Bug#977177: mm-common: reproducible builds: Generated tarball includes user, group and file mode

[Vagrant Cascadian]

Source: mm-common
Severity: normal
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: username
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

The generated tarball /usr/share/doc/mm-common/skeletonmm.tar.xz
includes user, uid, group, gid and file mode information that may
vary depending on the build environment:

  https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/mm-common.html

  1 -rw-r--r--···0·pbuilder1··(1111)·pbuilder1··(1111)·······60·2020-09-25·11:54:04.045053·skeletonmm/.gitignore
  1 -rw-rw-r--···0·pbuilder2··(2222)·pbuilder2··(2222)·······60·2020-09-25·11:54:04.045053·skeletonmm/.gitignore


The attached patch fixes this by setting these values consistently
between builds in the python code used to generate the tarball.

If anyone has a better handle on python's tarfile mode handling code, it
might be worth taking a closer look. I'm not entirely sure how the file
modes work in this code (they don't appear to use modes similar to those
used by umask, chmod or python's file functions)... but after some trial
and error and print debugging this seems to work to reproducibly produce
the tarball in mm-common without loosing the execute bit on the one file
that has it.


Thanks for maintaining mm-common!


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Set-uid-username-gid-group-name-and-mode-on-files-in.patch
Type: text/x-diff
Size: 1711 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20201211/c2a92b47/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20201211/c2a92b47/attachment.sig>