Package: ocaml Version: 4.01.0-5 User: reproducible-builds@lists.alioth.debian.org Usertags: toolchain randomness Control: affects -1 nss-passwords ocaml makes some debug builds non-reproducible by embedding some entropy in the debug symbols. Below is an attempt at a diagnosis and sketch of a couple of possible fixes. debian/patches/0008-Embed-bytecode-in-C-object-when-using-custom.patch creates an arbirtrarily-named tempfile during some builds: c_file = Filename.temp_file "camlobj" ".c" in This tempfile name ends up being included in the the debugging symbols as an explicit name. The debugging symbols then end up having a different checksum based on the random name of the file. This can be seen in: https://reproducible.debian.net/dbd/unstable/amd64/nss-passwords_0.2-1.debbindiff.html where the only difference between the two builds is the random filename in the debug symbols, and the checksum in the .gnu_debuglink section of the resultant binary. I'm not sure exactly how to best resolve this, but i see two general approaches that might be useful: * derive a deterministic filename from the build-state or contents of the generated code, and use that filename instead of a random tmpfile. (this has the disadvantage that it might be possible for this to collide with an existing file, which would produce a new possible error state for the build, but could be made pretty unlikely in the commen case) * create a temporary directory using the standard random naming scheme, and use a known filename within that directory. (this would require that the debug symbols not embed the name of the directory) Thanks for maintaining ocaml in debian! Regards, --dkg
Attachment:
signature.asc
Description: PGP signature