Bug 1102408 – trackerbug: packages do not build reproducibly from race conditions

Bug 1102408 - trackerbug: packages do not build reproducibly from race conditions


Summary:	trackerbug: packages do not build reproducibly from race conditions

Status:	CONFIRMED

Classification:	openSUSE
Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Development
Version:	Current
Hardware:	All All

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Bernhard Wiedemann
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:	1138295 1170378 1192192 1021335 1021353 1109420 1111950 1120942
Blocks:	1081754
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-07-24 11:52 UTC by Bernhard Wiedemann
Modified:	2022-05-05 06:40 UTC (History)
CC List:	0 users

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernhard Wiedemann 2018-07-24 11:52:01 UTC

See also https://reproducible-builds.org/
and https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/race

When packages build with make -j$N   (N>1),
it sometimes results in binaries that differ between builds
and thus trigger rebuilds of depending packages
and are published to mirrors and users
when actually nothing really changed.

Build results can also be incorrect due to races.

Often it is possible to fix races by adding proper dependencies between build targets (e.g. https://bugzilla.sudo.ws/show_bug.cgi?id=842 )
or fixing involved racy tools

Comment 1 Swamp Workflow Management 2019-10-04 18:20:09 UTC

This is an autogenerated message for OBS integration:
This bug (1102408) was mentioned in
https://build.opensuse.org/request/show/735340 15.0 / python-service_identity
https://build.opensuse.org/request/show/735341 15.1 / python-service_identity

Comment 2 OBSbugzilla Bot 2020-07-15 13:30:07 UTC

This is an autogenerated message for OBS integration:
This bug (1102408) was mentioned in
https://build.opensuse.org/request/show/821093 Factory / Ipopt

Comment 5 OBSbugzilla Bot 2021-08-02 10:30:08 UTC

This is an autogenerated message for OBS integration:
This bug (1102408) was mentioned in
https://build.opensuse.org/request/show/909714 15.2 / lxd
https://build.opensuse.org/request/show/909717 15.3 / lxd

Comment 6 Swamp Workflow Management 2021-08-04 16:23:02 UTC

SUSE-RU-2021:2606-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1102408
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    libcbor-0.5.0-4.3.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    libcbor-0.5.0-4.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    libcbor-0.5.0-4.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    libcbor-0.5.0-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Swamp Workflow Management 2021-08-04 16:24:07 UTC

openSUSE-RU-2021:2606-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1102408
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    libcbor-0.5.0-4.3.1

Comment 8 Swamp Workflow Management 2021-08-10 01:22:32 UTC

openSUSE-RU-2021:1109-1: An update that has two recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1102408,1188946
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    lxd-4.16-lp152.2.41.1

Comment 9 Swamp Workflow Management 2021-08-10 07:18:24 UTC

openSUSE-RU-2021:1122-1: An update that has 5 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1102408,1186647,1186786,1186906,1188946
CVE References: 
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    lxd-4.16-bp153.3.6.1

Comment 10 Swamp Workflow Management 2021-08-10 07:26:25 UTC

openSUSE-RU-2021:1121-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1102408
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    libcbor-0.5.0-lp152.3.3.1

Comment 11 OBSbugzilla Bot 2021-08-20 14:40:06 UTC

This is an autogenerated message for OBS integration:
This bug (1102408) was mentioned in
https://build.opensuse.org/request/show/913362 15.3 / lxd

Comment 12 Swamp Workflow Management 2021-08-23 16:17:44 UTC

# maintenance_jira_update_notice
SUSE-SU-2021:2817-1: An update that solves one vulnerability, contains two features and has 6 fixes is now available.

Category: security (moderate)
Bug References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422
CVE References: CVE-2020-26137
JIRA References: ECO-3352,PM-2485
Sources used:
SUSE MicroOS 5.0 (src):    python-asn1crypto-0.24.0-3.2.1, python-cffi-1.13.2-3.2.5, python-cryptography-2.8-10.1, python-pyOpenSSL-17.5.0-8.3.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Manager Server 4.0 (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Manager Retail Branch Server 4.0 (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Manager Proxy 4.0 (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    python-asn1crypto-0.24.0-3.2.1, python-cffi-1.13.2-3.2.5, python-cryptography-2.8-10.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Linux Enterprise Module for Python2 15-SP2 (src):    python-asn1crypto-0.24.0-3.2.1, python-cffi-1.13.2-3.2.5, python-cryptography-2.8-10.1, python-pyOpenSSL-17.5.0-8.3.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    aws-cli-1.19.9-26.1
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    aws-cli-1.19.9-26.1
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    aws-cli-1.19.9-26.1, python-botocore-1.20.9-33.1, python-service_identity-18.1.0-3.3.1, python-trustme-0.6.0-3.3.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src):    python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-cffi-1.13.2-3.2.5, python-cryptography-2.8-10.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-cffi-1.13.2-3.2.5, python-cryptography-2.8-10.1, python-pyOpenSSL-17.5.0-8.3.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE Enterprise Storage 6 (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1
SUSE CaaS Platform 4.0 (src):    python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2021-08-23 16:21:56 UTC

# maintenance_jira_update_notice
openSUSE-SU-2021:2817-1: An update that solves one vulnerability, contains two features and has 6 fixes is now available.

