Hi Lunar,

On Fri, Jan 29, 2016 at 03:11:55PM +0100, Jérémy Bobbio wrote:
> Helmut Grohne:
> > Even though I cannot reproduce the issue at hand, I think that the code
> > adding automatic debug symbols looks fishy to me. It appears to recurse
> > over /tmp here and that looks very wrong to me.
> I don't understand what you mean by that. Could you provide be (at least
> some) of the `--debug` output?

What I mean is that diffoscope takes the directory that contains the
first debian package and then recursively looks at all contained files.
If that tree happens to be big, bad things can happen.

So I finally managed to reproduce that bit and I'll give a recipe and a
--debug log.

chroot into a fresh sid bootstrap.

# apt-get --no-install-recommends install diffoscope binutils-multiarch
$ cd /tmp
$ mkdir -p buildd/diffoscope/should/not/be/looking snapshot
$ echo no > buildd/diffoscope/should/not/be/looking/here
$ cd buildd

Now obtain a full set of binary packages from an arch-only glibc build.

$ cd ../snapshot

Obtain the corresponding libc6_*.deb from snapshot.d.o.

$ cd ../buildd
$ diffoscope --debug --text out ./libc6_*.deb /tmp/snapshot/libc6_*.deb 2>debug

The run finishes quickly (< 3 minutes) and the debug log contains:

| DEBUG Looking for a dbgsym package for Build Id ...
| DEBUG Using TextFile for ./diffoscope/should/not/be/looking/here

Now for the profitbricks node, what diffoscope looks at is a build tree
for glibc. Recursively.

Note that I said "./libc6_*.deb" above. If you drop the "./", diffoscope
doesn't look where it's not supposed to look.


Attachment: debug.xz
Description: Binary data

Reproducible-builds mailing list

Reply via email to