Hi, Quoting Russ Allbery (2017-08-12 09:57:44) > I think we need to add all environment variables starting with DEB_* to > the prerequisites. If you set DEB_BUILD_OPTIONS=nostrip or > DEB_BUILD_MAINT_OPTIONS=hardening=all, you'll definitely get a different > package, for instance. > > I feel like there are a bunch of other environment variables that have to > be consistent, although I'm not sure how to specify that since other > environment variables shouldn't matter. But, say, setting GNUTARGET is > very likely to cause weirdness by changing how ld works. There are > probably more interesting examples. > > How does the current reproducible build testing work with the environment? > Maybe we should just document that for right now and relax it later if > needed? currently, dpkg-genbuildinfo records all environment variables in a .buildinfo file which pass a whitelist check. The current whitelist is stored here: https://anonscm.debian.org/cgit/dpkg/dpkg.git/tree/scripts/Dpkg/Build/Info.pm#n50 I'm not proposing that this whole list should be added to policy. But the list that ends up in policy must be a subset of the list of environment variables that dpkg-genbuildinfo stores in the .buildinfo file. Thus: - this list from dpkg should give a number of good suggestions of which environment variables should be added to policy - if any additional variables are added, then they must be added to dpkg-genbuildinfo as well. Thanks! cheers, josch
Attachment:
signature.asc
Description: signature