] gnu: mm-common: Build reproducibly.
>>
>> * gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch:
>> New file.
>> * gnu/local.mk (dist_patch_DATA): Add patch.
>> * gnu/packages/gnome.scm (mm-common)[source]: Add patch.
>
> [...]
>
>> + %D%/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch \
>
> I’d suggest a shorter name to appease ‘tar’, say
> ‘mm-common-reproducible-tarball.patch’.
I do not think tar is too worried about that anymore since the updated
tar format, but it is easier on human eyes, so I'll go along with it. :)
Pushed 5ce7178eb8375716625de14f59e227fdd9b8d9f0 to core-updates!
live well,
vagrant
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-08-31 0:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-20 2:51 [bug#57304] Fix mm-common reproduciblility issues Vagrant Cascadian
2022-08-30 20:34 ` Ludovic Courtès
2022-08-31 0:46 ` bug#57304: " Vagrant Cascadian
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.