Bug#844431: Reproducibility in Policy
Johannes Schauer
josch at debian.org
Sat Aug 12 16:24:49 UTC 2017
Hi,
Quoting Russ Allbery (2017-08-12 09:57:44)
> I think we need to add all environment variables starting with DEB_* to
> the prerequisites. If you set DEB_BUILD_OPTIONS=nostrip or
> DEB_BUILD_MAINT_OPTIONS=hardening=all, you'll definitely get a different
> package, for instance.
>
> I feel like there are a bunch of other environment variables that have to
> be consistent, although I'm not sure how to specify that since other
> environment variables shouldn't matter. But, say, setting GNUTARGET is
> very likely to cause weirdness by changing how ld works. There are
> probably more interesting examples.
>
> How does the current reproducible build testing work with the environment?
> Maybe we should just document that for right now and relax it later if
> needed?
currently, dpkg-genbuildinfo records all environment variables in a .buildinfo
file which pass a whitelist check. The current whitelist is stored here:
https://anonscm.debian.org/cgit/dpkg/dpkg.git/tree/scripts/Dpkg/Build/Info.pm#n50
I'm not proposing that this whole list should be added to policy. But the list
that ends up in policy must be a subset of the list of environment variables
that dpkg-genbuildinfo stores in the .buildinfo file. Thus:
- this list from dpkg should give a number of good suggestions of which
environment variables should be added to policy
- if any additional variables are added, then they must be added to
dpkg-genbuildinfo as well.
Thanks!
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20170812/bc633421/attachment.sig>
More information about the Reproducible-builds
mailing list