Re: Bug#962474: CMAKE_SKIP_RPATH=ON improves reproducibility of CMake builds

Chris Lamb lamby at debian.org
Mon Jun 29 23:55:03 BST 2020 

Timo Röhling wrote:

> >> By default, CMake adds an RPATH entry to ELF binaries and deletes it
> >> again at install time. However, due to the limitations of some
> >> platforms, CMake will actually zero out the RPATH entry in the binary,
> >> leaking the original path length and thus making the build not
> >> reproducible (see the attached diffoscope output for an example).
> >>
> >> CMAKE_SKIP_RPATH disables the RPATH machinery and fixes the issue, and
> >> since most package won't ever ship with an RPATH entry anyway, I propose
> >> adding -DCMAKE_SKIP_RPATH=ON to the default build options.
> > Thanks for the suggestion.
> >
> > Has this proposal been tested on an archive-wide rebuild test to see how
> > much breaks with this option set?
>
> I don't know, but I don't think so. I'm not directly involved with the
> Reproducible Builds Team, I just pinged them on IRC after I filed this
> bug. Cc'ing them now.

As Vagrant implies we have not done an archive-wide rebuild test on
this specifically. (I was actually not aware of this specific issue
until now.) However, let me give you my general thoughts on using our
testing framework for staging changes.

Although we do have the ability to make changes to our toolchain to
test things we don't really like to do this unless absolutely
necessary. Every deviation from Debian itself is a "bug" of sorts and
only confuses users, developers and even the Reproducible Builds team
themselves when things are (for example) reproducible in one
environment or fail to build in a place that folks have zero control
or visibility over.

In addition, in the past when we have had temporary changes they have
persisted far longer than anyone planned. This leads to frustration
and highly-demotivating outcomes when maintainers no long feel a
pressing need to accommodate a change because "well, all the packages
are now reproducible". Well, yeah, I *guess* …

Lastly, making just a small change is actually non-trivial to do and
involves more technical and cognitive overhead than it sounds. "Just"
is a dangerous word, as I am sure you all know. This could probably be
fixed, but we have limited bandwidth and we aren't trying to be a
staging ground anyway. I suppose this would be mitigated if we only
needed to export that particular Debhelper environment variable from
our 'master' build environment vs. uploading a patched package, but
the above arguments still stand as a general rule.

In other words, unless you have no reason to suspect that lots and
lots of things will break, I would highly and strongly recommend that
you simply make the changes in CMake/debhelper and upload. :)

(Speaking only as myself, I don't represent the entire Reproducible
Builds project, etc. etc. etc. And I am partly writing this so I can
refer others to it later in other parallel contexts...)

Thanks for working on this. :)


Regards,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org 🍥 chris-lamb.co.uk
       `-

More information about the Reproducible-bugs mailing list