[Reproducible-builds] Bug#804600: dh-strip-nondeterminism: Breaks crypto signatures on Mono packages, breaking pkg installs

Jo Shields directhex at apebox.org
Mon Nov 9 20:48:01 UTC 2015 

Package: dh-strip-nondeterminism
Version: 0.013-1
Severity: important

Dear Maintainer,

dh_strip_nondeterminism is now called by default in "dh $@" style debhelper
packages.

Unfortunately, the default behaviour will strip crypto signing from libraries,
which is required for them to be installed in a systemwide location - as such,
this breaks installation of any library packages rebuilt since
dh_strip_nondeterminism became a default command.

I appreciate the intention of the tool, but it would be extremely useful if it
could skip files of type "PE32 executable (console) Intel 80386 Mono/.Net
assembly, for MS Windows", certainly if they contain a StrongName signature.

The issue with determinism is a short-term issue anyway - libraries built with
Mono 4.0+ (as found in Experimental) are deterministic, but this issue has set
back my efforts on that transition considerably. I now need to do fifty
sourceful uploads with "override_dh_strip_nondeterminism" stanzas added.

------------

root at marceline:/tmp# sn -k hellokey.snk
Mono StrongName - version 3.2.8.0
StrongName utility for signing assemblies
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD
licensed.

A new 1024 bits strong name keypair has been generated in file 'hellokey.snk'.
root at marceline:/tmp# cat hello.cs
public class Hello1
{
   public static void Main()
   {
      System.Console.WriteLine("Hello, World!");
   }
}
root at marceline:/tmp# mcs -keyfile:hellokey.snk hello.cs
root at marceline:/tmp# sn -v hello.exe
Mono StrongName - version 3.2.8.0
StrongName utility for signing assemblies
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD
licensed.

Assembly hello.exe is strongnamed.
root at marceline:/tmp# strip-nondeterminism hello.exe
root at marceline:/tmp# sn -v hello.exe
Mono StrongName - version 3.2.8.0
StrongName utility for signing assemblies
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD
licensed.

Assembly hello.exe is delay-signed but not strongnamed



-- System Information:
Debian Release: jessie/sid
  APT prefers wily-updates
  APT policy: (500, 'wily-updates'), (500, 'wily-security'), (500, 'wily'), (100, 'wily-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-16-generic (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

More information about the Reproducible-builds mailing list