Accepting request 498991 from home:bmwiedemann:branches:security

Add reproducible.patch to sort input files to make build reproducible (boo#1041090) OBS-URL: https://build.opensuse.org/request/show/498991 OBS-URL: https://build.opensuse.org/package/show/security/libtomcrypt?expand=0&rev=10
2017-05-29 20:42:12 +00:00 · 2017-05-29 20:42:12 +00:00 · 6e3dab8ec6
commit 6e3dab8ec6
parent 689e4155c6
3 changed files with 45 additions and 0 deletions
--- a/libtomcrypt.changes
+++ b/libtomcrypt.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May 29 13:08:06 UTC 2017 - bwiedemann@suse.com
+
+- Add reproducible.patch to sort input files to make build reproducible
+  (boo#1041090)
+
 -------------------------------------------------------------------
 Fri Feb 12 22:03:58 UTC 2016 - mpluskal@suse.com

--- a/libtomcrypt.spec
+++ b/libtomcrypt.spec
@ -31,6 +31,8 @@ Source2:        %{name}.keyring
 Source3:        %{name}.changes
 # PATCH-FIX-UPSTREAM libtomcrypt-makefile.shared.patch
 Patch0:         %{name}-makefile.shared.patch
+# PATCH-FIX-UPSTREAM https://github.com/libtom/libtomcrypt/pull/222
+Patch1:         reproducible.patch
 BuildRequires:  libtool
 BuildRequires:  texlive-latex
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -84,6 +86,7 @@ This package contains example *.c files showing how to use TomCrypt library.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE3}")"
 DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
 TIME="\"$(date -d "${modified}" "+%%R")\""
--- a/reproducible.patch
+++ b/reproducible.patch
@ -0,0 +1,36 @@
+https://github.com/libtom/libtomcrypt/pull/222
+sort input files
+
+when building packages (e.g. for openSUSE Linux)
+(random) filesystem order of input files
+influences ordering of functions in the output,
+thus without the patch, builds (in disposable VMs) would differ.
+
+See https://reproducible-builds.org/ for why this matters.
+
+Index: libtomcrypt-1.17/makefile.shared
+===================================================================
+--- libtomcrypt-1.17.orig/makefile.shared
+++ libtomcrypt-1.17/makefile.shared
+@@ -249,7 +249,7 @@ testprof/$(LIBTEST):
+ objs: $(OBJECTS)
+ 
+ $(LIBNAME): $(OBJECTS) testprof/$(LIBTEST)
+-	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION)
+	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | sort | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION)
+ 
+ install: $(LIBNAME)
+ 	install -d $(DESTDIR)$(LIBPATH)
+Index: libtomcrypt-1.17/testprof/makefile.shared
+===================================================================
+--- libtomcrypt-1.17.orig/testprof/makefile.shared
+++ libtomcrypt-1.17/testprof/makefile.shared
+@@ -18,7 +18,7 @@ endif
+ default: $(LIBTEST)
+ 
+ $(LIBTEST): $(OBJECTS)
+-	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" |  xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION)
+	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | sort | xargs` -o $@ -rpath $(LIBPATH) -version-info $(VERSION)
+ 
+ install: $(LIBTEST)
+ 	libtool --silent --mode=install install -c $(LIBTEST) $(DESTDIR)$(LIBPATH)/$(LIBTEST)