Updating dpkg-buildflags to enable reproducible=+fixfilepath by default
Lisandro Damián Nicanor Pérez Meyer
perezmeyer at gmail.com
Sat Jan 9 00:27:34 GMT 2021
On Fri, 8 Jan 2021 at 21:15, Lisandro Damián Nicanor Pérez Meyer
<perezmeyer at gmail.com> wrote:
>
> Hi! Explicitely CCing my bug, since it seems it missed my previous reply.
>
> On Fri, 8 Jan 2021 at 20:49, Guillem Jover <guillem at debian.org> wrote:
> >
> > On Fri, 2021-01-08 at 19:23:13 -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> > > [snip]
> > > > We did a full archive rebuild testing this change, and I provided
> > > > patches to all known affected packages several months ago. It is a
> > > > one-line change in debian/rules in most cases:
> > > >
> > > > https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=reproducible-builds%40lists.alioth.debian.org&tag=fixfilepath
> > > >
> > > > It seems there are less than 10 packages left that have not applied the
> > > > patch.
> > > >
> > > > Longer-term, it would be nice to be able to fix QFINDTESTDATA to be
> > > > compatible, sure.
> > >
> > > >From a couple of "fixes":
> > >
> > > -export DEB_BUILD_MAINT_OPTIONS = hardening=+all
> > > +# Disable fixfilepath feature, as it triggers build failures when
> > > +# enabled.
> > > +export DEB_BUILD_MAINT_OPTIONS = hardening=+all reproducible=-fixfilepath
> > >
> > > That's not a fix but hiding the dirt under the carpet. You are not
> > > fixing the root issue nor the reproducibility one.
> >
> > I'm not sure I understand this objection. Reverting the patch from
> > dpkg would do the same but at a global scale, which would make many
> > packages that would benefit from the new default, not reproducible,
> > and would still "hide the dirt under the carpet" for the very few
> > that would otherwise need the option disabled.
In fact most of those packages would not be unreproducible if the
environment would be the same as the original build. That includes the
build path.
I do understand that it is *desirable* to be able to reproducibly
build a package no matter the build path, but that's just desirable.
The real fix here is to do the right thing, ie, provide the very same
environment as the original build, including the build path.
So again, mangling __FILE__ should not be a default.
--
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
More information about the Reproducible-builds
mailing list