From lamby at debian.org  Mon Mar 10 10:57:25 2025
From: lamby at debian.org (Chris Lamb)
Date: Mon, 10 Mar 2025 10:57:25 +0000
Subject: Bug#1100016: hx: please make the build reproducible
Message-ID: <174160404321.64655.13215006541026349207@copycat>

Source: hx
Version: 25.01.1-4
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
hx could not be built reproducibly.

This is because the manual page embedded the current build path or
home directory of the build user:

    ./usr/share/man/man1/hx.1.gz
    @@ -33,15 +33,15 @@
     Increases logging verbosity each use for up to 3 times
     .TP
     \fB\-\-log\fR <file>
     Specifies a file to use for logging
    -(default file: /nonexistent/first\-build/.cache/helix/helix.log)
    +(default file: /nonexistent/second\-build/.cache/helix/helix.log)
     .TP

A patch is attached that makes the printed string from --help
deterministic which in turn makes the manual page deterministic. The
actual value used is still dynamic, however ? i.e. the program's
behaviour remains unchanged.

  [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-


-------------- next part --------------
diff --git helix-term/src/main.rs helix-term/src/main.rs
index 385a040..7fdf098 100644
--- helix-term/src/main.rs
+++ helix-term/src/main.rs
@@ -80,7 +80,7 @@ async fn main_impl() -> Result<i32> {
             VERSION_AND_GIT_HASH,
             env!("CARGO_PKG_AUTHORS"),
             env!("CARGO_PKG_DESCRIPTION"),
-            helix_loader::default_log_file().display(),
+            "$HOME/.cache/helix/helix.log",
         );
         std::process::exit(0);
     }

From lamby at debian.org  Mon Mar 10 11:00:40 2025
From: lamby at debian.org (Chris Lamb)
Date: Mon, 10 Mar 2025 11:00:40 +0000
Subject: Bug#1100018: yaramod: please make the build reproducible
Message-ID: <174160436373.5159.3244923356334359194@aa650b37af08>

Source: yaramod
Version: 3.21.0-1.1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: filesystem
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
yaramod could not be built reproducibly.

This is because it dynamically generated a list of modules by
iterating over the filesystem without sorting that first, thereby
inheriting the nondetermistic ordering of the underlying filesystem.

Patch attached that adds a simple sorted(...) to the os.listdir
call.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
--- a/debian/patches/0004-Reproducible-build.patch	1970-01-01 01:00:00.000000000 +0100
--- b/debian/patches/0004-Reproducible-build.patch	2025-03-10 10:43:53.802043891 +0000
@@ -0,0 +1,15 @@
+Description: Make the build reproducible
+Author: Chris Lamb <lamby at debian.org>
+Last-Update: 2025-03-10
+
+--- yaramod-3.21.0.orig/scripts/json_to_array.py
++++ yaramod-3.21.0/scripts/json_to_array.py
+@@ -56,7 +56,7 @@ def main(argv):
+ ''')
+     module_names = []
+ 
+-    for file in os.listdir(input_directory):
++    for file in sorted(os.listdir(input_directory)):
+         filename, extension = os.path.splitext(file)
+         if extension != ".json":
+             continue
--- a/debian/patches/series	2025-03-10 10:28:27.468230893 +0000
--- b/debian/patches/series	2025-03-10 10:43:52.834040543 +0000
@@ -1,3 +1,4 @@
 0001-Build-Python-module-together.patch
 0002-Build-shared-library.patch
 0003-Use-system-packages.patch
+0004-Reproducible-build.patch

From jspricke at debian.org  Mon Mar 10 18:10:31 2025
From: jspricke at debian.org (Jochen Sprickerhof)
Date: Mon, 10 Mar 2025 19:10:31 +0100
Subject: Bug#1100051: suricata: please use dpkg-query instead of apt-cache in
 d/control
Message-ID: <174163023138.110318.593278921483311576.reportbug@fenchel>

Source: suricata
Version: 1:7.0.8-1
Severity: normal
Tags: patch
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org
User: reproducible-builds at lists.alioth.debian.org
Usertags: environment

Hi,

suricata uses apt-cache in debian/control but apt is not essential nor a
biuld dependency so this does not work when apt is not installed, for
example on:

https://reproduce.debian.net/amd64/#suricata

Instead of apt-cache you can rather use dpkg-query like this:

-LIBHTP_PKG_VERSION=$(shell apt-cache policy libhtp2 | grep Installed | cut -f2- -d: | cut -c2-)
+LIBHTP_PKG_VERSION=$(shell dpkg-query -W -f '$${Version}' libhtp2)

This makes the package reproducible.

Cheers Jochen


From lamby at debian.org  Tue Mar 11 13:17:23 2025
From: lamby at debian.org (Chris Lamb)
Date: Tue, 11 Mar 2025 13:17:23 +0000
Subject: Bug#1100115: font-manager: please make the build reproducible
Message-ID: <174169897624.16166.11343966280220139430@76000eba4cef>

Source: font-manager
Version: 0.9.4-1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
font-manager could not be built reproducibly as it embedded timestamps
into some XML files. For example:

  ./usr/share/metainfo/com.github.FontManager.FontManager.metainfo.xml
   @@ -173,15 +173,15 @@
      </screenshots>
      <releases>
   -    <release version="0.9.4" date="2026-04-12">
   +    <release version="0.9.4" date="2025-03-11">
          <description translate="no">

A patch is attached that generates this value using SOURCE_DATE_EPOCH.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
--- a/debian/patches/reproducible-build.patch	1970-01-01 01:00:00.000000000 +0100
--- b/debian/patches/reproducible-build.patch	2025-03-11 13:12:08.368880432 +0000
@@ -0,0 +1,21 @@
+Description: Make the build reproducible
+Author: Chris Lamb <lamby at debian.org>
+Last-Update: 2025-03-11
+
+--- font-manager-0.9.4.orig/meson.build
++++ font-manager-0.9.4/meson.build
+@@ -73,8 +73,12 @@ pkglib_dir = join_paths(prefix, get_opti
+ pkglibexec_dir = join_paths(prefix, get_option('libexecdir'), meson.project_name())
+ 
+ datetime = '''
+-from datetime import date
+-print(date.today())
++import os
++import time
++print(time.strftime(
++    "%Y-%m-%d",
++    time.gmtime(int(os.environ.get('SOURCE_DATE_EPOCH', time.time())))
++))
+ '''
+ 
+ today = run_command(python, '-c', datetime, check: true).stdout().strip()
--- a/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
--- b/debian/patches/series	2025-03-11 13:12:07.460876951 +0000
@@ -0,0 +1 @@
+reproducible-build.patch