Bug#1030057: refpolicy: reproducible builds: tarball embeds user/group/uid/gid of build user

[Vagrant Cascadian]

Source: refpolicy
Version: 2:2.20221101-4
Severity: normal
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: username
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

The source tarball /usr/src/selinux-policy-src.tar.zst embeds the
username, userid, groupname and groupid of the build user:

  https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/refpolicy.html

  drwxr-xr-x···0·pbuilder1··(1111)·pbuilder1··(1111)········0·2023-01-29·04:07:05.000000·selinux-policy-src/
  vs.
  drwxr-xr-x···0·pbuilder2··(2222)·pbuilder2··(2222)········0·2023-01-29·04:07:05.000000·selinux-policy-src/

The attached patch fixes this by passing arguments to tar in
debian/rules to ensure consistent user, group, uid and gid in the
generated tarball.

Historically, most versions of refpolicy did not have this issue, so
this appears to be a recent regression (possibly triggered by a switch
to "rules-requires-root: no"?):

  https://tests.reproducible-builds.org/debian/history/refpolicy.html

According to my local tests, with this patch applied refpolicy should
become reproducible on tests.reproducible-builds.org!

Thanks for maintaining refpolicy!

live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-debian-rules-Pass-arguments-to-tar-to-use-a-consiste.patch
Type: text/x-diff
Size: 1262 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-bugs/attachments/20230130/79dea3bc/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-bugs/attachments/20230130/79dea3bc/attachment.sig>