Bug#908991: diffoscope: diffs hex dump of ASCII-armoured OpenPGP upstream signature files instead of plain text
Paul Wise
pabs at debian.org
Mon Sep 17 07:21:36 BST 2018
Package: diffoscope
Version: 101
Severity: normal
diffoscope currently diffs a hex dump of ASCII-armoured OpenPGP
upstream signature files instead of comparing the plain text.
The ASCII-armoured OpenPGP signature files are plain text containing
base64-encoded signatures so it makes more sense to diff the plain text
than a hex dump of the plain text.
For example:
$ dget -dq https://snapshot.debian.org/archive/debian/20161231T091558Z/pool/main/g/gtranscribe/gtranscribe_0.7.1-1.dsc
$ dget -dq https://snapshot.debian.org/archive/debian/20161206T091948Z/pool/main/g/gtranscribe/gtranscribe_0.6-1.dsc
$ diffoscope gtranscribe_0.6-1.dsc gtranscribe_0.7.1-1.dsc
...
│ --- gtranscribe_0.6.orig.tar.gz.asc
├── +++ gtranscribe_0.7.1.orig.tar.gz.asc
│ @@ -1,53 +1,53 @@
│ 00000000: 2d2d 2d2d 2d42 4547 494e 2050 4750 2053 -----BEGIN PGP S
│ 00000010: 4947 4e41 5455 5245 2d2d 2d2d 2d0a 0a69 IGNATURE-----..i
│ 00000020: 5149 7a42 4141 4243 6741 6446 6945 454b QIzBAABCgAdFiEEK
│ 00000030: 396a 5534 3565 5658 3364 4732 7a75 4a72 9jU45eVX3dG2zuJr
│ -00000040: 576b 576c 6e4f 546d 4373 4641 6c68 4556 WkWlnOTmCsFAlhEV
│ -00000050: 6e49 4143 676b 5172 576b 576c 6e4f 540a nIACgkQrWkWlnOT.
│ -00000060: 6d43 765a 6577 2f2b 4e7a 3434 3034 4e74 mCvZew/+Nz4404Nt
│ -00000070: 6458 4253 584b 394a 6668 4c43 386e 787a dXBSXK9JfhLC8nxz
│ -00000080: 7754 4c51 4246 5778 5438 4653 774f 5054 wTLQBFWxT8FSwOPT
│ -00000090: 4879 5335 5934 306f 5763 497a 7544 316a HyS5Y40oWcIzuD1j
│ -000000a0: 0a7a 4763 714e 6747 7947 5044 4a5a 3134 .zGcqNgGyGPDJZ14
│ -000000b0: 6262 6536 716d 6f49 4166 3657 2b4b 4d5a bbe6qmoIAf6W+KMZ
│ -000000c0: 4230 5044 6c32 4337 6853 6951 522b 7975 B0PDl2C7hSiQR+yu
│ -000000d0: 4b36 396d 4530 5858 564f 4e50 4835 5538 K69mE0XXVONPH5U8
│ -000000e0: 480a 2f74 7677 5a2f 7242 764f 5370 3371 H./tvwZ/rBvOSp3q
│ -000000f0: 4930 6942 5877 4450 4445 4d48 7a67 2f72 I0iBXwDPDEMHzg/r
│ -00000100: 3572 6c54 6732 442b 5976 7255 3236 6b49 5rlTg2D+YvrU26kI
│ -00000110: 794b 6c68 7734 3063 7050 4f43 3730 6754 yKlhw40cpPOC70gT
│ -00000120: 4170 0a6c 6c45 2b51 4a4b 6a44 4359 6933 Ap.llE+QJKjDCYi3
│ -00000130: 3957 4438 5a67 4c56 4a2f 7853 646b 4630 9WD8ZgLVJ/xSdkF0
