Hi *, As part of the Reproducible Builds effort [0], we would like to enable a new default build flag from the reproducible/fixdebugpath feature area in order to prevent issues with build paths.
From the dpkg-buildflag(1) manpage:
This setting ([currently] disabled by default) adds
-fdebug-prefix-map=BUILDPATH=. to CFLAGS, CXXFLAGS, OBJCFLAGS,
OBJCXXFLAGS, GCJFLAGS, FFLAGS and FCFLAGS where BUILDPATH is set to
the top-level directory of the package being built. This has the
effect of removing the build path from any generated debug symbols.
This flag is useful only since gcc-5/5.4.0-4 (#819176, [1]) and
gcc-6 [2], as otherwise the produced debug symbols will lack the build
path but the option itself will be saved in the resulting debug binary
(in "DW_AT_producer"), only fixing the reproducibility problem halfway.
Previous versions of GCC accept the -fdebug-prefix-map option but it
was stored in DW_AT_producer, reducing the utility from a reproducible
point of view.
clang 3.8 supports the build flag and does not save the path in
DW_AT_producer (although the source path gets included in the .strtab
section if the source path is passed absolutely). We asked [3] the
clang maintainers whether they would be willing to backport the
-fdebug-prefix-path, but in the worst case there are only 3 clang
reverse build-deps FTBFS due to this [4].
dpkg-buildflags 1.18.10 has a restriction on the characters allowed in
the build path and will automatically and silently disable the option
if it finds unsafe ones. This should make it safe against unescaped
characters. See #827155 for more insight on this issue.
We enabled the reproducible/fixdebugpath feature in the Reproducible
Builds CI one month ago and whilst we have about 3k packages yet to
build we are already confident that there won't be any major regression
related to this other than those 3 packages.
Thus, following the dpkg team's policy [5] about adding a new default
build flag, I'm seeking a wider discussion to see whether somebody has
any concern we haven't already taken care of.
I'd like to thank Daniel Kahn Gillmor for leading the implementation of
this new build flag which unblocked a real problem in the Reproducible
Builds world: allowing us to build packages in different build paths!
Thanks for reading,
Mattia
[0] https://wiki.debian.org/ReproducibleBuilds https://reproducible-builds.org
[1] https://bugs.debian.org/819176
[2]
https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=6ceddcd7b87911ddbb942923722af5a735dacedc
[3] https://bugs.debian.org/819185
[4] afl, libblocksruntime and libclc
[5]
https://wiki.debian.org/Teams/Dpkg/FAQ#Q:_Can_we_add_support_for_new_default_build_flags_to_dpkg-buildflags.3F
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
