[arch-commits] Commit in thunderbird-extension-enigmail/trunk (2 files)
Jonas Witschel
diabonas at archlinux.org
Fri Jul 10 17:09:39 UTC 2020
Date: Friday, July 10, 2020 @ 17:09:38
Author: diabonas
Revision: 663122
upgpkg: thunderbird-extension-enigmail 2.1.7-3: remove timezone and UIDs/GIDs from XPI
After the previous update some further sources of unreproducibility were found,
hopefully everything relevant is covered now.
Added:
thunderbird-extension-enigmail/trunk/0001-genxpi-make-XPI-files-reproducible.patch
Modified:
thunderbird-extension-enigmail/trunk/PKGBUILD
-----------------------------------------------+
0001-genxpi-make-XPI-files-reproducible.patch | 65 ++++++++++++++++++++++++
PKGBUILD | 10 +--
2 files changed, 70 insertions(+), 5 deletions(-)
Added: 0001-genxpi-make-XPI-files-reproducible.patch
===================================================================
--- 0001-genxpi-make-XPI-files-reproducible.patch (rev 0)
+++ 0001-genxpi-make-XPI-files-reproducible.patch 2020-07-10 17:09:38 UTC (rev 663122)
@@ -0,0 +1,65 @@
+From a68b0efbd2002aeb6aa1240b8611cbb97b84d7a7 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas at gmx.de>
+Date: Fri, 10 Jul 2020 19:02:43 +0200
+Subject: [PATCH] genxpi: make XPI files reproducible
+
+zip records the mtime of packed files, making it harder to reproduce the
+generated file bit for bit. Use the SOURCE_DATE_EPOCH specification that is
+already respected in other places of this project (package/Makefile) to set the
+modification time to a known, reproducible value.
+
+To avoid embedding time zone information and Unix UIDs/GIDs as further sources
+of unreproducibilty use "export TZ=UTC" and "zip -X", resp. Also make the mtime
+of the generated XPI file reproducible using "zip -o" for good measure.
+---
+ util/genxpi | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/util/genxpi b/util/genxpi
+index 9d7c39e5..36110e02 100755
+--- a/util/genxpi
++++ b/util/genxpi
+@@ -60,9 +60,10 @@ find chrome/content/modules -name "*.js*" | LC_ALL=C sort > chrome/content/modul
+
+ echo "Creating ${xpiFile} file"
+
+-zip -9 --must-match\
+- ../${xpiFile} \
+- chrome/content/preferences/defaultPrefs.js \
++# Avoid embedding time zone information about the current system into the XPI
++export TZ=UTC
++
++set chrome/content/preferences/defaultPrefs.js \
+ chrome/content/modules/addrbook.jsm \
+ chrome/content/modules/amPrefsService.jsm \
+ chrome/content/modules/app.jsm \
+@@ -184,9 +185,15 @@ zip -9 --must-match\
+ chrome/content/modules/all-modules.txt \
+ chrome/content/am-enigprefs.xul
+
+-zip -9 \
+- ../${xpiFile} \
+- chrome/content/ui/*.* \
++# Set modification timestamps to a fixed value for reproducibilty
++[ -n "$SOURCE_DATE_EPOCH" ] && touch --date "@$SOURCE_DATE_EPOCH" -- "$@"
++zip -9 -o -X --must-match ../${xpiFile} "$@"
++
++if [ $? -ne 0 ]; then
++ exit 1
++fi
++
++set chrome/content/ui/*.* \
