[Reproducible-builds] debugedit and reproducible builds

Jérémy Bobbio lunar at debian.org
Thu Feb 13 16:32:05 UTC 2014 

Hi Panu,

I am writing you to discuss debugedit, as you seem to be its most recent
maintainer. Please tell me if there's someone else I should get in touch
with.

As part of the Debian project, a small group of people started an effort
to get our builds reproducible. The idea is to remove variations in the
package build processes so that multiple parties can perform the same
build independently and ensure the result matches. You can have a look
at our progress at: https://wiki.debian.org/ReproducibleBuilds

Dhiru Kholia blogged about it for Fedora:
http://securityblog.redhat.com/2013/09/18/reproducible-builds-for-fedora/

Since the project started, I have been struggling with Build ID and
build path encoded in DWARF file. Package builds should be reproducible
when done from different directories.

debugedit is currently the best solution we have. Unfortunately, it will
not produce stable output with recent versions of GCC unless the
`-fno-merge-debug-strings` is passed. It's because without such option,
all indirect strings will be written in the order of the internal hash
table. That order will change depending on the build path.

So, even if debugedit will happily fix the source path inside the
indirect strings, the order will stay different from a build to another.

My feeling is that a correct fix for the problem would be to have
debugedit rewrite the whole indirect strings section in stable order.
But after looking at debugedit's source code, I feel that I'm not
competent enough to write that kind of code in C. Or at least it would
take me ages to get it right.

I was wondering if you had any ideas regarding this problem. Will Fedora
also have the same issue as Debian here? Would you know any other
library that could parse and write DWARF symbols in higher level
languages? Any other suggestions?

Thank you,
-- 
Lunar                                .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20140213/e7063a6f/attachment.sig>

More information about the Reproducible-builds mailing list