dh-perl6 vs. dh-raku: reproducibility issues with vendor/precompiled
gregor herrmann
gregoa at debian.org
Thu Jan 20 14:11:54 GMT 2022
On Tue, 18 Jan 2022 19:07:52 -0800, Vagrant Cascadian wrote:
Disclaimer: I'm not involved with raku packaging and don't know alot
about it, just following along a bit.
> I just noticed a reproducibility issue in a package that transitioned
> from dh-perl6 to dh-raku, and it introduced some reproducibility issues
> in the raku-tap-harness in precomp files, e.g.:
I think this was already briefly discussed in #1002496
> We're tracking this issue in reproducible builds as:
> https://tests.reproducible-builds.org/debian/issues/unstable/randomness_in_perl6_precompiled_libraries_issue.html
Ah, #1002496 mentioned again :)
> But there aren't many packages there (yay?), and the description is a
> bit terse suggesting that these files should not be shipped at all...
Well …
> Not knowing much about perl6 ... are the precompiled files needed in
> installed packages? Could they be generated at package install time
> rather than package build time (like .pyc files for python in Debian)?
… as a user (more precisely: as someone who has raku packages
installed because I might want to use them at some point) I found it
very annoying on each upgrade to have to wait for several minutes and
have my room warmed up by my laptop's fan because those precompiled
files are recreated. From that point of view I appreciate dod's
effort to switch to shipping the precompiled files in the packages
(with the help of dh-raku), and the Pros/Cons section at
https://wiki.debian.org/Perl6PreCompProposal also seems (in my
interpretation) to point in this direction.
> They appear to be hashed filenames, what goes into the hash that
> produces them (file path? timestamp? etc.), and could that be made
> reproducible?
That would be nice indeed.
I once experimented by comparing the "old"
precompiled-at-instalation-time and the precompiled-at-build-time
files on my laptop, and interesetingly they were the same. Or I
missed something. But yeah, rebuilding with reprepo shows that paths
are embedded which ist Not Good™.
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- BOFH excuse #211: Lightning strikes.
More information about the Pkg-rakudo-devel
mailing list