Re: Bug#1030785: Reproducibility of ocaml...
Hi Chris, Le 07/02/2023 à 17:13, Chris Lamb a écrit : I appreciate this info is difficult to find (!), but for a bunch of historical reasons, there are actually a different set of variations tested when we test sid compared to when we test bookworm. In other words, the differences between the two builds is not just the package version and Debian distribution. We try to canonically document the differences on this page: https://tests.reproducible-builds.org/debian/index_variations.html And almost certainly the difference is down to the build path. :) Indeed. Does that help? We've had a series of build path variations in the OCaml stack, so maybe some patch got reverted, or…? In this specific case, the variation comes from -ffile-prefix-map being injected automatically into CFLAGS. Cheers, -- Stéphane ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Re: -ffile-prefix-map option and reproducibility
On Tue, Feb 07, 2023 at 04:41:47PM +0100, Stéphane Glondu wrote:
> When building packages, a -ffile-prefix-map option is automatically injected
> into CFLAGS. Where does it come from? Since when?
>
> I suspect this was added to improve reproducibility. Ironically, it makes
> packages that capture this variable non reproducible, since the build path
> seems to be randomized (has it always been the case? since when?).
The build path has always been randomized since, or at least it has been
for as long as I've been involved in Debian.
> It is the
> case of OCaml (see #1030785), and seemingly of R as well (found by grepping
> in my /etc). I wouldn't be surprised other packages are affected as well.
>
> Is there a way to not get this option? More elegant than explicitly
> filtering it out of CFLAGS in debian/rules...
Besides doing
DEB_BUILD_MAINT_OPTIONS=reproducible=-fixfilepath
I actually propose to you to filter out the whole option from being
saved. I've seen a similar pattern in other packages in the past, and
all of those packages already had a filtering function in place to
remove other gcc flags that make no sense being saved (just looking at:
- 8: const("camlConfig__8"="-O2 -fno-strict-aliasing -fwrapv -pthread
-fPIC -g -O2 -ffile-prefix-map=/build/ocaml-Vq2uKK/ocaml-4.13.1=.
-fstack-protector-strong -Wformat -Werror=format-security");
+ 8: const("camlConfig__8"="-O2 -fno-strict-aliasing -fwrapv -pthread
-fPIC -g -O2 -ffile-prefix-map=/build/ocaml-xz3WL7/ocaml-4.13.1=.
-fstack-protector-strong -Wformat -Werror=format-security");
makes me believe that many options have been stripped out…)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Reproducible-builds mailing list
Reproducible-builds@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Re: Reproducibility of ocaml...
Hi Stéphane, > Looking at [3], it seems only unstable is affected. Are you aware of a > change that could explain that? In particular, I don't understand why > the bookworm version is reported as reproducible whereas the version is > the same as unstable. I appreciate this info is difficult to find (!), but for a bunch of historical reasons, there are actually a different set of variations tested when we test sid compared to when we test bookworm. In other words, the differences between the two builds is not just the package version and Debian distribution. We try to canonically document the differences on this page: https://tests.reproducible-builds.org/debian/index_variations.html And almost certainly the difference is down to the build path. :) Does that help? We've had a series of build path variations in the OCaml stack, so maybe some patch got reverted, or…? Best wishes, -- o ⬋ ⬊ Chris Lamb o o reproducible-builds.org ⬊ ⬋ o ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Reproducibility of ocaml...
Hi, I just discovered a reproducibility issue [1,2] in ocaml, which can have dire consequences. Looking at [3], it seems only unstable is affected. Are you aware of a change that could explain that? In particular, I don't understand why the bookworm version is reported as reproducible whereas the version is the same as unstable. [1] https://lists.debian.org/debian-ocaml-maint/2023/02/msg00240.html [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030785 [3] https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/ocaml.html Cheers, -- Stéphane ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
