[Pkg-openssl-devel] Bug#1009934: openssl: reproducible-builds: Embeded compiler flags contain build paths

Vagrant Cascadian vagrant at reproducible-builds.org
Tue Dec 19 20:36:21 GMT 2023 

On 2022-05-01, Vagrant Cascadian wrote:
> On 2022-05-01, Sebastian Andrzej Siewior wrote:
>> control: forwarded -1 https://github.com/openssl/openssl/pull/11545
>>
>> On 2022-04-20 15:46:41 [-0700], Vagrant Cascadian wrote:
>>> The compiler flags usually contain the build path on Debian package
>>> builds, and openssl embeds the compiler flags used in various binaries:
>>>>> Unfortunately, there are other outstanding issues affecting the
>>> reproducibility of openssl, but applying this patch should reduce the
>>> differences, making it easier to debug the remaining issues.
>>
>> so this report looked awkwardly familiar. The pull request
>> 	https://github.com/openssl/openssl/pull/11545
>>
>> should work for you, right?
>
> That looks great, glad it is in progress!
>
> It should be updated to also handle -fmacro-prefix-map and
> -ffile-prefix-map (basically combining both -fmacro-prefix-map and
> -fdebug-prefix-map), which were more recently added to various
> compilers.
>
> Fairly recently -ffile-prefix-map became the default dpkg-buildflags.
>
> I'll comment on the pull request...

This seems to have stalled out upstream.  Tha main blocking concern
appears to have been regarding finding debug symbols if this were
enabled by default.

Since debian has other more reliable mechanisms to find the debug
symbols, would the maintainers of the Debian packages consider applying
the patches?

From what I recall, other than making sure it worked with all three
permutations, (fdebug|fmacro|ffile)-prefix-map, the patches looked
workable to me!

We are no longer testing build paths on tests.reproducible-builds.org,
though other tooling such as reprotest or sbuild still do out of the
box, so it would be nice to get fixed regardless.

live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20231219/4357120c/attachment.sig>

More information about the Pkg-openssl-devel mailing list