[Reproducible-builds] Bug#797709: libmodule-build-perl: make linking order deterministic
Niko Tyni
ntyni at debian.org
Tue Sep 1 19:46:48 UTC 2015
Package: libmodule-build-perl
Version: 0.421400-1
Severity: wishlist
Tags: patch
Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=106813
User: reproducible-builds at lists.alioth.debian.org
Usertags: toolchain
X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org
Quoting the upstream ticket above:
While working on the "reproducible builds" effort [0], we have noticed
that the linking order of object files in Module::Build::c_link() depends
on readdir() order, which is nondeterministic. This affects the generated
binary, rendering it non-reproducible.
The nondeterminism originates in rscan_dir(). The attached patch makes it
return its file lists in sorted order. Some alternative fixes would be to
call File::Find with the "preprocess" argument to sort the list, or sort
the list of object files in process_support_files() or later in c_link().
It's not clear to me if the latter options are safe, or if a distribution
might inject its own list of object files and expect their order to be
preserved. In contrast, since there's no existing guarantee of the order
of rscan_dir() results, it's clearly safe. The downside is a number
of probably unnecessary sort() calls when rscan_dir() gets called in
other contexts.
[0] https://wiki.debian.org/ReproducibleBuilds
This issue (together with other issues of its own) makes
libkinosearch1-perl non-reproducible. I suspect that having multiple
(generated?) .c files in a Build.PL distribution is unusual enough that
it explains why we haven't noticed this with other packages.
I found the disorderfs package very useful when investigating/testing
this FWIW.
--
Niko Tyni ntyni at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Sort-file-lists-generated-by-rscan_dir.patch
Type: text/x-diff
Size: 1092 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20150901/6bba6874/attachment.patch>
More information about the Reproducible-builds
mailing list