Hi, On Mon, 31 Aug 2020, Chris Lamb wrote: > Whilst working on the Reproducible Builds effort [0] we noticed that > aflplusplus could not be built reproducibly.
The reprotest CI job fails too and seems to show other issues: https://salsa.debian.org/pkg-security-team/aflplusplus/-/jobs/964936/raw I couldn't easily figure out the reason... > Here is the variation in the manpage > > │ │ │ │ │ -.B afl-clang-fast \- /bin/sh: 1: ./afl-clang-fast: not found > │ │ │ │ │ +.B afl-clang-fast \- /bin/sh: ./afl-clang-fast: No such file or > directory > > This is, I think, because we do not build or keep these variants on > non-x86 systems, so the call in the Makefile fails with the above > message. This then varies depending on the user's shell that /bin/sh > symlinks to (!), rendering the package reproducible. The issue is actually in llvm_mode/GNUMakefile. One one line we expect the binary in the current directory but it's actually built in the parent directory. > There is also a variation in these manpages based on the build date: > > │ │ │ │ │ -.TH afl-clang-fast 8 2021-10-03 afl++ > │ │ │ │ │ +.TH afl-clang-fast 8 2020-08-31 afl++ > > ... but I can't quite see why as you do appear to be using the > SOURCE_DATE_EPOCH environment variable. It may not matter if we don't > even ship them, hence why I'm not immediately investigating this > angle. It does matter as we ship them on i386/amd64! The issue is that llvm_mode/GNUMakefile is not using SOURCE_DATE_EPOCH. Here's the patch I'm adding to git and submitting to upstream: diff --git a/llvm_mode/GNUmakefile b/llvm_mode/GNUmakefile index 1a8c9f43..380397f2 100644 --- a/llvm_mode/GNUmakefile +++ b/llvm_mode/GNUmakefile @@ -28,6 +28,8 @@ MAN_PATH ?= $(PREFIX)/share/man/man8 VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f2) +BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "+%Y-%m-%d" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" "+%Y-%m-%d" 2>/dev/null || date -u "+%Y-%m-%d") + ifeq "$(shell uname)" "OpenBSD" LLVM_CONFIG ?= $(BIN_PATH)/llvm-config HAS_OPT = $(shell test -x $(BIN_PATH)/opt && echo 0 || echo 1) @@ -440,10 +442,10 @@ install: all vpath % .. %.8: % - @echo .TH $* 8 `date "+%Y-%m-%d"` "afl++" > ../$@ + @echo .TH $* 8 $(BUILD_DATE) "afl++" > ../$@ @echo .SH NAME >> ../$@ @echo -n ".B $* \- " >> ../$@ - @./$* -h 2>&1 | head -n 1 | sed -e "s/$$(printf '\e')[^m]*m//g" >> ../$@ + @../$* -h 2>&1 | head -n 1 | sed -e "s/$$(printf '\e')[^m]*m//g" >> ../$@ @echo >> ../$@ @echo .SH SYNOPSIS >> ../$@ @../$* -h 2>&1 | head -n 3 | tail -n 1 | sed 's/^\.\///' >> ../$@ Filed here: https://github.com/AFLplusplus/AFLplusplus/pull/535 Cheers, -- ⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog <hert...@debian.org> ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋ The Debian Handbook: https://debian-handbook.info/get/ ⠈⠳⣄⠀⠀⠀⠀ Debian Long Term Support: https://deb.li/LTS