│ -00000140: 3549 4330 7142 6872 4346 6563 6370 5370 5IC0qBhrCFeccpSp
│ -00000150: 7372 4f70 4d62 5247 5262 2f68 3564 6c6d srOpMbRGRb/h5dlm
│ -00000160: 534e 620a 6b72 7148 2f30 4e77 7133 7546 SNb.krqH/0Nwq3uF
│ -00000170: 4d69 7768 5438 5759 3064 474b 384e 5453 MiwhT8WY0dGK8NTS
│ -00000180: 7356 4578 6377 3475 3235 5450 6565 7956 sVExcw4u25TPeeyV
│ -00000190: 6834 377a 4f34 2f75 7247 6d4d 3762 582f h47zO4/urGmM7bX/
│ -000001a0: 5844 6850 0a44 4c6f 6834 4570 4e54 327a XDhP.DLoh4EpNT2z
│ -000001b0: 3941 456e 6862 4867 766b 4579 5268 4d56 9AEnhbHgvkEyRhMV
│ -000001c0: 756a 326f 4d62 3677 364a 4e6a 6638 6659 uj2oMb6w6JNjf8fY
│ -000001d0: 6741 5772 652b 6552 5557 6a63 6246 7733 gAWre+eRUWjcbFw3
│ -000001e0: 5579 6130 390a 652f 4645 702b 5276 4642 Uya09.e/FEp+RvFB
│ -000001f0: 6877 457a 6b45 3959 6b65 504c 3464 347a hwEzkE9YkePL4d4z
│ -00000200: 5543 566a 776c 346a 7675 5438 474a 6b4e UCVjwl4jvuT8GJkN
│ -00000210: 4173 4d34 584a 5537 4d57 6b65 5963 622f AsM4XJU7MWkeYcb/
│ -00000220: 7a5a 7a2f 6570 0a72 7767 6d36 4454 3146 zZz/ep.rwgm6DT1F
│ -00000230: 496c 7756 5654 7256 5950 2b51 636d 7935 IlwVVTrVYP+Qcmy5
│ -00000240: 446c 3870 746e 3972 7667 6135 7759 4e6b Dl8ptn9rvga5wYNk
│ -00000250: 6977 4249 566a 5146 5a76 4d6a 6364 4d44 iwBIVjQFZvMjcdMD
│ -00000260: 6a65 7551 4937 730a 4871 4e4f 4978 5348 jeuQI7s.HqNOIxSH
│ -00000270: 356a 5770 5478 7439 6b73 6932 6d4f 7177 5jWpTxt9ksi2mOqw
│ -00000280: 6f6b 2f76 5359 6d35 697a 4e78 5378 5565 ok/vSYm5izNxSxUe
│ -00000290: 4d44 5251 4a49 6154 7459 4347 4477 6c37 MDRQJIaTtYCGDwl7
│ -000002a0: 7563 6156 774b 5235 0a2b 6756 4f35 6367 ucaVwKR5.+gVO5cg
│ -000002b0: 7542 6866 686a 2f44 6e4f 5078 4551 614b uBhfhj/DnOPxEQaK
│ -000002c0: 6742 4f65 7430 6966 4f4d 314e 5a51 3459 gBOet0ifOM1NZQ4Y
│ -000002d0: 704c 6367 5445 7a36 4a76 7132 7a4b 546d pLcgTEz6Jvq2zKTm
│ -000002e0: 3139 3068 7945 6f4b 690a 7951 6849 6a4e 190hyEoKi.yQhIjN
│ -000002f0: 5834 6d6a 792f 516b 7931 7639 4955 6a5a X4mjy/Qky1v9IUjZ
│ -00000300: 5973 3879 6b38 4141 5274 2f63 6279 3831 Ys8yk8AARt/cby81
│ -00000310: 7166 3775 314d 6a77 6849 3457 413d 0a3d qf7u1MjwhI4WA=.=
│ -00000320: 5157 3471 0a2d 2d2d 2d2d 454e 4420 5047 QW4q.-----END PG
│ +00000040: 576b 576c 6e4f 546d 4373 4641 6c68 6d68 WkWlnOTmCsFAlhmh
│ +00000050: 4130 4143 676b 5172 576b 576c 6e4f 540a A0ACgkQrWkWlnOT.
