Source: cmake Version: 3.5.2-1 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: toolchain fileordering X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org Forwarded: http://public.kitware.com/pipermail/cmake-developers/2016-May/028392.html
Hi! Packages using CMake often use file(GLOB ...) to retrieve a list of source files [1]. As this is based on readdir(), the resulting file list is unsorted. A common use case is to pass this list directly to add_executable or add_library. But as the order is unpredictable, the binaries are not reproducible (because the order in which the objects are linked will vary). The attached patch (already sent upstream) will sort the resulting lists from file(GLOB ...) and help with building reproducible packages. Regards, Reiner [1]: https://codesearch.debian.net/perpackage-results/path%3ACMakeLists.txt%20(file%7CFILE).*(glob%7CGLOB).*(SRC%7CSOURCE%7COBJ)/2/page_0
diff --git a/debian/patches/series b/debian/patches/series index e9e2070..af9c632 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ FindBoost_add_-lpthread_#563479.diff qt_import_dir_variable.diff fix-ftbfs-on-kfreebsd.patch +sort_file_globs.patch diff --git a/debian/patches/sort_file_globs.patch b/debian/patches/sort_file_globs.patch new file mode 100644 index 0000000..1bf5155 --- /dev/null +++ b/debian/patches/sort_file_globs.patch @@ -0,0 +1,29 @@ +Author: Reiner Herrmann <rei...@reiner-h.de> +Description: sort the result of file(GLOB ...) command + Many packages pass the file list directly to add_executable / add_library, + which will produce an unreproducible binary, as the sources/objects are + linked in unpredictable readdir() order. +Forwarded: http://public.kitware.com/pipermail/cmake-developers/2016-May/028392.html + +--- a/Source/cmFileCommand.cxx ++++ b/Source/cmFileCommand.cxx +@@ -1028,6 +1028,7 @@ + + std::vector<std::string>::size_type cc; + std::vector<std::string>& files = g.GetFiles(); ++ std::sort(files.begin(), files.end()); + for ( cc = 0; cc < files.size(); cc ++ ) + { + if ( !first ) +--- a/Help/command/file.rst ++++ b/Help/command/file.rst +@@ -103,8 +103,7 @@ + store it into the ``<variable>``. Globbing expressions are similar to + regular expressions, but much simpler. If ``RELATIVE`` flag is + specified, the results will be returned as relative paths to the given +-path. No specific order of results is defined. If order is important then +-sort the list explicitly (e.g. using the :command:`list(SORT)` command). ++path. The file list will be sorted. + + By default ``GLOB`` lists directories - directories are omited in result if + ``LIST_DIRECTORIES`` is set to false.
signature.asc
Description: PGP signature
