Bug#819194: dpkg-buildflags: please add normalizedebugpath to reproducible feature set

[Daniel Kahn Gillmor]

Package: dpkg-dev
Version: 1.18.4
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath

Compilers tend to inject the current path of the filesystem into the
debug symbols, so that the debugger can find the sourcecode.  But this
isn't actually useful for packages shipped as binaries, because the
path on the build machine isn't relevant on the deployed machine.

It also causes problems for reproducible builds, because the same
source built in two different locations in the filesystem will result
in two different sets of debug symbols.

With gcc (and soon clang, see #819185), you can re-map the path stored
in the debug symbols with -fdebug-prefix-map, so it can be used to
normalize the paths stored in the debug symbols.

The attached patch adds a "normalizedebugpath" feature to the
"reproducible" feature set, which appends -fdebug-prefix-map=CWD=.
(where CWD is the actual current working directory) to CFLAGS and
CXXFLAGS.  It is off by default.

Regards,

        --dkg

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (200, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dpkg-dev depends on:
ii  base-files    9.6
ii  binutils      2.26-5
ii  bzip2         1.0.6-8
ii  libdpkg-perl  1.18.4
ii  make          4.1-9
ii  patch         2.7.5-1
ii  xz-utils      5.1.1alpha+20120614-2.1

Versions of packages dpkg-dev recommends:
ii  build-essential          11.7
ii  clang-3.5 [c-compiler]   1:3.5.2-3
ii  clang-3.6 [c-compiler]   1:3.6.2-3
ii  clang-3.7 [c-compiler]   1:3.7.1-2
ii  fakeroot                 1.20.2-1
ii  gcc [c-compiler]         4:5.3.1-1
ii  gcc-5 [c-compiler]       5.3.1-12
ii  gnupg                    1.4.20-4
ii  gnupg2                   2.1.11-6
ii  gpgv                     1.4.20-4
ii  gpgv2                    2.1.11-6
pn  libalgorithm-merge-perl  <none>
ii  tcc [c-compiler]         0.9.27~git20151227.933c223-1

Versions of packages dpkg-dev suggests:
ii  debian-keyring  2016.03.22

-- debconf-show failed

>From 638a575180174df9bd1e60a8856609ba72d52849 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Date: Thu, 24 Mar 2016 13:19:28 -0400
Subject: [PATCH] add normalizedebugpath to reproducible featureset

This feature normalizes the path stored in debug symbols, so that
these symbols can be built reproducibly regardless of the location of
the build in the larger filesystem.

It defaults to off, but should be enabled by systems trying to
generate reproducible packages.
---
 man/dpkg-buildflags.1         | 8 ++++++++
 scripts/Dpkg/Vendor/Debian.pm | 9 +++++++++
 2 files changed, 17 insertions(+)

diff --git a/man/dpkg-buildflags.1 b/man/dpkg-buildflags.1
index c86b01a..7cd6050 100644
--- a/man/dpkg-buildflags.1
+++ b/man/dpkg-buildflags.1
@@ -375,6 +375,14 @@ to \fBCPPFLAGS\fP.
 This will cause warnings when the \fB__TIME__\fP, \fB__DATE__\fP and
 \fB\%__TIMESTAMP__\fP macros are used.
 .
+.TP
+.B normalizedebugpath
+This setting (disabled by default) adds
+.B \-fdebug\-path\-map=BUILDPATH=.
+to \fBCFLAGS\fP and \fBCXXFLAGS\fP, where \fBBUILDPATH\fP is set to
+the top-level directory of the package being built.  This has the
+effect of removing the build path from any generated debug symbols.
+.
 .SH ENVIRONMENT
 There are 2 sets of environment variables doing the same operations, the
 first one (DEB_\fIflag\fP_\fIop\fP) should never be used within
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index bf47144..ff76959 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -30,6 +30,7 @@ use Dpkg::ErrorHandling;
 use Dpkg::Control::Types;
 use Dpkg::BuildOptions;
 use Dpkg::Arch qw(get_host_arch debarch_to_debtriplet);
+use Cwd;
 
 use parent qw(Dpkg::Vendor::Default);
 
@@ -158,6 +159,7 @@ sub _add_reproducible_flags {
     # Default feature states.
     my %use_feature = (
         timeless => 1,
+        normalizedebugpath => 0,
     );
 
     # Adjust features based on user or maintainer's desires.
@@ -168,6 +170,13 @@ sub _add_reproducible_flags {
        $flags->append('CPPFLAGS', '-Wdate-time');
     }
 
+    # Avoid storing the build path in the debug symbols
+    if ($use_feature{normalizedebugpath}) {
+       my $map = '-fdebug-prefix-map=' . cwd() . '=.';
+       $flags->append('CFLAGS', $map);
+       $flags->append('CXXFLAGS', $map);
+    }
+
     # Store the feature usage.
     while (my ($feature, $enabled) = each %use_feature) {
        $flags->set_feature('reproducible', $feature, $enabled);
-- 
2.8.0.rc3