[Pkg-shadow-devel] Bug#917773: shadow: doesn't respect SOURCE_DATE_EPOCH
Johannes 'josch' Schauer
josch at debian.org
Sun Dec 30 00:58:46 GMT 2018
Source: shadow
Severity: normal
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps
Hi,
the /etc/shadow as created by debootstrap does not respect the
SOURCE_DATE_EPOCH environment variable anymore. This bug was formerly
fixed in #857803. Steps to reproduce:
$ sudo SOURCE_DATE_EPOCH=0 debootstrap --variant=minbase unstable debian-unstable
$ sudo cat debian-unstable/etc/shadow
root:*:17895:0:99999:7:::
daemon:*:17895:0:99999:7:::
bin:*:17895:0:99999:7:::
sys:*:17895:0:99999:7:::
sync:*:17895:0:99999:7:::
games:*:17895:0:99999:7:::
man:*:17895:0:99999:7:::
lp:*:17895:0:99999:7:::
mail:*:17895:0:99999:7:::
news:*:17895:0:99999:7:::
uucp:*:17895:0:99999:7:::
proxy:*:17895:0:99999:7:::
www-data:*:17895:0:99999:7:::
backup:*:17895:0:99999:7:::
list:*:17895:0:99999:7:::
irc:*:17895:0:99999:7:::
gnats:*:17895:0:99999:7:::
nobody:*:17895:0:99999:7:::
_apt:*::0:99999:7:::
So some parts of shadow respect SOURCE_DATE_EPOCH (the user _apt is
created with a lastchange field of zero) but other parts do not (the
remaining users).
Unfortunately I don't have time to debug this problem right now but my
hunch is, that the culprit is a line like this:
https://sources.debian.org/src/shadow/1:4.5-1.1/src/pwconv.c/?hl=268#L268
Instead, spent.sp_lstchg should be set to the return value of the
gettime() function.
Thanks!
cheers, josch
More information about the Pkg-shadow-devel
mailing list