Empty build-id to make package reproducible

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Aug 30 22:31:01 BST 2018


On Thu 2018-08-30 21:08:51 +0000, Holger Levsen wrote:

> (replying to the list with Otto's permission..)
>
> On Sun, Aug 05, 2018 at 02:51:16AM +0800, Otto Kekäläinen wrote:
>> This is what we talked about today:
>> https://salsa.debian.org/mariadb-team/galera-3/commit/1460cfa128fb457b5b5c60fcc5cac6faf5a216d5
>
> I'm wondering, is this really a good approach? (to set build-id=none) 
>
> I'm somewhat sceptical but then also a bit clueless here... ;)

i'm also pretty ignorant about these details, but wouldn't that make it
hard to find/match the debugging symbols?  aiui, the build-id is used by
gdb to find the symbols for debugging.  for example:

0 dkg at alice:~$ file $(which notmuch) 
/usr/bin/notmuch: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=ef8fab73e1088840f0c5abe7dcbdc5a1246272cd, stripped
0 dkg at alice:~$ dpkg -L notmuch-dbgsym | grep build-id.*debug$
/usr/lib/debug/.build-id/ef/8fab73e1088840f0c5abe7dcbdc5a1246272cd.debug
0 dkg at alice:~$ 

does this mean that galera-3 debugging symbols won't be easily findable?

then again, the debugging symbols for galera-3 look like they're being
generated in a way that is pretty out-of-date, and hasn't been touched
in at least 3 years, so maybe the maintainers don't care about these
symbols very much:

   https://salsa.debian.org/mariadb-team/galera-3/blame/master/debian/rules#L51

just my 2¢,

   --dkg



More information about the Reproducible-builds mailing list