[diffoscope] Diffoscope inconsistency
Fay Stegerman
flx at obfusk.net
Fri Aug 23 16:26:14 UTC 2024
Hi,
* Javier Ron via diffoscope <diffoscope at lists.reproducible-builds.org> [2024-08-23 17:18]:
> Hello Diffoscope team,
>
> We discovered inconsistent behavior while running the tool for compiled java
> classes.
>
> When running in Ubuntu Jammy with libmagic 5.42, the java classes were being
> compared as java bytecode,
> as expected.
>
> When running in SUSE 15.5, with libmagic 5.32 the java classes were being
> compared as hexdumps.
>
> We tracked the issue and found that the retrieved magic contained "Cafe
> Babe" at the beginning, thus
> the corresponding java regex <https://salsa.debian.org/reproducible-builds/diffoscope/-/blob/master/diffoscope/comparators/java.py#L78>
> failed to match.
A quick look at the file(1) source code [1] shows that both versions should
output the string "compiled Java class data" for .class files (though there have
been some other changes, so it's possible the older libmagic gives an incorrect
result). So the regex used by diffoscope should be correct even for the older
libmagic, which suggest the issue is in a dependency, not diffoscope itself.
I'm not sure what you mean by "the retrieved magic contained 'Cafe Babe'"
exactly? Can you give us the output of directly running file(1) on the .class
files? For example:
$ file Foo.class
Foo.class: compiled Java class data, version 65.0
I get the same result when using the old magic/Magdir/cafebabe from 5.32 (though
with a more recent version of file(1)).
- Fay
[1] https://github.com/file/file
More information about the diffoscope
mailing list