Bug#977177: mm-common: reproducible builds: Generated tarball includes user, group and file mode

Vagrant Cascadian vagrant at reproducible-builds.org
Tue Dec 5 23:47:33 GMT 2023 

On 2023-11-29, Vagrant Cascadian wrote:
> On 2020-12-12, Simon McVittie wrote:
>> On Fri, 11 Dec 2020 at 20:45:09 -0800, Vagrant Cascadian wrote:
> With the patch, I managed to produce a bit-for-bit identical
> skeletonmm.tar.xz with the patch applied, both in a test environment
> where the umask was varied, and with a fairly "normal" umask which was
> bit-for-bit identical to the skeletonmm.tar.xz in the mm-common package
> in the Debian archive. So it should not cause regressions!
>
> With this patch applied, mm-common should become reproducible on
> tests.reproducible-builds.org infrastructure!
>
> Would an upload including this patch be considered soon, or would the
> maintainers be open to an NMU in the near future?

Uploaded to DELAYED/10 using dgit, debdiff follows:

diff -Nru mm-common-1.0.5/debian/changelog mm-common-1.0.5/debian/changelog
--- mm-common-1.0.5/debian/changelog	2022-12-15 12:25:29.000000000 -0800
+++ mm-common-1.0.5/debian/changelog	2023-12-05 15:03:37.000000000 -0800
@@ -1,3 +1,14 @@
+mm-common (1.0.5-1.1) unstable; urgency=medium
+
+  [ Vagrant Cascadian ]
+  * Non-maintainer upload.
+
+  [ Simon McVittie ]
+  * util/meson_aux/skeletonmm-tarball.py: Use consistent mode on files in
+    the generated tarball. (Closes: #977177)
+
+ -- Vagrant Cascadian <vagrant at debian.org>  Tue, 05 Dec 2023 15:03:37 -0800
+
 mm-common (1.0.5-1) unstable; urgency=medium
 
   [ Jeremy Bicha ]
diff -Nru mm-common-1.0.5/debian/patches/series mm-common-1.0.5/debian/patches/series
--- mm-common-1.0.5/debian/patches/series	2022-12-15 12:25:29.000000000 -0800
+++ mm-common-1.0.5/debian/patches/series	2023-12-05 15:03:37.000000000 -0800
@@ -0,0 +1 @@
+utilmeson_auxskeletonmm-tarball.py-use-c.patch
diff -Nru mm-common-1.0.5/debian/patches/utilmeson_auxskeletonmm-tarball.py-use-c.patch mm-common-1.0.5/debian/patches/utilmeson_auxskeletonmm-tarball.py-use-c.patch
--- mm-common-1.0.5/debian/patches/utilmeson_auxskeletonmm-tarball.py-use-c.patch	1969-12-31 16:00:00.000000000 -0800
+++ mm-common-1.0.5/debian/patches/utilmeson_auxskeletonmm-tarball.py-use-c.patch	2023-12-05 15:03:37.000000000 -0800
@@ -0,0 +1,34 @@
+From: Simon McVittie <smcv at debian.org>
+Date: Tue, 28 Nov 2023 16:57:13 -0800
+X-Dgit-Generated: 1.0.5-1.1 77d8a907867d87eb56f57cfd5d3226aba19355d8
+Subject: util/meson_aux/skeletonmm-tarball.py: Use consistent mode on files in
+
+the generated tarball. (Closes: #977177)
+
+Signed-off-by: Vagrant Cascadian <vagrant at reproducible-builds.org>
+
+---
+
+diff --git a/util/meson_aux/skeletonmm-tarball.py b/util/meson_aux/skeletonmm-tarball.py
+index 138184c..a87590e 100755
+--- a/util/meson_aux/skeletonmm-tarball.py
++++ b/util/meson_aux/skeletonmm-tarball.py
+@@ -10,6 +10,7 @@ import os
+ import sys
+ import shutil
+ import tarfile
++import stat
+ 
+ if sys.argv[1] == 'check':
+   # Called from run_command() during setup or configuration.
+@@ -42,6 +43,10 @@ else:
+ def reset(tarinfo):
+     tarinfo.uid = tarinfo.gid = 0
+     tarinfo.uname = tarinfo.gname = "root"
++    if tarinfo.isdir() or (tarinfo.mode & 0o111) != 0:
++        tarinfo.mode = stat.S_IFMT(tarinfo.mode) | 0o755
++    else:
++        tarinfo.mode = stat.S_IFMT(tarinfo.mode) | 0o644
+     return tarinfo
+ 
+ 


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20231205/72d7aefe/attachment.sig>

More information about the pkg-gnome-maintainers mailing list