Package: dpkg-dev Version: 1.17.16 Severity: minor Tags: patch User: reproducible-builds@lists.alioth.debian.org Usertags: toolchain randomness
Hi! As part of the “reproducible builds” effort [1], I came to investigate a couple of failures related to dpkg-shlibdeps. An example is visible in the output of debbindiff for gemanx-gtk2: https://jenkins.debian.net//userContent/dbd/gemanx-gtk2_0.1.0.3-2.debbindiff.html In the Depends field of the control file of libgemanx-core0, one build has `libglib2.0-0 (>= 2.12.0)` while the other has `libglib2.0-0 (>= 2.16.0)`. dpkg-shlibdeps outputs a warning, as it is actually a useless dependency. So the issue is probably a minor one. Here's my analysis and possible solution: The minimal version numbers differ from one run to another because when the .symbols file is loaded, the order of the entries in the `libfiles` hash are random. Only the minimal required version for the first encountered shared library of a package will be currently used. libglib2.0-0 exhibits the problem because libgio-2.0.so.0 has a minimal required version of 2.16.0, while all other shared libraries contained in the same package have a minimal required version of 2.12.0. The attached patch uses `update_dependency_version` in order to raise the initial minimum required version for each shared libraries provided by the same package. [1]: https://wiki.debian.org/ReproducibleBuilds -- Lunar .''`. lu...@debian.org : :Ⓐ : # apt-get install anarchism `. `'` `-
diff --git a/scripts/dpkg-shlibdeps.pl b/scripts/dpkg-shlibdeps.pl index bda1e09..6caa6d8 100755 --- a/scripts/dpkg-shlibdeps.pl +++ b/scripts/dpkg-shlibdeps.pl @@ -255,13 +255,9 @@ foreach my $file (keys %exec) { # package and we really need it) my $dep = $symfile->get_dependency($soname); my $minver = $symfile->get_smallest_version($soname) || ''; - foreach my $subdep (split /\s*,\s*/, $dep) { - if (not exists $dependencies{$cur_field}{$subdep}) { - $dependencies{$cur_field}{$subdep} = Dpkg::Version->new($minver); - print " Initialize dependency ($subdep) with minimal " . - "version ($minver)\n" if $debug > 1; - } - } + update_dependency_version($dep, $minver); + print " Initialize dependencies ($dep) with minimal " . + "version ($minver)\n" if $debug > 1; } else { # No symbol file found, fall back to standard shlibs print "Using shlibs+objdump for $soname (file $lib)\n" if $debug;
signature.asc
Description: Digital signature
_______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds