[DSE-Dev] Bug#825656: libsepol: please make the build reproducible

Sat, 28 May 2016 07:23:03 -0700 

Source: libsepol
Version: 2.5-1
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: fileordering
X-Debbugs-Cc: [email protected]

Hi!

While working on the "reproducible builds" effort [1], we have noticed
that libsepol could not be built reproducibly.
The lists of object files are unsorted which causes a non-deterministic
linking order.

The attached patch fixes this by sorting the lists.

Regards,
 Reiner

[1]: https://wiki.debian.org/ReproducibleBuilds

diff --git a/debian/patches/reproducible-build.patch b/debian/patches/reproducible-build.patch
new file mode 100644
index 0000000..404b749
--- /dev/null
+++ b/debian/patches/reproducible-build.patch
@@ -0,0 +1,25 @@
+Author: Reiner Herrmann <[email protected]>
+Description: Sort object files for deterministic linking order
+
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -18,15 +18,15 @@
+ LIBPC=libsepol.pc
+ LIBMAP=libsepol.map
+ LIBSO=$(TARGET).$(LIBVERSION)
+-OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
+-LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c))
++OBJS= $(patsubst %.c,%.o,$(sort $(wildcard *.c)))
++LOBJS= $(patsubst %.c,%.lo,$(sort $(wildcard *.c)))
+ CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-format-attribute -O2
+ 
+ override CFLAGS += -I. -I../include -D_GNU_SOURCE
+ 
+ ifneq ($(DISABLE_CIL),y)
+-OBJS += $(sort $(patsubst %.c,%.o,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATED)))
+-LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATED)))
++OBJS += $(sort $(patsubst %.c,%.o,$(sort $(wildcard $(CILDIR)/src/*.c)) $(CIL_GENERATED)))
++LOBJS += $(sort $(patsubst %.c,%.lo,$(sort $(wildcard $(CILDIR)/src/*.c)) $(CIL_GENERATED)))
+ override CFLAGS += -I$(CILDIR)/include
+ endif
+ 
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..55077d0
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+reproducible-build.patch

Attachment: signature.asc
Description: PGP signature

_______________________________________________
SELinux-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel

Reply via email to