[DRE-maint] Bug#1135269: ruby-timers: please make the build reproducible

Thu, 30 Apr 2026 04:43:09 -0700 

Source: ruby-timers
Version: 4.4.0-2
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: environment
X-Debbugs-Cc: [email protected]

Hi,

Whilst working on the Reproducible Builds effort [0], we noticed that
ruby-timers could not be built reproducibly.

This is because the .gemspec file gets evaluated, causing this line:

  File.expand_path("~/.gem/release.pem")

... to be rendered in the binary package, leading to the package
embedding the build user's home directory.

Patch attached.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [email protected] / chris-lamb.co.uk
       `-

--- a/debian/patches/reproducible-build.patch   1969-12-31 16:00:00.000000000 
-0800
--- b/debian/patches/reproducible-build.patch   2026-04-30 04:37:52.593631918 
-0700
@@ -0,0 +1,16 @@
+Description: Make the build reproducible
+Author: Chris Lamb <[email protected]>
+Last-Update: 2026-04-30
+
+--- ruby-timers-4.4.0.orig/timers.gemspec
++++ ruby-timers-4.4.0/timers.gemspec
+@@ -10,9 +10,6 @@ Gem::Specification.new do |spec|
+       spec.authors = ["Tony Arcieri", "Samuel Williams", "Donovan Keme", 
"Wander Hillen", "Utenmiki", "Jeremy Hinegardner", "Sean Gregory", "Chuck 
Remes", "Olle Jonsson", "Ron Evans", "Tommy Ong Gia Phu", "Larry Lv", "Lin 
Jen-Shin", "Ryunosuke Sato", "Atul Bhosale", "Bruno Enten", "Dimitrij 
Denissenko", "Jesse Cooke", "Klaus Trainer", "Lavir the Whiolet", "Mike 
Bourgeous", "Nicholas Evans", "Patrik Wenger", "Peter Goldstein", "Ryan 
LeCompte", "Tim Smith", "Vít Ondruch", "Will Jessop", "Yoshiki Takagi"]
+       spec.license = "MIT"
+       
+-      spec.cert_chain  = ["release.cert"]
+-      spec.signing_key = File.expand_path("~/.gem/release.pem")
+-      
+       spec.homepage = "https://github.com/socketry/timers";
+       
+       spec.metadata = {
--- a/debian/patches/series     1969-12-31 16:00:00.000000000 -0800
--- b/debian/patches/series     2026-04-30 04:37:51.255121707 -0700
@@ -0,0 +1 @@
+reproducible-build.patch

_______________________________________________
Pkg-ruby-extras-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

Reply via email to