[Reproducible-builds] Bug#783210: glibc: please make the package build reproducibly
Ximin Luo
infinity0 at debian.org
Fri Jul 22 18:18:00 UTC 2016
Ximin Luo:
> Aurelien Jarno:
>> On 2016-06-06 02:48, Ximin Luo wrote:
>>> On Mon, 19 Oct 2015 10:11:25 +0200 Aurelien Jarno <aurelien at aurel32.net> wrote:
>>>> It means that the point 3 (usage of __DATE__ and __TIME__) is the only
>>>> one left to address in the version currently in experimental.
>>>>
>>>
>>> Hi, GCC have now added support for SOURCE_DATE_EPOCH so we can use this instead. Debhelper now sets this environment variable automatically, and GCC should automatically read it, so perhaps we can get rid of the whole (3)-related patch, but I haven't tested this yet.
>>
>> In the current code __DATE__ and __TIME__ are used to generate a unique
>> serial number shared between two processes. Therefore using
>> SOURCE_DATE_EPOCH for that is not correct here.
>>
>> I have submitted a patch upstream to fix that another way [1].
>> Unfortunately there is still work to do and I am currently lacking time
>> to work on that. Help would be appreciated.
>>
>> Aurelien
>>
>> [1] https://sourceware.org/ml/libc-alpha/2016-03/msg00240.html
>>
>
> Thanks Aurelien,
>
> I reviewed your patch and the discussion linked. I wonder if a quick solution to the issues raise by Mike could be solved by also hashing in the contents of config.status? AIUI autotools, this would include both the have-selinux stuff as well as the alignment values of the build.
>
> Mike, what do you think? If good, I will adapt Aurelien's patch accordingly and resubmit to the mailing list.
>
On second thoughts, this wouldn't actually make the build reproducible since config.status contains things like SHELL which we want to vary whilst retaining reproducibility.
An alternative approach: why not just use the constants defined in version.h, plus the size of the statdata struct itself? (The latter would account for have-selinux, alignment sizes, as well as any future additions.) Something like this:
~~~~
static const char compilation[] = RELEASE "-" VERSION "-";
[..]
struct statdata
{
char version[sizeof (compilation) + sizeof (size_t)];
[..]
}
size_t statdata_size = sizeof (struct statdata);
// later
send_stats (
[..]
memcpy(data.version, compilation, sizeof(compilation));
memcpy(data.version + sizeof(compilation), &statdata_size, sizeof(size_t));
// alternatively, we could use itoa if you want human-readable
*(data.version + sizeof(data.version) - 1) = 0;
[..]
~~~~
My C is not the best so this could probably be tidied up quite a lot, but at this stage let's just talk about the general idea first.
X
--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
More information about the Reproducible-builds
mailing list