Source: nbdkit Version: 1.26.5-1 Severity: normal Tags: patch X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org User: reproducible-bui...@lists.alioth.debian.org Usertags: buildpath
The C compiler plugin nbdkit-cc-plugin.so in the nbdkit package records the CFLAGS that it was built with, presumably so that it can pass them on to objects that it is used to compile. Unfortunately, the default CFLAGS from dpkg-buildflags include the build path, which means this prevents the build from being reproducible (a Policy §4.15 "should"). From a diffoscope comparison between two consecutive builds using sbuild, for example: │ │ │ ├── ./usr/lib/x86_64-linux-gnu/nbdkit/plugins/nbdkit-cc-plugin.so ... │ │ │ │ ├── strings --all --bytes=8 {} ... │ │ │ │ │ --g -O2 -ffile-prefix-map=/build/nbdkit-arafYk/nbdkit-1.26.5=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -shared │ │ │ │ │ +-g -O2 -ffile-prefix-map=/build/nbdkit-icZkey/nbdkit-1.26.5=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -shared After fixing #992702, this seems like it might be the only source of non-reproducibility in the package, so if you're willing to apply a (probably Debian-specific) patch to avoid it, the package is likely to become fully reproducible. Please see attached for a possible implementation. Alternatively, if the CFLAGS from building nbdkit itself are not actually needed when building third-party code using the cc plugin, then it might be OK to just pass -DCFLAGS="\"-fPIC -shared\"" and omit $(CFLAGS) altogether? But I don't know this package (I don't use it myself) so there might be a reason I'm unaware of why that would be undesirable. See also #985553, which would avoid the need to apply this patch if implemented. Thanks, smcv