Bug 223781 - [exp-run] make rubygem-* ports reproducible
Summary: [exp-run] make rubygem-* ports reproducible
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Package Infrastructure (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Steve Wills
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-21 14:27 UTC by Steve Wills
Modified: 2017-12-19 02:23 UTC (History)
1 user (show)

See Also:
antoine: exp-run+


Attachments
patch to make rubygem builds reproducible (7.99 KB, patch)
2017-11-21 14:27 UTC, Steve Wills
no flags Details | Diff
second version of patch to make rubygem builds reproducible (4.84 KB, patch)
2017-11-21 19:19 UTC, Steve Wills
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Steve Wills freebsd_committer 2017-11-21 14:27:50 UTC
Created attachment 188152 [details]
patch to make rubygem builds reproducible

Please see attached patch which makes rubygem-* packages reproducible. Please run exp-run with this patch.
Comment 1 Steve Wills freebsd_committer 2017-11-21 17:25:03 UTC
Note that in order to actually build reproducibly, this patch will also have to be committed:

https://reviews.freebsd.org/D4385
Comment 2 Steve Wills freebsd_committer 2017-11-21 17:26:50 UTC
Also note these upstream bugs:

https://bugs.ruby-lang.org/issues/13628

and

https://bugs.ruby-lang.org/issues/13627

I believe the correct upstream fix would not be these patches, but instead to make it possible to note store the timestamp.
Comment 3 Steve Wills freebsd_committer 2017-11-21 19:19:05 UTC
Created attachment 188180 [details]
second version of patch to make rubygem builds reproducible

Removed patch-lib_rdoc_rdoc.rb since it's not needed.
Comment 4 Antoine Brodin freebsd_committer 2017-11-22 11:47:15 UTC
Exp-run looks fine.
Comment 5 commit-hook freebsd_committer 2017-11-22 13:27:54 UTC
A commit references this bug:

Author: swills
Date: Wed Nov 22 13:27:38 UTC 2017
New revision: 454686
URL: https://svnweb.freebsd.org/changeset/ports/454686

Log:
  lang/ruby2?: make rubygem-* ports reproducible

  PR:		223781
  exp-run by:	antoine

Changes:
  head/Mk/bsd.ruby.mk
  head/lang/ruby22/files/patch-lib_rdoc_generator_json_index.rb
  head/lang/ruby23/files/patch-lib_rdoc_generator_json_index.rb
  head/lang/ruby24/files/patch-lib_rdoc_generator_json_index.rb
Comment 6 commit-hook freebsd_committer 2017-12-19 02:23:15 UTC
A commit references this bug:

Author: swills
Date: Tue Dec 19 02:22:54 UTC 2017
New revision: 456701
URL: https://svnweb.freebsd.org/changeset/ports/456701

Log:
  MFH: r454686 r456700

  lang/ruby2?: make rubygem-* ports reproducible

  PR:		223781
  exp-run by:	antoine

  Update lang/ruby2[2,3,4] to latest versions.

  Fixes a security issue.

  PR:		224356
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
  Security:	dd644964-e10e-11e7-8097-0800271d4b9c

  Approved by:	ports-secteam (implicit)

Changes:
_U  branches/2017Q4/
  branches/2017Q4/Mk/bsd.ruby.mk
  branches/2017Q4/lang/ruby22/distinfo
  branches/2017Q4/lang/ruby22/files/patch-lib_rdoc_generator_json_index.rb
  branches/2017Q4/lang/ruby22/pkg-plist
  branches/2017Q4/lang/ruby23/distinfo
  branches/2017Q4/lang/ruby23/files/patch-lib_rdoc_generator_json_index.rb
  branches/2017Q4/lang/ruby23/pkg-plist
  branches/2017Q4/lang/ruby24/distinfo
  branches/2017Q4/lang/ruby24/files/patch-lib_rdoc_generator_json_index.rb
  branches/2017Q4/lang/ruby24/pkg-plist