[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updating dpkg-buildflags to enable reproducible=+fixfilepath by default

The dpkg-buildflags feature reproducible=+fixfilepath was added to dpkg
in 2018.

## What does this feature do exactly?

From the dpkg-buildflags(1) manpage:


    This setting (disabled by default) adds
    -ffile-prefix-map=BUILDPATH=.  to CFLAGS, CXXFLAGS, OBJCFLAGS,                                                    
    the top-level directory of the package being built.  This has the                                                 
    effect of removing the build path from any generated file.                                                        

The result of enabling this feature by default will be to make several
hundred packages reproducible with varying build-path and reduce the
differences in many other packages, making it easier to identify other
more nuanced reproducibility issues.

It would be great to see the reproducible=+fixfilepath feature enabled
by default in dpkg-buildflags, and we would like to proceed forward with
this soon unless we hear any major concerns or other outstanding issues.

## Process regarding updating dpkg-buildflags defaults

Following the dpkg FAQ on how to add default build flags to


We do not expect any significant change in memory or build-times, or any
changes in run-time semantics (other than the issues noted below
regarding test suites). An archive-wide rebuild has been performed (more

## Possible updates required to your packages

Minor updates to a small number of packages in the archive are needead,
although patches for most od them have already been sent. The simplest
workaround is a one-line change in debian/rules to disable the feature:


Though, of course, identifying the exact reproducibility problem would
be preferable. One of the common issues is test suites relying on the
behavior of __FILE__ returning a full path to find fixtures or other
test data.

A small number of packages manually filter out
-fdebug-prefix-map=/build/dir when recording CFLAGS (etc.) into binary
packages, in order to make the build reproducible. Depending on the
implementation of this filter (specifically, whether it also filters out
-ffile-prefix-map as well), these packages may, ironically, actually
become unreproducible with reproducible=+fixfilepath -- they will not
catch this additional flag.  In these situations, please broaden the
regular expression (or similar) to make the build reproducible again or
avoid recording any CFLAGS whatsover depending on the circumstances.

## Background

We have been performing builds with DEB_BUILD_OPTIONS=reproducible=+all
(which includes +fixfilepath) at https://tests.reproducible-builds.org
since 2018. Currently we only enable this feature in sid and

Lucas Nussbaum kindly performed an archive-wide rebuild and identified a
small number of packages that failed to build with this flag enabled:


Huge thanks to Lucas for that!

The failing packages have been marked in the reproducible builds


And I have filed patches for most of the affected packages:


The few remaining packages FTBFS regardless of whether they use
reproducible=+fixfilepath, or are built with the default clang compiler,
version 9, which does not support this feature. I expect most of these
packages to build correctly once llvm-toolchain-defaults updates to 10
or 11, which is expected for bullseye:


We would like to move forward with this change soon, so please raise any
concerns or issues not covered already.

Thanks for reading this far!

live well,
  On behalf of the Reproducible Builds team

Attachment: signature.asc
Description: PGP signature

Reply to: