Bug#844431: Revised patch: seeking seconds
Ximin Luo
infinity0 at debian.org
Wed Aug 16 11:37:00 UTC 2017
Adrian Bunk:
> On Wed, Aug 16, 2017 at 10:24:07AM +0000, Mattia Rizzolo wrote:
>> On Tue, 15 Aug 2017, 11:02 p.m. Adrian Bunk <bunk at debian.org> wrote:
>>
>>> Tracker:
>>> https://tracker.debian.org/pkg/hsqldb1.8.0
>>> "Does not build reproducibly during testing"
>>
>> And indeed it's not reproducible according to policy: it's storing the
>> build user at the very least.
>> ...
>
> What makes you so confident that this package is not reproducible
> according to policy?
>
> According to policy, storing the value of $USER in the binary
> is clearly permitted for a reproducible package. [1]
>
> As long as the reproducible builds infrastructure varies $USER instead
> of following the policy definition, it is not suitable for determining
> whether or not a package is reproducible according to policy.
>
> And what the reproducible builds infrastructure pushes as
> Does not build reproducibly during testing
> to tracker and DDPO is therefore not usable for determining
> reproducibility according to policy.
>
> cu
> Adrian
>
> [1] I haven't checked what exactly this package does
>
Fair enough. I actually spotted that but thought it was better to get "something" into Policy rather than nitpick. I guess other people were thinking similar things. Well, lesson learnt, I will be more forceful next time.
The sentence I amended said "most environment variables" so our intent is clear. If we want to fix this now, I would suggest amending:
- a set of environment variable values; and
+ a set of reserved environment variable values; and
then later:
+ A "reserved" environment variable is defined as DEB_*, DPKG_, SOURCE_DATE_EPOCH, BUILD_PATH_PREFIX_MAP, variables listed by dpkg-buildflags and other variables explicitly used by buildsystems to affect build output, excluding any variables used by non-build programs to affect their behaviour. Explicitly, this excludes TERM, HOME, LOGNAME, USER, PATH and likely any variables ending with *PATH.
X
--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
More information about the Reproducible-builds
mailing list