[Reproducible-builds] Bug#787980: dpkg: please normalize file permissions when creating control.tar

Jérémy Bobbio lunar at debian.org
Sun Jun 7 10:25:19 UTC 2015


Package: dpkg
Version: 1.18.1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: umask toolchain

Hi!

As part of the “reproducible builds” effort, we are curretly trying
to have Debian package build identically despite being built under
different umasks.

dpkg creates the control.tar member of .deb files using GNU Tar. It will
thus pick up the permissions of the files on the filesystem. For the
specific case of control files, there is a very limited set of
acceptable permissions. It seems desirable to enforce this by
normalizing the recorded permissions by giving the
`--mode=go=rX,u+rw,a-s` option to tar.

The attached patch is based on the available master branch. The change
is also part of the `pu/reproducible_builds` branch available at:
https://anonscm.debian.org/cgit/reproducible/dpkg.git/

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150607/ad18568f/attachment.sig>


More information about the Reproducible-builds mailing list