debconf cache is non-reproducible issue while creating system image

Fri Apr 29 09:03:55 UTC 2022

Hello Roland Clobus,

Thanks your prompt reply,
Please find my inline comments.

>-----Original Message-----
>From: Roland Clobus <rclobus at rclobus.nl>
>Sent: 26 April 2022 13:47
>To: General discussions about reproducible builds <rb-
>general at lists.reproducible-builds.org>; pyla venkata(ＴＳＩＰ)
><Venkata.Pyla at toshiba-tsip.com>
>Subject: Re: debconf cache is non-reproducible issue while creating system
>image
>
>Hello Venkata,
>
>On 26/04/2022 08:28, Venkata.Pyla at toshiba-tsip.com wrote:
>> Hi RB team,
>>
>> I am working on to create reproducible system images that includes
>Debian packages,
>> I am currently facing one issue[1] where the debconf cache entries
>are not reproducible when package configurations are done before the package
>is installed,
>
>> This is happening because the package postinst script uses
>non-reproducible file names to generate debconf cache entries.
>
>>
>> I found this problem with one package (localepurge), but there can be
>many packages like this where their package postinst script uses non-
>reproducible contents while generating debconf cache entries.
>
>>
>> I wanted to discuss here whether we need to fix this issue in 'ucf'
>who is responsible to generate the debconf cache entry, or every package should
>fix this problem in their postinst script?
>
>>
>> Kindly give your thoughts.
>>
>> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009639
>
>In the specific case of localepurge, instead of using the file /etc/locale.nopurge,
>you could use /etc/locale.gen instead. [1]
>
>I used:
>debootstrap bullseye rootfs/ http://deb.debian.org/debian/ chroot rootfs
>/bin/bash -c "echo en > /etc/locale.gen"
>chroot rootfs /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt --yes install
>localepurge"
>grep tmp rootfs/var/cache/debconf/config.dat

Thanks for the suggestion, this will not generate the debconf cache entry.
But we want to use "locale.nopurge" configuration in our system image generation,
because we wanted to delete/purge all other locales except added in "/etc/locale.nopurge"

"localepurge" is one example that generates debconf cache entry with non-reproducible way,
 there are other packages also which generates similar non-reproducible entry (e.g: grub-pc)

the root cause of this is using "mktemp" for new_file configuration and generate debconf cache entry with this temporary file

e.g. 1: localepurge
-------------------
https://salsa.debian.org/elmig-guest/localepurge/-/blob/master/debian/postinst#L206 
TMPFILE=$(mktemp) || exit 1
:
.
ucf --debconf-ok "$TMPFILE" "$CONFIGFILE"
-------------------

e.g. 2: grub-pc
-------------------
https://salsa.debian.org/grub-team/grub/-/blob/master/debian/postinst.in#L368 
tmp_default_grub="$(mktemp -t grub.XXXXXXXXXX)"
:
.
env $ucf_env ucf --three-way --debconf-ok --sum-file=/usr/share/grub/default/grub.md5sum "$tmp_default_grub" /etc/default/grub
-------------------

I am looking to solve debconf cache entry problem in generic way in "ucf" ? or some other place.
Or mktemp has alternate to generates reproducibly just like SOURCE_DATE_EPOCH ?

>
>(I've added some settings to make the step run without user
>interaction)
>
>With kind regards,
>Roland Clobus
>
>
>[1]
>https://salsa.debian.org/elmig-guest/localepurge/-/blob/master/debian/l
>ocalepurge.config
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20220429/ba59bf4c/attachment.sig>