Bug#931039: debhelper: something in the dh sequencer changes the tIME chunk of installed PNGs

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#931039: debhelper: something in the dh sequencer changes the tIME chunk of installed PNGs

Thorsten Glaser
Package: debhelper
Severity: normal

While comparing builds of musescore -6 and -7 I found unexpected
changes in the PNG files that are installed, they change the tIME
chunk to, apparently, the changelog time:

--- home/tg/Misc/Vendor/musescore/share/wallpaper/paper1.sng
+++ paper1.sng
@@ -6,13 +6,13 @@ IHDR {
 bKGD {red: 255;  green: 255;  blue: 255;}
 pHYs {xpixels: 3779; ypixels: 3779; per: meter;}  # (96 dpi)
 tIME {
-    # 10 Nov 2001 20:43:56 GMT
-    year:   2001
-    month:  11
-    day:    10
-    hour:   20
-    minute: 43
-    second: 56
+    # 24 Jun 2019 16:07:46 GMT
+    year:   2019
+    month:  6
+    day:    24
+    hour:   16
+    minute: 7
+    second: 46
 }
 IMAGE {
     pixels hex

While I’m sure the reproducible builds people appreciate
limiting the mtime, raising it is not done otherwise.

This also has potential to break applications (e.g. that
rely, in tests or otherwise, on the files).

-- System Information:
Debian Release: 10.0
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages debhelper depends on:
pn  autotools-dev            <none>
pn  dh-autoreconf            <none>
pn  dh-strip-nondeterminism  <none>
ii  dpkg                     1.19.7
pn  dpkg-dev                 <none>
pn  dwz                      <none>
ii  file                     1:5.35-4
pn  libdpkg-perl             <none>
ii  man-db                   2.8.5-2
ii  perl                     5.28.1-6
pn  po-debconf               <none>

debhelper recommends no packages.

Versions of packages debhelper suggests:
pn  dh-make  <none>
Reply | Threaded
Open this post in threaded view
|

Bug#931039: debhelper: something in the dh sequencer changes the tIME chunk of installed PNGs

Niels Thykier
Control: reassign -1 dh-strip-nondeterminism

Thorsten Glaser:
> Package: debhelper
> Severity: normal
>

Hi,

The tool you describe is dh_strip-nondeterminism and I have reassigned
the bug accordingly.

> While comparing builds of musescore -6 and -7 I found unexpected
> changes in the PNG files that are installed, they change the tIME
> chunk to, apparently, the changelog time:
>
> --- home/tg/Misc/Vendor/musescore/share/wallpaper/paper1.sng
> +++ paper1.sng
> @@ -6,13 +6,13 @@ IHDR {
>  bKGD {red: 255;  green: 255;  blue: 255;}
>  pHYs {xpixels: 3779; ypixels: 3779; per: meter;}  # (96 dpi)
>  tIME {
> -    # 10 Nov 2001 20:43:56 GMT
> -    year:   2001
> -    month:  11
> -    day:    10
> -    hour:   20
> -    minute: 43
> -    second: 56
> +    # 24 Jun 2019 16:07:46 GMT
> +    year:   2019
> +    month:  6
> +    day:    24
> +    hour:   16
> +    minute: 7
> +    second: 46
>  }
>  IMAGE {
>      pixels hex
>
> While I’m sure the reproducible builds people appreciate
> limiting the mtime, raising it is not done otherwise.
>
> This also has potential to break applications (e.g. that
> rely, in tests or otherwise, on the files).
>
> [...]


Thanks,
~Niels

Reply | Threaded
Open this post in threaded view
|

Bug#931039: dh-strip-nondeterminism: Does not appear to clamp timestamps in PNG files (was: "Re: debhelper: something in the dh sequencer changes the tIME chunk of installed PNGs")

Chris Lamb -2
In reply to this post by Thorsten Glaser
retitle 931039 dh-strip-nondeterminism: Does not appear to clamp timestamps in PNG files
thanks

Hi,

> While I’m sure the reproducible builds people appreciate
> limiting the mtime, raising it is not done otherwise.

Yes, it is curious why strip-nondeterminism is not "clamping" the
timestamps here, in other words only changing them to the changelog
date if they are newer than this time.

