Am Mon, Jul 15, 2024 at 08:59:11PM GMT, schrieb Steven Schubiger: > Pierre Gruet <p...@debian.org> wrote: > > Thanks for digging into this matter. Yes, keeping the flags is something I > > have already seen. If you don't want to fix it in your main software, it > > could be patched in Debian, I have already done this sort of things e.g. in > > > > https://sources.debian.org/src/atomes/1.1.14-1.1/debian/patches/omit_flags_in_binary.patch/ > > > > And yes, __DATE__ and __TIME__ are also sources of non-reproducibility; if > > this remains as is, I think we could also patch this code in Debian by > > putting information from > > $ dpkg-parsechangelog -SDate > > instead of the __DATE__ and __TIME__ macros. > > I'd favor to keep it in colorize.c as is. Green light for patching, though > :-).
gcc (and a bunch of other stuff) respects the SOURCE_DATE_EPOCH environment variable for a while now, so no need to patch around __DATE__ and the like ~ it just works™. And indeed, the given example: > colorize v0.65 (compiled at Mar 20 2020, 21:42:04) happens to be exactly what debian/changelog said for 0.65: | -- Steven Schubiger <s...@refcnt.org> Fri, 20 Mar 2020 22:42:04 +0100 See https://reproducible-builds.org/docs/source-date-epoch/ for all the g(l)ory details. On a semi-related note: Its not quite the same as embedding the flags the way you do, but gcc embeds some details on the compilation into a binary (which is stripped & shipped by the automatic debug packages). # apt install colorize-dbgsym $ readelf --debug-dump=info /usr/bin/colorize | grep 'DW_AT_producer' <d> DW_AT_producer : (indirect string, offset: 0xa0): GNU C89 13.3.0 -mtune=generic -march=x86-64 -g -O2 -ansi -fstack-protector-strong -fstack-clash-protection -fcf-protection=full -fasynchronous-unwind-tables Best regards David Kalnischkies
signature.asc
Description: PGP signature
