Bug#1123603: authselect: please make the build reproducible

[Chris Lamb]

Source: authselect
Version: 1.6.2-1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: filesystem
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
authselect could not be built reproducibly.

This is because the build process generated a nondetermistic "checksum" 
file that was then shipped with the binary package. This file varied
on the filesystem order, as well as the absolute build path.

Patch attached that fixes both of these problems, but it may be simpler
to simply not ship this file if it is not needed at runtime — in
Debian, there are other ways of reasoning about the integrity and
provenance of the source files.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
--- a/debian/patches/0001_reproducible-build.patch	1969-12-31 16:00:00.000000000 -0800
--- b/debian/patches/0001_reproducible-build.patch	2025-12-18 10:42:34.835490267 -0800
@@ -0,0 +1,15 @@
+Description: Make the build reproducible
+Author: Chris Lamb <lamby at debian.org>
+Last-Update: 2025-12-18
+
+--- authselect-1.6.2.orig/profiles/Makefile.am
++++ authselect-1.6.2/profiles/Makefile.am
+@@ -66,6 +66,6 @@ dist_profile_DATA = $(top_srcdir)/profil
+     $(NULL)
+ 
+ install-data-hook:
+-	$(FIND) "$(DESTDIR)$(authselect_profile_dir)" -mindepth 2 -type f \
+-	-printf "%P\n" -exec $(SHA256SUM) {} + | $(SHA256SUM) \
++	cd "$(DESTDIR)$(authselect_profile_dir)"; $(FIND) -mindepth 2 -type f \
++	-exec $(SHA256SUM) {} + | LC_ALL=C sort | $(SHA256SUM) \
+ 	> "$(DESTDIR)$(authselect_profile_dir)/checksum"
--- a/debian/patches/series	1969-12-31 16:00:00.000000000 -0800
--- b/debian/patches/series	2025-12-18 10:33:38.175867795 -0800
@@ -0,0 +1 @@
+0001_reproducible-build.patch