On 2021-01-08, Lisandro Damián Nicanor Pérez Meyer wrote: > On Fri, 8 Jan 2021 at 21:15, Lisandro Damián Nicanor Pérez Meyer > <perezmeyer@gmail.com> wrote: > In fact most of those packages would not be unreproducible if the > environment would be the same as the original build. That includes the > build path. True, that is a fairly simple workaround. Which is why we do not vary the build path when testing bullseye for tests.reproducible-builds.org. But we do vary build paths when testing experimental and unstable on tests.reproducible-builds.org, as it helps identify cases where build paths are an issue. It would also help greatly as we move towards verification builds of packages in the archive to not have to worry about build paths as much. > I do understand that it is *desirable* to be able to reproducibly > build a package no matter the build path, but that's just desirable. According to Debian Policy it is recommended: "It is recommended that packages produce bit-for-bit identical binaries even if most environment variables and build paths are varied. It is intended for this stricter standard to replace the above when it is easier for packages to meet it." > The real fix here is to do the right thing, ie, provide the very same > environment as the original build, including the build path. That does sound like a workaround more than a real fix. > So again, mangling __FILE__ should not be a default. I'll agree to disagree. I will admit that a change of defaults in dpkg this close to freeze does seem a bit on the late side of things. Still, The process has been going on for months, announced in accordance with the process for getting defaults changes into dpkg. Bugs with trivial patches were filed in October. Unfortunately, most of the affected packages seem to disproportionately affect packages maintained by the KDE team. I did what I could to mitigate that impact by actually building each and every one of the affected packages to ensure that the opt-out patches worked correctly. Most of those have been applied already. live well, vagrant
Attachment:
signature.asc
Description: PGP signature