Hi MaJiang, On Tue, Dec 03, 2019 at 11:21:27AM +0800, ma.ji...@zte.com.cn wrote: > We have managed to get a unique IDs (without multi-thread). Hope this could > help to get a reproducible build.
Thank you for chiming in, and sorry for not getting back to you much much sooner!! > Now the ID is generated by a ptr diff. > val = (long)((char *)cur - (char *)&base_address); > cur is the address of a xmlNsPtr node stored in a hash table(of course, > eventually it's in the heap), base_address is a static variable(in a data > section); Right. > After some debug, we found there are two major disturbances that prevent a > reproducible build. > First, hash functions use a random seed get from time(). So the address of > nodes in hash tables(related to cur) is not stable across multi-builds. > Second, ASLR (Address Space Layout Randomization) changes the base addresses > of data section and heap every time we start a new process. > > To fix the first problem, we could fake a fixed time. We currently use > libfaketime, and of course eventually something like > https://gitlab.gnome.org/GNOME/libxslt/commit/e57df303eca25a2a3f9e0625c29f4b20177858cc > should be applied. > > To fix the second problem, we could change the ptr diff algorithm to > val = (long)((char *)cur - heapStartAddr); > After this change, ALSR could not disturb ID generation anymore, because we > have eliminated the base address of heap. Unfortunately, that doesn't seem to be enough in this case I tried. I did the thing with the current debian package where the SOURCE_DATE_EPOCH commit you linked is already applied, I removed our (broken as this bug report reports) patch, then added yours instead. As a test case I used the debian-faq package, and that produces non-deterministic IDs. Which makes me curious, in which circumstances would your patch produce deterministic IDs? -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature