[Reproducible-builds] Changing toolchain defaults to simplify reproducible builds
Stephen Kitt
skitt at debian.org
Sat May 30 12:17:04 UTC 2015
On Sat, 30 May 2015 11:52:22 +0200, Jérémy Bobbio <lunar at debian.org> wrote:
> Stephen Kitt:
> > On Sat, 30 May 2015 11:00:11 +0200, Stephen Kitt <skitt at debian.org> wrote:
> > > After a couple of fixes to binutils-mingw-w64 and mingw-w64, the latter
> > > should now be reproducible.
>
> That's good news!
:-)
> > > This still involves dropping PE timestamps (see
> > > https://wiki.debian.org/ReproducibleBuilds/TimestampsInPEBinaries
> > > for details), which got me wondering whether it would be worth it
> > > just to make --no-insert-timestamps the default in
> > > binutils-mingw-w64's ld... That should fix the timestamp issue for
> > > all PE binaries in Debian, without introducing any regressions that
> > > I can think of.
> >
> > ... all PE binaries build with mingw-w64 in Debian ...
>
> I still haven't totally understood the implication of dropping
> timestamps from PE headers. So I wonder if this could break
> out-of-the-archive uses.
I had a look at the upstream history which led to the introduction of
--no-insert-timestamp, and it turns out there is a nasty side-effect: bound
executables (this is somewhat like prelinking) crash if a DLL is updated
without changing its timestamp.
https://sourceware.org/bugzilla/show_bug.cgi?id=16887 has the details.
> Having `--no-insert-timestamps` by default would probably align
> binutils-mingw-w64 more with binutils. The latter is built with
> `--deterministic-archives` since 2.25-6.
>
> Maybe uploading a package to unstable now (with
> a NEWS file?) could give enough time for issues to show up before
> the release.
In the end I think it would be better to avoid building DLLs at least with
that option. A sensible option would be to be able to specify the timestamp
(and use the changelog's last date): that way packages can be rebuilt
identically if they haven't changed, but updating a DLL gives it a new
timestamp so bound executable still work. I'll give that a shot...
Regards,
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150530/341ed048/attachment.sig>
More information about the Reproducible-builds
mailing list