+ chrome/skin/aero/*.* \
+ chrome/skin/modern/*.* \
+ chrome/skin/tb-mac/*.* \
+@@ -198,3 +205,7 @@ zip -9 \
+ bootstrap.js \
+ chrome.manifest \
+ ${pkgFile}
++
++# Set modification timestamps to a fixed value for reproducibilty
++[ -n "$SOURCE_DATE_EPOCH" ] && touch --date "@$SOURCE_DATE_EPOCH" -- "$@"
++zip -9 -o -X ../${xpiFile} "$@"
+--
+2.27.0
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-07-10 16:57:18 UTC (rev 663121)
+++ PKGBUILD 2020-07-10 17:09:38 UTC (rev 663122)
@@ -10,7 +10,7 @@
pkgname=thunderbird-extension-enigmail
pkgver=2.1.7
-pkgrel=2
+pkgrel=3
pkgdesc="OpenPGP message encryption and authentication for Thunderbird"
arch=('any')
url="https://www.enigmail.net/"
@@ -20,17 +20,17 @@
source=("https://www.enigmail.net/download/source/enigmail-${pkgver}.tar.gz"{,.asc}
"0001-preferences-disable-pEpAutoDownload-by-default.patch"
"0001-Disable-Thunderbird-78-upgrade-warning-message.patch"
- "enigmail-reprodible-xpi-timestamps.patch::https://gitlab.com/enigmail/enigmail/-/commit/e905796792feff11ec92d3757e0c54dea0d605d3.patch")
+ "0001-genxpi-make-XPI-files-reproducible.patch")
sha512sums=('1b57091c8ab9aaa086f327b78d904d688c850b6d39e37e2dac82e0629c0279723eae4608ecd08a24efe9ed1bdc86fbc497e97cd800c7349a70612a42b98f3e41'
'SKIP'
'baebd963400574db89be747a4419534f945bdc64136d4014656ff98a9615a23984bca724da3f3840670979aab08ce441eee067921e21d0cb216938a20ed785b2'
'4ddf887765e4296b3c639748d875b179d1e2a5fb38ad16e2918f115a9ff9a05e2f9c66218544f7ab8189f096908df761d4047fd5d23972c02737e46c4a0c843c'
- '1ba5b64fb93737899d61d1f6755822eb6de5ac29a5016cc1a6260c480904c347b656b9e37c6476bc3c07058d750ff90ff04b5ebe65844f88975b98ec3064eaac')
+ '3902e09d801f8a3fd493450a85c23d3cd95c68465df0025599e6c923b9708a6cb0cb09920170ec5055d55a56e287ae468460fca150f7be8af9d83cffa1a40427')
b2sums=('8f6d1ec16b48219c75c6dbcddf4807ed57965eeec29776e7c757d5aa34da6bfdbbb58964ee3d7de2efcb65ab69fa5b020f1a8ec01cd8eee662d8195a217cdc69'
'SKIP'
'c593ed7b094d9feecb2f14624cf0628ab390c96f0fb0212ab0069333508b59057ef4b0518da1bf59eb8aaf0942303c4c45afab76d0b8e77a93763eab975cb4c0'
'a2ba38e56f14a87834023076a75a6c59bc17488104227d8db3e31072f2dcc6488808a980b4073111dec4cf4661349c3e995b8226808c3038d96f2cab666eb90b'
- '906c099f4d01a5d265cc96172ad00e44fca7c043eaad9827f5f319b294134e522d615100027ddbb89638d0b553a64451f4f116ddef5549081ba888217cb8c252')
+ '55709a3fd099fab4b11289518a44f2b53e81031606529cec5b4786e796de438faefa52f2a7ab3d29d6b3aca120e279f30d6d7ba3c3e3d02ca2abcb85f1652661')
validpgpkeys=('4F9F89F5505AC1D1A260631CDB1187B9DD5F693B') # Patrick Brunschwig <patrick at enigmail.net>
prepare() {
@@ -45,7 +45,7 @@
# Make timestamps in the generated XPI file respect SOURCE_DATE_EPOCH
# (https://gitlab.com/enigmail/enigmail/-/merge_requests/45)
- patch -p1 -i ../enigmail-reprodible-xpi-timestamps.patch
+ patch -p1 -i ../0001-genxpi-make-XPI-files-reproducible.patch
}
build() {
More information about the arch-commits
mailing list