Hi all, Debian, Arch Linux and other distro's are trying to get full reproducible builds. There are some issues in PHP's codebase which makes builds unreproducible. Reprodicuble builds are currently reproduced in Arch Linux by building PHP twice, and in two different env's, varying hostname, system time, etc. [1]
Once issue is the PHP_BUILD_DATE, which makes the build non-reproducible. I've made a PR which uses SOURCE_DATE_EPOCH which is set in the reprodiculbe build env. This should keep the current functionality intact, while adding support for reproducible builds. [2] [3] Another issue is the php_uname functions which contains the hostname, since the hostname is varied per build this makes it non-reproducible. This is caused by the following line: configure.ac:PHP_UNAME=`uname -a | xargs` required in: ext/standard/info.c: php_uname = PHP_UNAME; Which is there as fallback as the php.net documentation describes: "On some older UNIX platforms, it may not be able to determine the current OS information in which case it will revert to displaying the OS PHP was built on. This will only happen if your uname() library call either doesn't exist or doesn't work.". I would argue that this is strange unexpected behaviour, and maybe it should throw an exception instead? Or can it show only "Linux" as fallback? basically PHP_OS. Ideas? The last issue is phar.phar being non-reproducible of which I am not sure what the issue would be. I'm not sure how the binary data in the phar.phar is generated. [1] https://tests.reproducible-builds.org/archlinux/extra/php/php-7.2.0-2-x86_64.pkg.tar.xz.html [2] https://github.com/php/php-src/pull/2965 [3] https://reproducible-builds.org/specs/source-date-epoch/ Thanks, -- Jelle van der Waa Arch Linux Developer -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
