Re: Bug#1030785: -ffile-prefix-map option and reproducibility
On Tue, Feb 14, 2023 at 05:07:49PM +0200, Peter Pentchev wrote:
> Right, when I said "record the compiler flags", I did not mean "and always
> pass them on verbatim". I think you may already know this, since you talk
> about Python, but yeah, in Python's case things are really not that simple.
> This command:
>
> python3 -c 'import pprint; import sysconfig; pprint.pp(dict(item for item in sysconfig.get_config_vars().items() if "CFLAGS" in item[0]));'
>
> ...displays all of the "system configuration variables" (pretty much exactly
> things recorded at Python build time) that have "CFLAGS" in their name, and
> at least with Python 3.11 in testing, there are *a lot* of those. Some of them
> are obviously module-specific configuration for the various Python standard
> library modules, but there are others, too.
>
> Other systems record compiler (and linker, etc) flags with different granularity,
> but yes, you are correct that it makes a lot of sense to take care what is
> recorded and how.
Indeed.
FWIW what we do with Perl is to filter away those flags that come from
dpkg-buildflags [1], but record the others. The dpkg-buildflags ones
get passed into XS module package builds separately by debhelper, so
packages can individually opt out of things like hardening if necessary
via the normal interface (DEB_BUILD_MAINT_OPTIONS etc.)
There's some background that led to this in #657853 .
Some important flags that really need to be recorded are those that affect
the Perl <> XS module binary interface, in particular the LFS ones
(-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64).
[1] https://sources.debian.org/src/perl/5.36.0-7/debian/rules/#L182
--
Niko Tyni ntyni@debian.org
Reply to: