Bug#1041840: ruby-babosa: please make the build reproducible

Chris Lamb lamby at debian.org
Mon Jul 24 09:08:23 BST 2023 

Source: ruby-babosa
Version: 2.0.0-1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
ruby-babosa could not be built reproducibly.

This is because the rendered .gemspec file expands the unreproducible
__dir__ variable to be included in a "cert_chain" attribute. However,
this is not needed in the package, and is probably only needed if you
are making releases of the package (like the 'signing_key') attribute.

A patch is attached that moves the assignment of cert_chain to match
the conditional of signing_key, thereby excluding it from the
binary package and thus making the package reproducible.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
--- a/debian/patches/reproducible-build.patch	1970-01-01 01:00:00.000000000 +0100
--- b/debian/patches/reproducible-build.patch	2023-07-24 09:03:51.786257737 +0100
@@ -0,0 +1,16 @@
+Description: Make the build reproducible
+Author: Chris Lamb <lamby at debian.org>
+Last-Update: 2023-07-24
+
+--- ruby-babosa-2.0.0.orig/babosa.gemspec
++++ ruby-babosa-2.0.0/babosa.gemspec
+@@ -26,8 +26,8 @@ Gem::Specification.new do |s|
+   s.add_development_dependency "rubocop", ">= 0.93.0"
+   s.add_development_dependency "simplecov"
+ 
+-  s.cert_chain = [File.expand_path("certs/parndt.pem", __dir__)]
+   if $PROGRAM_NAME.end_with?("gem") && ARGV.include?("build") && ARGV.include?(__FILE__)
++    s.cert_chain = [File.expand_path("certs/parndt.pem", __dir__)]
+     s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem")
+   end
+ end
--- a/debian/patches/series	2023-07-24 08:59:47.532270584 +0100
--- b/debian/patches/series	2023-07-24 09:03:50.114246613 +0100
@@ -1 +1,2 @@
 remove-bundler.patch
+reproducible-build.patch

More information about the Reproducible-bugs mailing list