[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#1030785: -ffile-prefix-map option and reproducibility

On Tue, Feb 14, 2023 at 05:07:49PM +0200, Peter Pentchev wrote:
> Right, when I said "record the compiler flags", I did not mean "and always
> pass them on verbatim". I think you may already know this, since you talk
> about Python, but yeah, in Python's case things are really not that simple.
> This command:
>   python3 -c 'import pprint; import sysconfig; pprint.pp(dict(item for item in sysconfig.get_config_vars().items() if "CFLAGS" in item[0]));'
> ...displays all of the "system configuration variables" (pretty much exactly
> things recorded at Python build time) that have "CFLAGS" in their name, and
> at least with Python 3.11 in testing, there are *a lot* of those. Some of them
> are obviously module-specific configuration for the various Python standard
> library modules, but there are others, too.
> Other systems record compiler (and linker, etc) flags with different granularity,
> but yes, you are correct that it makes a lot of sense to take care what is
> recorded and how.


FWIW what we do with Perl is to filter away those flags that come from
dpkg-buildflags [1], but record the others. The dpkg-buildflags ones
get passed into XS module package builds separately by debhelper, so
packages can individually opt out of things like hardening if necessary
via the normal interface (DEB_BUILD_MAINT_OPTIONS etc.)

There's some background that led to this in #657853 .

Some important flags that really need to be recorded are those that affect
the Perl <> XS module binary interface, in particular the LFS ones

[1] https://sources.debian.org/src/perl/5.36.0-7/debian/rules/#L182

Niko Tyni   ntyni@debian.org

Reply to: