Package: dpkg Severity: normal Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: buildpath X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
While the reproducible=+fixfilepath and reproducible=+fixdebugpath are very helpful in stripping out the build path from binaries, many binaries still end up including the build path because they also embed the compiler flags (e.g. -ffile-prefix-map=/path/to/build-XYZ=.): https://tests.reproducible-builds.org/debian/issues/unstable/records_build_flags_issue.html At the moment, we have identified over 150 packages in Debian affected by this issue, though there are probably more that have not yet been identified. Some packages may work around this issue by sanitizing or stripping -ffile-prefix-map and -fdebug-prefix-map, but handling this on a per-package basis is a bit of a whack-a-mole approach. The attached patch attempts to switch fixfilepath and fixdebugpath to use .spec files with the DEB_BUILD_PATH environment variable, which is currently used internally for the fixfilepath and fixdebugpath features. Note that it is only a partial patch; it doesn't export DEB_BUILD_PATH in dpkg-buildpackage and/or dpkg-buildflags; help as to the best place to implement that would be appreciated! Instead of changing fixfilepath/fixdebugpath, it might also be better to add new options instead, as this is a significant change of the implementation. Interested to hear your thoughts everyone! live well, vagrant
From 2f2985a12673866a341551399a5461fe8d7e617b Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagr...@reproducible-builds.org> Date: Sun, 14 Mar 2021 00:19:56 -0800 Subject: [PATCH] Implement reproducible=(fixfilepath|fixdebugpath) as spec files. This will avoid embedding the build path in the compiler flags: https://tests.reproducible-builds.org/debian/issues/unstable/records_build_flags_issue.html --- Makefile.am | 2 ++ data/fixdebugpath.specs | 2 ++ data/fixfilepath.specs | 2 ++ scripts/Dpkg/Vendor/Debian.pm | 4 ++-- 4 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 data/fixdebugpath.specs create mode 100644 data/fixfilepath.specs diff --git a/Makefile.am b/Makefile.am index 180562e19..a4f70c420 100644 --- a/Makefile.am +++ b/Makefile.am @@ -38,6 +38,8 @@ dist_pkgdata_DATA = \ data/pie-link.specs \ data/no-pie-compile.specs \ data/no-pie-link.specs \ + data/fixfilepath.specs \ + data/fixdebugpath.specs \ data/cputable \ data/ostable \ data/abitable \ diff --git a/data/fixdebugpath.specs b/data/fixdebugpath.specs new file mode 100644 index 000000000..e1cc16b0a --- /dev/null +++ b/data/fixdebugpath.specs @@ -0,0 +1,2 @@ +*self_spec: ++ -fdebug-prefix-map=%:getenv(DEB_BUILD_PATH =.) diff --git a/data/fixfilepath.specs b/data/fixfilepath.specs new file mode 100644 index 000000000..1f8561575 --- /dev/null +++ b/data/fixfilepath.specs @@ -0,0 +1,2 @@ +*self_spec: ++ -ffile-prefix-map=%:getenv(DEB_BUILD_PATH =.) diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index 06770a235..28cc3c507 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -256,9 +256,9 @@ sub _add_build_flags { # -ffile-prefix-map is a superset of -fdebug-prefix-map, prefer it # if both are set. if ($use_feature{reproducible}{fixfilepath}) { - $map = '-ffile-prefix-map=' . $build_path . '=.'; + $map = "-specs=$Dpkg::DATADIR/fixfilepath.specs"; } else { - $map = '-fdebug-prefix-map=' . $build_path . '=.'; + $map = "-specs=$Dpkg::DATADIR/fixdebugpath.specs"; } $flags->append('CFLAGS', $map); -- 2.30.2
signature.asc
Description: PGP signature
