[Reproducible-builds] [buildd-tools-devel] Bug#825991: sbuild: /etc/sbuild/sbuild.conf leaks the user home path

Johannes Schauer josch at debian.org
Wed Jun 1 09:08:27 UTC 2016


Quoting Aurelien Jarno (2016-06-01 09:53:37)
> The default sbuild.conf shipped with the sbuild package is generated
> using the "sbuild-dumpconfig sbuild config" command. This causes the
> stats_dir entry to contain the home path of the user who has build the
> package:
> | # Type: STRING
> | # Directory for writing build statistics to
> | # See also related command line options in sbuild(1):
> | #   --stats-dir
> | #$stats_dir = '/home/aurel32/stats';
> Fortunately as sbuild is usually built on the build daemons,
> /home/buildd/stats is used, which makes more sense.

Indeed, looking at the code, the default is set to $HOME/stats so your
observation makes sense.

Though I am surprised that the reproducible builds machinery didn't catch this
at all. It seems that sbuild is still marked as reproducible:


Is there something wrong with how $HOME is set in the reproducible builds


cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160601/3f3f8986/attachment.sig>

More information about the Reproducible-builds mailing list