dh-perl6 vs. dh-raku: reproducibility issues with vendor/precompiled
Vagrant Cascadian
vagrant at reproducible-builds.org
Thu Jan 20 21:27:33 GMT 2022
On 2022-01-20, Chris Lamb wrote:
>>> I just noticed a reproducibility issue in a package that transitioned
>>> from dh-perl6 to dh-raku, and it introduced some reproducibility issues
>>> in the raku-tap-harness in precomp files, e.g.:
>>
>> I think this was already briefly discussed in #1002496
>
> Yes, indeed. As I mentioned in that bug, I initially thought they were
> accidentally-distributed temporary/build files; something that's
> actually quite common in Debian and comes up quite a lot when doing
> Reproducible Builds stuff.
>
> If I had realised they were the result of deliberate pre-compilation
> efforts, I would probably not have filed that bug. Or, rather: I
> wouldn't have done without a patch to fix the issue! In other words,
> sorry for the essentially unactionable bug, although it *is* serving as
> a useful place to dump information as we inch towards a solution.
>
> (I have included #1002496 on the CC of this thread, perhaps to avoid any
> potential duplication in the future.)
>
>>> But there aren't many [tagged] packages there (yay?), and the
>>> description is a bit terse suggesting that these files should not
>>> be shipped at all...
>>
>> Well …
>
> Oh, don't read into that description, Vagrant! That's likely my
> description based on my jejune understanding of the problem at the
> time (see above). Please feel free to update it — I have nothing
> against precompilation as a general rule.
Yes... of course, shortly after I sent the mail starting this thread I
found more information on this issue!
I've added links to the bug and wiki page describing perl6
precompilation files in our reproducible builds notes and will think
about how to better describe and/or even rename the issue. :)
>>> They appear to be hashed filenames, what goes into the hash that
>>> produces them (file path? timestamp? etc.), and could that be made
>>> reproducible?
>>
>> That would be nice indeed.
>>
>> I once experimented by comparing the "old"
>> precompiled-at-instalation-time and the precompiled-at-build-time
>> files on my laptop, and interesetingly they were the same. Or I
>> missed something. But yeah, rebuilding with reprepo shows that paths
>> are embedded which ist Not Good™.
>
> Thanks for confirming in reprepro. This is also confirmed by me at the
> end of #1002496. I haven't done any other investigating yet.
I presume "reprotest"? Which I've also used to confirm this issue with a
few packages.
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-rakudo-devel/attachments/20220120/eb7d1f56/attachment-0001.sig>
More information about the Pkg-rakudo-devel
mailing list