Source: ksh93u+m Severity: wishlist User: reproducible-bui...@lists.alioth.debian.org Usertags: randomness
Dear Maintainer, I'm an occasional volunteer with the Reproducible Builds[1] project, and noticed recently that the ksh93u+m Debian package failed build reproducibility testing[2] on amd64. The autoconfiguration script[3] probes the build host for the user process limit CHILD_MAX[4] - and the resulting value is compiled-into the /bin/ksh93 binary. This means that the binary package varies (is non-reproducible) on build hosts that have different process limits configured. Some additional notes / context to help figuring out a suitable value: * The CHILD_MAX setting is a limit to the number of (sub)processes that a user is allowed to run simultaneously. * The compiled-in ksh93 CHILD_MAX value is only read if the _runtime_ system getconf call[5] returns a zero/negative value (unlimited?). * A zero or negative CHILD_MAX value seems unacceptable because it could result in an inifinite loop[6] in the jobs.c code. * The default value[7] of 1024 was introduced in the AT&T-distributed source some time between Y2007 and Y2011 - it may still be an acceptable value. * At the time of writing, the most recent Debian amd64 binary package for source version ksh93u+m/1.0.7-1 has a compiled-in CHILD_MAX of 31626. Regards, James [1] - https://www.reproducible-builds.org [2] - https://tests.reproducible-builds.org/debian/rb-pkg/unstable/arm64/ksh93u+m.html [3] - https://sources.debian.org/src/ksh93u%2Bm/1.0.7-1/src/lib/libast/comp/conf.sh/ [4] - https://sources.debian.org/src/ksh93u%2Bm/1.0.7-1/src/lib/libast/comp/conf.tab/#L67 Note: this file's header explains each character in the line's "CDLMUX". [5] - https://sources.debian.org/src/ksh93u%2Bm/1.0.7-1/src/cmd/ksh93/sh/init.c/#L1274 [6] - https://sources.debian.org/src/ksh93u%2Bm/1.0.7-1/src/cmd/ksh93/sh/jobs.c/#L1832-L1833 [7] - https://sources.debian.org/src/ksh93u%2Bm/1.0.7-1/src/cmd/ksh93/sh/init.c/#L153-L155