Empty build-id to make package reproducible
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Aug 31 17:27:31 BST 2018
Hi Otto--
On Fri 2018-08-31 09:44:18 +0300, Otto Kekäläinen wrote:
> pe 31. elok. 2018 klo 0.46 Daniel Kahn Gillmor (dkg at fifthhorseman.net)
> kirjoitti:
> ..
>> does this mean that galera-3 debugging symbols won't be easily findable?
>
> Perhaps, but we decided that responsibility is important and the
> package should pass the new CI pipeline we set up at
> https://salsa.debian.org/mariadb-team/galera-3/pipelines/15700
> Note that this still just a commit on sitting on the master branch,
> and it hasn't yet been uploaded anywhere and this might not be the
> final solution.
I'm not sure what you mean by "responsibility" here. Do you mean
"reproducibility"? I agree that reproducibility is important! thanks
for setting up this pipeline and pointing to it. I'll look into how to
do that for other debian packages. :)
That said, my experience with the build-id is that it becomes
reproducible once everything else in the package is reproducible -- so
it's typically a symptom of some other unreproducibility.
If that's not the case for galera-3, that's an interesting outcome, and
one that suggests that either (a) there is some other non-reproducible
thing that the build process repairs *after* build-id is generated, or
(b) my mental model of how the build-id is created is wrong.
Do you know which one it is? if it's (a), can you point to any details?
>> then again, the debugging symbols for galera-3 look like they're being
>> generated in a way that is pretty out-of-date, and hasn't been touched
>> in at least 3 years, so maybe the maintainers don't care about these
>> symbols very much:
>>
>> https://salsa.debian.org/mariadb-team/galera-3/blame/master/debian/rules#L51
>
> This package is actively maintained and everything should be up to
> date. If you are an expert on debug package rules stanzas, we are
> happy to take any suggestions (or merge requests on Salsa) to make
> that section not so "pretty out-of-date".
i'm not an expert on this stuff either, but i think the the changeover
should be pretty simple. I've just filed an (untested) changeset as a
merge request here:
https://salsa.debian.org/mariadb-team/galera-3/merge_requests/1
My knowledge of debug symbols in debian derives in large part from the
Debian wiki:
https://wiki.debian.org/DebugPackage
Thanks very much for your active work maintaining this project in
debian, and for your attention to reproducibility!
All the best,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20180831/1eb15958/attachment.sig>
More information about the Reproducible-builds
mailing list