Bug#1033958: binutils: reproducible builds: files in source tarball in arbitrary order

Vagrant Cascadian Tue, 04 Apr 2023 16:42:17 -0700

Source: binutils
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: randomness
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org


The files in the binutils tarball appear to be in arbitrary order,
possibly affected by locale or filesystem differences:

  
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/armhf/diffoscope-results/binutils.html

  /usr/src/binutils/binutils-2.40.tar.xz

  e.g. the first file in the bfd directory listed in these two builds are:

  
hrw-r--r--···0········0········0········0·2023-01-14·00:00:00.000000·binutils-2.40/bfd/elf32-m68hc1x.h
  vs.
  
hrw-r--r--···0········0········0········0·2023-01-14·00:00:00.000000·binutils-2.40/bfd/elf32-score7.c


The attached patch to debian/rules fixes this by passing the --sort=name
argument to tar.


Unfortunately, this patch alone does not solve all reproducibility
issues with binutils, but applying this patch should significantly reduce
the differences, making it easier to debug remaining issues.


Thanks for maintaining binutils!


live well,
  vagrant

From 6dce3b6b223419c31fb1aaa59b658652b0fe953d Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagr...@reproducible-builds.org>
Date: Tue, 4 Apr 2023 16:10:53 -0700
Subject: [PATCH 1/2] debian/rules: Pass argument to tar to sort the files in
 the binutils source tarball.

Locale or filesystem differences may result in the generated tarball
embedding files in arbitrary order.

https://reproducible-builds.org/docs/archives/
https://tests.reproducible-builds.org/debian/issues/unstable/random_order_in_tarball_issue.html
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 0a3ff6ec..a697df43 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1484,7 +1484,7 @@ endif # ifndef BACKPORT
 		xargs -0r touch --no-dereference --date='$(BUILD_DATE)' && \
 		find $(source_files) -type f -print0 | LC_ALL=C sort -z | \
 		XZ_OPT=-9 tar --null -T - -c --xz --mode=go=rX,u+rw,a-s \
-		--owner=0 --group=0 --numeric-owner \
+		--owner=0 --group=0 --numeric-owner --sort=name \
 		--xform='s=^[^/]*\/=binutils-$(VERSION)/=' \
 		-f $(pwd)/$(d_src)/$(PF)/src/binutils/binutils-$(VERSION).tar.xz \
 		$(source_files)
-- 
2.39.2

signature.asc
Description: PGP signature

Bug#1033958: binutils: reproducible builds: files in source tarball in arbitrary order

Reply via email to