Bug#844431: Revised patch: seeking seconds

Ximin Luo infinity0 at debian.org
Wed Aug 16 11:37:00 UTC 2017

Adrian Bunk:
> On Wed, Aug 16, 2017 at 10:24:07AM +0000, Mattia Rizzolo wrote:
>> On Tue, 15 Aug 2017, 11:02 p.m. Adrian Bunk <bunk at debian.org> wrote:
>>> Tracker:
>>> https://tracker.debian.org/pkg/hsqldb1.8.0
>>> "Does not build reproducibly during testing"
>> And indeed it's not reproducible according to policy: it's storing the
>> build user at the very least.
>> ...
> What makes you so confident that this package is not reproducible 
> according to policy?
> According to policy, storing the value of $USER in the binary
> is clearly permitted for a reproducible package. [1]
> As long as the reproducible builds infrastructure varies $USER instead 
> of following the policy definition, it is not suitable for determining 
> whether or not a package is reproducible according to policy.
> And what the reproducible builds infrastructure pushes as
>    Does not build reproducibly during testing
> to tracker and DDPO is therefore not usable for determining
> reproducibility according to policy.
> cu
> Adrian
> [1] I haven't checked what exactly this package does

Fair enough. I actually spotted that but thought it was better to get "something" into Policy rather than nitpick. I guess other people were thinking similar things. Well, lesson learnt, I will be more forceful next time.

The sentence I amended said "most environment variables" so our intent is clear. If we want to fix this now, I would suggest amending:

- a set of environment variable values; and
+ a set of reserved environment variable values; and

then later:

+ A "reserved" environment variable is defined as DEB_*, DPKG_, SOURCE_DATE_EPOCH, BUILD_PATH_PREFIX_MAP, variables listed by dpkg-buildflags and other variables explicitly used by buildsystems to affect build output, excluding any variables used by non-build programs to affect their behaviour. Explicitly, this excludes TERM, HOME, LOGNAME, USER, PATH and likely any variables ending with *PATH.


GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE

More information about the Reproducible-builds mailing list