[Pkg-postgresql-public] Bug#795984: Bug#795984: postgresql-plproxy: please make the build reproducible

[Jérémy Bobbio]

Peter Eisentraut:
> Well, nothing is mandatory for building a Debian package, since you can
> just assemble the archives manually.  But you could say, if you want a
> reproducible build, you need to use dpkg-buildpackage.

We want to provide ways to reproduce an initial build. I don't consider
that the “reproducible builds” team has control over how that first
build is made. Maybe someone feels like proposing to make
`dpkg-buildpackage` mandatory for every Debian uploads, but it's not a
fight I'm ready to carry personally.

> I feel the environment variable issue in particular could use a
> centralized solution, instead of patching each package individually.
> You guys have identified a few environment variables that are common
> culprits, such as local and time zone, because those are very often set
> by users.  But that doesn't address that infinite number of other
> environment variables that users could set.  Nothing technically
> prevents a package from being built with LD_PRELOAD set or a nonstandard
> JAVA_HOME, for example.

If LD_PRELOAD is set to something that will affect the build, indeed
there is nothing that we can do. But by default, it has no value. The
situation is different for locale and timezone as they do have been
configured on almost every systems.

The complete list of all variations that we currently test is available
on the dashboard:
https://reproducible.debian.net/reproducible.html#variation

Overriding locale and timezone for all packages are likely to give
surprising results to developers. In our tests, it also papered real
issues that have been better fixed at the source.

> > The other thing is that it might break some packages or test suites in
> > subtle ways. Overriding the timezone in a local manner avoids any
> > surprises.
>
> The problem here in particular is that I don't know whether setting the
> time zone in this way is portable to non-Linux, non-GNU systems.  So a
> patch like this might not be acceptable upstream.

TZ is defined by POSIX according to:
http://pubs.opengroup.org/onlinepubs/9699919799/functions/timezone.html

-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20150831/8878898e/attachment.sig>