[Reproducible-builds] Bug#773916: libical: Ship different constant values accross builds
Jérémy Bobbio
lunar at debian.org
Thu Dec 25 15:46:14 UTC 2014
Package: libical-dev
Version: 1.0-1.1
Severity: critical
User: reproducible-builds at lists.alioth.debian.org
Usertags: randomness
Hi!
While working on the “reproducible builds” effort [1], we have noticed
that libical could not be built reproducibly:
https://jenkins.debian.net/userContent/dbd/libical_1.0-1.1.debbindiff.html
The debbindiff output linked above show that two builds of libical will
output different values for the constant defined in the icalvalue_kind
enum in ical.h and icalderivedvalue.h.
This is bad. It means that any software using these values will break
when libical is updated. After a quick look at the report, this might be
the cause for #766454.
The problem highly likely lies in the following code:
https://sources.debian.net/src/libical/1.0-1.1/scripts/mkderivedvalues.pl/?hl=66:74#L66
Sorting the keys before using them should make the output stable accross
builds. Ideally this should be done in all similar constructs to enable
the package to build reproducibly.
Packages having a Build-Depends on libical-dev should probably be
binNMU'ed once this is fixed. That should be: agenda.app, asterisk,
bluez, cairo-dock-plug-ins, citadel, cyrus-imapd-2.4, evolution,
evolution-data-server, evolution-ews, gnokii, goldencheetah, ical2html,
kdepimlibs, kmymoney, libsynthesis, openchange, orage, osmo,
syncevolution, webcit.
[1]: https://wiki.debian.org/ReproducibleBuilds
--
Lunar .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20141225/4cda4d24/attachment.sig>
More information about the Reproducible-builds
mailing list