Category: security (moderate)
Bug References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422
CVE References: CVE-2020-26137
JIRA References: ECO-3352,PM-2485
Sources used:
openSUSE Leap 15.3 (src):    aws-cli-1.19.9-26.1, python-asn1crypto-0.24.0-3.2.1, python-boto3-1.17.9-19.1, python-botocore-1.20.9-33.1, python-cffi-1.13.2-3.2.5, python-cryptography-2.8-10.1, python-pyasn1-0.4.2-3.2.1, python-pycparser-2.17-3.2.1, python-urllib3-1.25.10-9.14.1

Comment 14 Swamp Workflow Management 2021-08-25 19:30:20 UTC

# maintenance_jira_update_notice
openSUSE-RU-2021:1195-1: An update that has 6 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1102408,1186647,1186786,1186906,1188946,1189645
CVE References: 
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    lxd-4.17-bp153.3.9.1

Comment 15 Swamp Workflow Management 2021-08-27 07:16:59 UTC

# maintenance_jira_update_notice
openSUSE-SU-2021:1206-1: An update that solves one vulnerability, contains two features and has 6 fixes is now available.

Category: security (moderate)
Bug References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422
CVE References: CVE-2020-26137
JIRA References: ECO-3352,PM-2485
Sources used:
openSUSE Leap 15.2 (src):    python-cffi-1.13.2-lp152.2.3.1, python-cryptography-2.8-lp152.2.12.1, python-pyOpenSSL-17.5.0-lp152.7.3.1

Comment 18 Swamp Workflow Management 2021-10-12 13:26:35 UTC

SUSE-SU-2021:3336-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1102408,1185405,1187704,1188282,1191015,1191121,1191334,1191355,1191434
CVE References: CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Containers 12 (src):    containerd-1.4.11-16.45.1, docker-20.10.9_ce-98.72.1, runc-1.0.2-16.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2021-10-25 13:17:08 UTC

openSUSE-SU-2021:3506-1: An update that solves 6 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434
CVE References: CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, docker-kubic-20.10.9_ce-156.1, runc-1.0.2-23.1

Comment 20 Swamp Workflow Management 2021-10-25 13:19:52 UTC

SUSE-SU-2021:3506-1: An update that solves 6 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434
CVE References: CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE MicroOS 5.0 (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise Server for SAP 15 (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise Server 15-LTSS (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise Module for Containers 15-SP3 (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise Module for Containers 15-SP2 (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1
SUSE Enterprise Storage 7 (src):    runc-1.0.2-23.1
SUSE Enterprise Storage 6 (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1
SUSE CaaS Platform 4.0 (src):    containerd-1.4.11-56.1, docker-20.10.9_ce-156.1, runc-1.0.2-23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Swamp Workflow Management 2021-10-31 20:40:07 UTC

openSUSE-SU-2021:1404-1: An update that solves 6 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434
CVE References: CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    containerd-1.4.11-lp152.2.12.1, docker-20.10.9_ce-lp152.2.18.1, runc-1.0.2-lp152.2.9.1

Comment 22 OBSbugzilla Bot 2021-12-13 04:40:05 UTC

This is an autogenerated message for OBS integration:
This bug (1102408) was mentioned in
https://build.opensuse.org/request/show/940127 15.3 / lxd

Comment 25 Swamp Workflow Management 2022-02-01 17:18:48 UTC

openSUSE-RU-2022:0273-1: An update that has 5 recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1102408,1192652,1192653,1193257,1193258
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    google-guest-agent-20211116.00-1.23.1, google-guest-configs-20211116.00-1.16.1, google-guest-oslogin-20211013.00-1.24.1, google-osconfig-agent-20211117.00-1.14.1

Comment 26 Swamp Workflow Management 2022-02-01 17:20:29 UTC

SUSE-RU-2022:0273-1: An update that has 5 recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1102408,1192652,1192653,1193257,1193258
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    google-guest-agent-20211116.00-1.23.1, google-guest-configs-20211116.00-1.16.1, google-guest-oslogin-20211013.00-1.24.1, google-osconfig-agent-20211117.00-1.14.1
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    google-guest-agent-20211116.00-1.23.1, google-guest-configs-20211116.00-1.16.1, google-guest-oslogin-20211013.00-1.24.1, google-osconfig-agent-20211117.00-1.14.1
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    google-guest-agent-20211116.00-1.23.1, google-guest-configs-20211116.00-1.16.1, google-guest-oslogin-20211013.00-1.24.1, google-osconfig-agent-20211117.00-1.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2022-02-08 17:19:45 UTC

SUSE-RU-2022:0347-1: An update that has 5 recommended fixes can now be installed.

Category: recommended (important)
Bug References: 1102408,1192652,1192653,1193257,1193258
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 12 (src):    google-guest-agent-20211116.00-1.23.1, google-guest-configs-20211116.00-1.14.1, google-guest-oslogin-20211013.00-1.23.1, google-osconfig-agent-20211117.00-1.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 OBSbugzilla Bot 2022-05-05 06:40:03 UTC

This is an autogenerated message for OBS integration:
This bug (1102408) was mentioned in
https://build.opensuse.org/request/show/975026 15.3 / lxd