[notes] 03/03: packages += python-wheezy.template, shim
Daniel Shahaf
danielsh at apache.org
Mon Oct 17 13:55:34 UTC 2016
This is an automated email from the git hooks/post-receive script.
danielsh-guest pushed a commit to branch master
in repository notes.
commit 10dafaa44120a08c444c4fdb4e5f53f4341d76ab
Author: Daniel Shahaf <danielsh at apache.org>
Date: Mon Oct 17 13:53:34 2016 +0000
packages += python-wheezy.template, shim
---
packages.yml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
diff --git a/packages.yml b/packages.yml
index 5f9a7d8..895790f 100644
--- a/packages.yml
+++ b/packages.yml
@@ -22702,6 +22702,14 @@ python-websockets:
version: 3.0-1
bugs:
- 828901
+python-wheezy.template:
+ version: 0.1.167-1
+ comments: |
+ The object file contains a symbol name derived from the value of S_R_D:
+ «__pyx_kp_s_build_2nd_python_wheezy_templat» (sic: appears truncated in diffoscope output).
+ issues:
+ - max_output_size_reached
+ - captures_build_path
python-whoosh:
version: 2.7.0-1
issues:
@@ -27064,6 +27072,45 @@ shiboken:
- captures_build_path
bugs:
- 811669
+shim:
+ version: 0.9+1474479173.6c180c6-1
+ comments: |
+ Signed EFI files differ.
+ .
+ 1) One of the differences looks suspiciously like a notBefore/notAfter X.509 certificate difference:
+ .
+ │ │ │ │ 00011420: 7479 3110 300e 0603 5504 0a0c 0753 6f6d ty1.0...U....Som
+ │ │ │ │ -00011430: 654f 7267 301e 170d 3137 3131 3139 3139 eOrg0...17111919
+ │ │ │ │ -00011440: 3135 3235 5a17 0d31 3831 3131 3931 3931 1525Z..181119191
+ │ │ │ │ -00011450: 3532 355a 3041 310b 3009 0603 5504 0613 525Z0A1.0...U...
+ │ │ │ │ +00011430: 654f 7267 301e 170d 3136 3130 3137 3132 eOrg0...16101712
+ │ │ │ │ +00011440: 3533 3235 5a17 0d31 3731 3031 3731 3235 5325Z..171017125
+ │ │ │ │ +00011450: 3332 355a 3041 310b 3009 0603 5504 0613 325Z0A1.0...U...
+ │ │ │ │ 00011460: 0255 5331 1130 0f06 0355 0407 0c08 536f .US1.0...U....So
+ │ │ │ │ 00011470: 6d65 4369 7479 3110 300e 0603 5504 0a0c meCity1.0...U...
+ .
+ The diff seems as though the build signs the artifact for one year starting at the build date.
+ .
+ Looking at the source, that seems to be exactly what's happening (see line 9):
+ .
+ % <shim-0.9+1474479173.6c180c6/make-certs nl -ba | head
+ 1 #!/bin/bash -e
+ 2 #
+ 3 # Generate a root CA cert for signing, and then a subject cert.
+ 4 # Usage: make-certs.sh hostname [user[@domain]] [more ...]
+ 5 # For testing only, probably still has some bugs in it.
+ 6 #
+ 7
+ 8 DOMAIN=xn--u4h.net
+ 9 DAYS=365
+ 10 KEYTYPE=RSA
+ .
+ 2) There are probably additional issues. Some of the other differences
+ would be fallout of the above (e.g., checksums), but the signature itself
+ is probably random.
+ issues:
+ - cryptographic_signature
+ - max_output_size_reached
shishi:
version: 1.0.2-6
issues:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/notes.git
More information about the Reproducible-commits
mailing list