│ +00000060: 6d43 755a 6668 4141 6a41 6b6d 4151 3056 mCuZfhAAjAkmAQ0V
│ +00000070: 6877 654f 4d38 4446 4950 5366 4b64 5043 hweOM8DFIPSfKdPC
│ +00000080: 3637 5a2f 7477 6235 3468 6652 365a 5143 67Z/twb54hfR6ZQC
│ +00000090: 5a6b 3941 4e4b 344d 5750 6776 5178 7733 Zk9ANK4MWPgvQxw3
│ +000000a0: 0a67 4469 3064 4766 6b41 654d 6671 5a4d .gDi0dGfkAeMfqZM
│ +000000b0: 7072 5246 3366 7264 7362 656b 4153 4c33 prRF3frdsbekASL3
│ +000000c0: 6c33 6246 7078 3274 7463 725a 5535 6a72 l3bFpx2ttcrZU5jr
│ +000000d0: 5335 4e66 334e 5330 7535 5876 4764 796c S5Nf3NS0u5XvGdyl
│ +000000e0: 320a 6f31 362f 2b41 4154 762f 2f51 4e62 2.o16/+AATv//QNb
│ +000000f0: 4256 6d63 7257 6662 7068 7372 2b38 4d39 BVmcrWfbphsr+8M9
│ +00000100: 4664 4c4c 7652 6e39 6c32 3170 374c 6472 FdLLvRn9l21p7Ldr
│ +00000110: 6338 4534 3946 326d 726a 7236 6c57 6a39 c8E49F2mrjr6lWj9
│ +00000120: 516e 0a61 734f 4b38 676b 6b46 7332 7878 Qn.asOK8gkkFs2xx
│ +00000130: 4a49 3339 5061 4771 5875 324f 6b5a 6d64 JI39PaGqXu2OkZmd
│ +00000140: 4658 6c5a 7571 7147 5269 5378 4970 4c58 FXlZuqqGRiSxIpLX
│ +00000150: 4e62 6a53 7330 7466 6538 704f 6557 7a77 NbjSs0tfe8pOeWzw
│ +00000160: 4e6c 4b0a 3373 3175 6863 4143 7264 506d NlK.3s1uhcACrdPm
│ +00000170: 6f6c 6655 754e 7065 6844 4b74 3946 6464 olfUuNpehDKt9Fdd
│ +00000180: 6d53 3074 7663 6b30 4756 4a79 6a44 312b mS0tvck0GVJyjD1+
│ +00000190: 5673 3165 6d45 4974 3161 4371 3163 676e Vs1emEIt1aCq1cgn
│ +000001a0: 6f6d 6354 0a75 7536 672b 7733 784c 6e54 omcT.uu6g+w3xLnT
│ +000001b0: 714e 3255 4952 494d 624e 7275 6e6a 4c66 qN2UIRIMbNrunjLf
│ +000001c0: 6a7a 6d44 2f52 5474 6477 3835 336e 3065 jzmD/RTtdw853n0e
│ +000001d0: 324c 6467 5a31 4573 6836 655a 4d79 4358 2LdgZ1Esh6eZMyCX
│ +000001e0: 4d73 2f6c 760a 4656 755a 754a 6d35 5455 Ms/lv.FVuZuJm5TU
│ +000001f0: 6c31 5a2b 5942 4674 595a 5336 6b43 5950 l1Z+YBFtYZS6kCYP
│ +00000200: 5362 5858 5349 4c4b 6549 6e41 7469 6764 SbXXSILKeInAtigd
│ +00000210: 4a4a 2f64 6a4b 5933 626b 5630 4839 4630 JJ/djKY3bkV0H9F0
│ +00000220: 7856 7762 6157 0a4e 2f6d 5367 666a 3765 xVwbaW.N/mSgfj7e
│ +00000230: 3562 624b 546a 6a58 3938 2b67 7134 4d36 5bbKTjjX98+gq4M6
│ +00000240: 5152 4c34 4670 3959 5172 694c 5647 2f65 QRL4Fp9YQriLVG/e
│ +00000250: 3045 524a 506a 3471 6974 5652 5441 6358 0ERJPj4qitVRTAcX
│ +00000260: 7a65 585a 6730 540a 6f79 7879 4774 416a zeXZg0T.oyxyGtAj
│ +00000270: 5733 7178 617a 5664 546a 2b52 5755 6146 W3qxazVdTj+RWUaF
│ +00000280: 5173 6757 6332 6a51 3946 314e 2b72 6e75 QsgWc2jQ9F1N+rnu
│ +00000290: 4e5a 3964 6262 3455 3958 377a 6a64 5730 NZ9dbb4U9X7zjdW0
│ +000002a0: 592b 5757 494b 5a6b 0a63 6932 5943 3039 Y+WWIKZk.ci2YC09
│ +000002b0: 6e6c 3379 4d67 755a 6474 6655 6944 5553 nl3yMguZdtfUiDUS
│ +000002c0: 352f 4c78 6158 626e 4938 416f 3045 6270 5/LxaXbnI8Ao0Ebp
│ +000002d0: 6743 6279 7876 5452 4455 3043 6d43 632f gCbyxvTRDU0CmCc/
│ +000002e0: 675a 2b36 3634 775a 390a 5977 6b55 4b42 gZ+664wZ9.YwkUKB
│ +000002f0: 3447 6630 7733 4a6c 7833 7765 344d 7979 4Gf0w3Jlx3we4Myy
│ +00000300: 6f32 7352 435a 542b 3145 4542 3871 7462 o2sRCZT+1EEB8qtb
│ +00000310: 446f 652f 796c 4d46 4657 6130 413d 0a3d Doe/ylMFFWa0A=.=
│ +00000320: 4a4c 6e50 0a2d 2d2d 2d2d 454e 4420 5047 JLnP.-----END PG
│ 00000330: 5020 5349 474e 4154 5552 452d 2d2d 2d2d P SIGNATURE-----
│ 00000340: 0a .
