Build path — reproducible-builds.org (original) (raw)
Some tools will record the path of the source files in their output.
Most compilers write the path of the source in the debug information in order to locate the associated source files.
Some tools have flags (like gzip’s -n) that prevent them from writing the path in their output. Proposing patches to add a similar feature in other tools might be sufficiently easy.
In most cases however, post-processing is required to either remove the build path or to normalize it to a predefined value.
For the specific case of debug symbols, there is currently no good post-processing tool to change them to a pre-determined value1. A work-around is todefine the build path as part of the build environment, however reprotest changes it so this makes it harder to assess reproducibility. Certain compiler flags can work around the issue:
- -fdebug-prefix-map=OLD=NEWcan strip directory prefixes from debug info. (available in all GCC versions, Clang 3.8)
- -fmacro-prefix-map=OLD=NEWis similar to
-fdebug-prefix-map, but addresses unreproducibility due to the use of__FILE__macros inassertcalls for example. (available since GCC 8 and Clang 10) -ffile-prefix-map=OLD=NEWis an alias for both-fdebug-prefix-mapand-fmacro-prefix-map. (available since GCC 8 and Clang 10)
With dpkg >= 1.19.1, first shipped with Debian Buster, packages can enable the-ffile-prefix-map=OLD=NEW flag by adding the fixfilepath build flag to their debian/rulesfile. For example:
export DEB_BUILD_MAINT_OPTIONS = hardening=+all reproducible=+fixfilepath
Note that some packages save the compile options in the build output.
This is also problematic because this will also apply to intermediate source files that other tools generate. As they typically will use random file names, having a fixed build path is not enough in such cases.
Abuild-path-prefix-mapspecification is in discussion with the GCC developers.