Bug#991928: grub2: reproducible builds: embeds different strings depending on (obscure) locales

[Vagrant Cascadian]

On 2024-10-19, James Addison wrote:
> On Thu, 05 Aug 2021 15:11:02 -0700, Vagrant wrote:
>> Some locales (e.g. potentially obscure locales used by reprotest) may
>> cause sort order issues in embedded strings in some of the grub-*.bin
>> binaries.
>
> I'm not 100% confident, but I believe that this bug may have been fixed upstream
> as part of a subsequent release.

I would be very pleasantly surprised...


> I don't find any clearly locale-related differences when comparing the
> current output of the comparative builds[1] of grub2 in the
> Reproducible Builds test infrastructure for Debian.

The locales tested in the test infrastructure do not trigger the issue.

Current versions of reprotest no longer randomizes locales and defaults
to testing using the et_EE.UTF-8 locale (which also does not trigger the
issue), but I seem to recall one of these *not* UTF-8 locales that was
the trigger:

  ru_RU.CP1251 kk_KZ.RK1048

Current reprotest allows specifying the locale to test:

  reprotest --vary=+locales,locales.locale=kk_KZ.RK1048 


With all those caveats, this is definitely a very minor issue (even
moreso than when originally filed due to changes in reprotest), although
easily worked around by always specifying the C.UTF-8 locale from
debian/rules.


> The upstream commit that I think is the most likely candidate to have fixed
> the problem is this one:
>
>   http://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=f42266a8a2a4215e4ffe419b8092bdf9ced33e8e

That seems only related to the C or C.UTF-8 locales, so seems unlikely
to fix the issue...


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20241019/e15439df/attachment.sig>