$ diff -u gtranscribe_0.6.orig.tar.gz.asc gtranscribe_0.7.1.orig.tar.gz.asc
--- gtranscribe_0.6.orig.tar.gz.asc 2018-09-17 14:15:38.564922456 +0800
+++ gtranscribe_0.7.1.orig.tar.gz.asc 2018-09-17 14:15:47.512967751 +0800
@@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
-iQIzBAABCgAdFiEEK9jU45eVX3dG2zuJrWkWlnOTmCsFAlhEVnIACgkQrWkWlnOT
-mCvZew/+Nz4404NtdXBSXK9JfhLC8nxzwTLQBFWxT8FSwOPTHyS5Y40oWcIzuD1j
-zGcqNgGyGPDJZ14bbe6qmoIAf6W+KMZB0PDl2C7hSiQR+yuK69mE0XXVONPH5U8H
-/tvwZ/rBvOSp3qI0iBXwDPDEMHzg/r5rlTg2D+YvrU26kIyKlhw40cpPOC70gTAp
-llE+QJKjDCYi39WD8ZgLVJ/xSdkF05IC0qBhrCFeccpSpsrOpMbRGRb/h5dlmSNb
-krqH/0Nwq3uFMiwhT8WY0dGK8NTSsVExcw4u25TPeeyVh47zO4/urGmM7bX/XDhP
-DLoh4EpNT2z9AEnhbHgvkEyRhMVuj2oMb6w6JNjf8fYgAWre+eRUWjcbFw3Uya09
-e/FEp+RvFBhwEzkE9YkePL4d4zUCVjwl4jvuT8GJkNAsM4XJU7MWkeYcb/zZz/ep
-rwgm6DT1FIlwVVTrVYP+Qcmy5Dl8ptn9rvga5wYNkiwBIVjQFZvMjcdMDjeuQI7s
-HqNOIxSH5jWpTxt9ksi2mOqwok/vSYm5izNxSxUeMDRQJIaTtYCGDwl7ucaVwKR5
-+gVO5cguBhfhj/DnOPxEQaKgBOet0ifOM1NZQ4YpLcgTEz6Jvq2zKTm190hyEoKi
-yQhIjNX4mjy/Qky1v9IUjZYs8yk8AARt/cby81qf7u1MjwhI4WA=
-=QW4q
+iQIzBAABCgAdFiEEK9jU45eVX3dG2zuJrWkWlnOTmCsFAlhmhA0ACgkQrWkWlnOT
+mCuZfhAAjAkmAQ0VhweOM8DFIPSfKdPC67Z/twb54hfR6ZQCZk9ANK4MWPgvQxw3
+gDi0dGfkAeMfqZMprRF3frdsbekASL3l3bFpx2ttcrZU5jrS5Nf3NS0u5XvGdyl2
+o16/+AATv//QNbBVmcrWfbphsr+8M9FdLLvRn9l21p7Ldrc8E49F2mrjr6lWj9Qn
+asOK8gkkFs2xxJI39PaGqXu2OkZmdFXlZuqqGRiSxIpLXNbjSs0tfe8pOeWzwNlK
+3s1uhcACrdPmolfUuNpehDKt9FddmS0tvck0GVJyjD1+Vs1emEIt1aCq1cgnomcT
+uu6g+w3xLnTqN2UIRIMbNrunjLfjzmD/RTtdw853n0e2LdgZ1Esh6eZMyCXMs/lv
+FVuZuJm5TUl1Z+YBFtYZS6kCYPSbXXSILKeInAtigdJJ/djKY3bkV0H9F0xVwbaW
+N/mSgfj7e5bbKTjjX98+gq4M6QRL4Fp9YQriLVG/e0ERJPj4qitVRTAcXzeXZg0T
+oyxyGtAjW3qxazVdTj+RWUaFQsgWc2jQ9F1N+rnuNZ9dbb4U9X7zjdW0Y+WWIKZk
+ci2YC09nl3yMguZdtfUiDUS5/LxaXbnI8Ao0EbpgCbyxvTRDU0CmCc/gZ+664wZ9
+YwkUKB4Gf0w3Jlx3we4Myyo2sRCZT+1EEB8qtbDoe/ylMFFWa0A=
+=JLnP
-----END PGP SIGNATURE-----
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages diffoscope depends on:
