Hello GengYu Rao,
,
> So there should be problem with -march=native -ftree-vectorize.
Thank, with your help a little bit of investigation I was able to fully understand the problem. Here are the steps I took to investigate:
1) I knew the "march=native" flag was already disabled by a patch we are applying on top of the upstream source code, but I wasn't sure about the "-ftree-vectorize".
2) Looking at the Makefile code[0] I found out that this flag is only used when in amd64, and the reproducibility problems are happening on i386, so let's check the i386 build logs to make sure.
3) The build log[1] of the first try is using the flags:
cc -g -O2 -ffile-prefix-map=/build/1st/t50-5.8.3=. -fstack-protector-strong -Wformat -Werror=format-security -std=gnu11 -O2 -DNDEBUG -flto -fno-stack-protector -I src/include -std=gnu11 -Wdate-time -D_FORTIFY_SOURCE=2
And the on the second build[2] we have:
cc -g -O2 -ffile-prefix-map=/build/t50-5.8.3/2nd=. -fstack-protector-strong -Wformat -Werror=format-security -std=gnu11 -O2 -DNDEBUG -ftree-vectorize -flto -fno-stack-protector -I src/include -std=gnu11 -Wdate-time -D_FORTIFY_SOURCE=2
4) How come -ftree-vectorize is being used on a i386 build log?! Let's check how the Makefile is detecting the architecture[3]:
ARCHITECTURE = $(shell arch)
5) Now we just found out that one of the i386 machines used for reproducible builds is doing cross compilation, and that the Makefile is buggy, I fixed this by removing all of the architecture specific stuff[4], and uploaded as 5.8.3-2.
Now, are we all in agreement wrt this being a RC bug worth of asking for an unblock to the release team?
On an extra sidenote, the Makefile is overriding one of the hardening flags that we use on Debian and our tools are not detecting that, the build is being made with the conflicting flags "-fstack-protector-strong" and "-fno-stack-protector".
Thanks for your help GengYu Rao
Regards,