(Just as an aside, how come the tests fail? Are they looking
specifically for these timestamps or is it just that the files have
been changed at all?)


Best wishes,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [hidden email] / chris-lamb.co.uk
       `-

Reply | Threaded
Open this post in threaded view
|

Bug#931039: dh-strip-nondeterminism: Does not appear to clamp timestamps in PNG files

Chris Lamb -2
In reply to this post by Thorsten Glaser
forwarded 931039 https://salsa.debian.org/reproducible-builds/strip-nondeterminism/issues/7
thanks

I've forwarded this upstream here:

  https://salsa.debian.org/reproducible-builds/strip-nondeterminism/issues/7


Regards,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [hidden email] / chris-lamb.co.uk
       `-

Reply | Threaded
Open this post in threaded view
|

Bug#931039: dh-strip-nondeterminism: Does not appear to clamp timestamps in PNG files (was: "Re: debhelper: something in the dh sequencer changes the tIME chunk of installed PNGs")

Thorsten Glaser
In reply to this post by Chris Lamb -2
Hi Chris,

>I've forwarded this upstream here:

thanks! I did not want to get too deep into yak shaving in the
dark hours of the night as I had something to do with a deadline,
so I’ve only seen that something in dh did it.

>(Just as an aside, how come the tests fail? Are they looking

No, I just said this might make tests in packages fail, or
something worse, like embedding PNGs into output of programs
causing them to not be reproducible any more.

I just found them by diffing the two MuseScore builds.

bye,
//mirabilos
--
15:41⎜<Lo-lan-do:#fusionforge> Somebody write a testsuite for helloworld :-)

Reply | Threaded
Open this post in threaded view
|

Bug#931039: dh-strip-nondeterminism: Does not appear to clamp timestamps in PNG files (was: "Re: debhelper: something in the dh sequencer changes the tIME chunk of installed PNGs")

Chris Lamb -2
Hi Thorsten,

> thanks! I did not want to get too deep into yak shaving in the
> dark hours of the night

Absolutely nothing to apologise for. It's far better the report exists
rather than it falling between the cracks and not being reported, even
if it requires a quick 'n' easy reassign (thanks Niels).

> >(Just as an aside, how come the tests fail? Are they looking
>
> No, I just said this might make tests in packages fail, or
> something worse, like embedding PNGs into output of programs
> causing them to not be reproducible any more.

I can see how it may make tests fail if they were naively comparing
checksums or similar, but I'm not sure how this could make a package
not reproducible. As in, we would surely just be moving from one set
timestamp (the "original") to another timestamp (taken from the
changelog in this particular case), both of which are fixed between
builds of the same version.


Best wishes,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [hidden email] 🍥 chris-lamb.co.uk
       `-

Reply | Threaded
Open this post in threaded view
|

Bug#931039: dh-strip-nondeterminism: Does not appear to clamp timestamps in PNG files

Thorsten Glaser
Hi Chris,

>I can see how it may make tests fail if they were naively comparing
>checksums or similar, but I'm not sure how this could make a package
>not reproducible.

Consider package A, contains PNGs, and package B, embeds the PNGs
from package A into its output (B can be identical to A). Then
consider package C which runs B at build time ⇒ C is not reproducible.

But yes, that’s esoterical. Anyway, I’m glad the issue ended up at
the right package in the meantime, thanks everyone!

bye,
//mirabilos
--
<igli> exceptions: a truly awful implementation of quite a nice idea.
<igli> just about the worst way you could do something like that, afaic.
<igli> it's like anti-design.  <mirabilos> that too… may I quote you on that?
<igli> sure, tho i doubt anyone will listen ;)

Reply | Threaded
Open this post in threaded view
|

Bug#931039: dh-strip-nondeterminism: Does not appear to clamp timestamps in PNG files

Chris Lamb -2
In reply to this post by Thorsten Glaser
tags 931039 + fixed-upstream
thanks

Hi,

I just fixed this in the upstream Git repository:

  https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/849f8516fc6e3b6da86290d4dd08d3dd2ddbd04c

However, I will now likely wait until the release of "buster" before
uploading to unstable/experimental.


Regards,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [hidden email] / chris-lamb.co.uk
       `-