ii libpython3.6-stdlib 3.6.6-1
ii python3 3.6.5-3
ii python3-distro 1.3.0-1
ii python3-distutils 3.6.6-1
ii python3-libarchive-c 2.1-3.1
ii python3-magic 2:0.4.15-2
ii python3-pkg-resources 40.2.0-1
Versions of packages diffoscope recommends:
ii abootimg 0.6-1+b2
ii acl 2.2.52-3+b1
ii apktool 2.3.3-2
ii binutils-multiarch 2.31.1-5
ii bzip2 1.0.6-9
ii caca-utils 0.99.beta19-2+b3
ii colord 1.3.3-2
ii db-util 5.3.1
ii default-jdk [java-sdk] 2:1.10-68
ii default-jdk-headless 2:1.10-68
pn device-tree-compiler <none>
pn docx2txt <none>
ii e2fsprogs 1.44.4-2
ii enjarify 1:1.0.3-4
ii fontforge-extras 0.3-4
pn fp-utils <none>
ii genisoimage 9:1.1.11-3+b2
ii gettext 0.19.8.1-7
ii ghc 8.2.2-4
ii ghostscript 9.25~dfsg-2
ii giflib-tools 5.1.4-3
ii gnumeric 1.12.41-1
ii gnupg 2.2.10-1
ii imagemagick 8:6.9.10.8+dfsg-1
ii imagemagick-6.q16 [imagemagick] 8:6.9.10.8+dfsg-1
ii jsbeautifier 1.6.4-7
pn libarchive-tools <none>
ii llvm 1:6.0-43
ii lz4 1.8.2-1
pn mono-utils <none>
pn odt2txt <none>
pn oggvideotools <none>
ii openjdk-10-jdk [java-sdk] 10.0.2+13-1
ii openssh-client 1:7.8p1-1
ii pgpdump 0.33-1
ii poppler-utils 0.63.0-2
pn procyon-decompiler <none>
ii python3-argcomplete 1.8.1-1
ii python3-binwalk 2.1.2~git20180830+dfsg1-1
ii python3-debian 0.1.33
pn python3-defusedxml <none>
pn python3-guestfs <none>
ii python3-jsondiff 1.1.1-2
ii python3-progressbar 2.3-4
ii python3-pyxattr 0.6.0-2+b2
ii python3-tlsh 3.4.4+20151206-1+b4
pn r-base-core <none>
ii rpm2cpio 4.14.1+dfsg1-4
ii sng 1.1.0-1+b1
ii sqlite3 3.24.0-1
ii squashfs-tools 1:4.3-6
ii tcpdump 4.9.2-3
ii unzip 6.0-21
ii vim-common 2:8.1.0320-1
pn xmlbeans <none>
ii xxd 2:8.1.0320-1
ii xz-utils 5.2.2-1.3
Versions of packages diffoscope suggests:
ii libjs-jquery 3.2.1-1
-- no debconf information
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20180917/5eed11ca/attachment.sig>
More information about the Reproducible-builds
mailing list