Bug#992620: pkg-config: stores different system library paths if built with/without merged-/usr

Simon McVittie Sat, 21 Aug 2021 03:51:15 -0700

Package: pkg-config
Version: 0.29.2-1
Severity: important
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org


If pkg-config is built on a merged-/usr system (as created by new
installations of Debian >= 10, debootstrap --merged-usr, or installing the
usrmerge package into an existing installation), the list of standard
library directories is not the same as if pkg-config is built on a
non-merged-/usr system (for example current official buildd chroots).

This can be seen on the reproducible-builds.org infra:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/pkg-config.html
(search for "/usr/lib:" to see the difference I'm concerned about).

If you have sbuild available, an easy way to reproduce this is to build
pkg-config twice, once with --add-depends-arch=usrmerge and once without.

The potentially problematic situation is if pkg-config is *built* on a
merged-/usr system, but *used* on a non-merged-/usr system.

Technical Committee resolution #978636 mandates heading towards a
transition to merged-/usr, and this will become a non-issue at the end of
that transition; but variation between merged-/usr and non-merged-/usr
builds is a problem while that transition is taking place, because it can
lead to partial upgrades behaving incorrectly.

The attached patches resolve this: with them applied, the package builds
identically with and without --add-depends-arch=usrmerge.

A side benefit of fixing this is that this change might be sufficient
to make the package reproducible (as recommended by Policy §4.15): the
rest of the variation shown on reproducible-builds.org appears to be just
side-effects from the differing length of the system library path.

    smcv

>From 77c6740f28e0cb65de2e77f54ba2d34a7dcf2691 Mon Sep 17 00:00:00 2001
From: Simon McVittie <s...@debian.org>
Date: Wed, 18 Aug 2021 01:45:07 +0100
Subject: [PATCH 1/2] d/rules: Factor out computation of system library path
 into a script

This makes it easier to modify than a shell one-liner.

Signed-off-by: Simon McVittie <s...@debian.org>
---
 debian/rules             |  5 +----
 debian/system-libdirs.sh | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100755 debian/system-libdirs.sh

diff --git a/debian/rules b/debian/rules
index 045dd6d..240a924 100755
--- a/debian/rules
+++ b/debian/rules
@@ -13,10 +13,7 @@ else
    GCC = gcc
 endif
 
-SYSTEM_LIBDIRS := $(shell for opt in '' $$($${CC-$(GCC)} -print-multi-lib | sed -n -e's/.*;@/-/p'); do \
-     $(GCC) $$opt -print-search-dirs | sed -n -e's/^libraries: =//p' \
-     | sed -e's/:/\n/g' | xargs -n1 readlink -f | grep -v 'gcc\|/[0-9.]\+$$'; \
-    done | sort -u | tr '\n' : | sed 's/:$$//')
+SYSTEM_LIBDIRS := $(shell sh debian/system-libdirs.sh $(GCC))
 
 %:
 	dh $@ --with autoreconf
diff --git a/debian/system-libdirs.sh b/debian/system-libdirs.sh
new file mode 100755
index 0000000..f3ad49d
--- /dev/null
+++ b/debian/system-libdirs.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -eu
+
+gcc="$1"
+
+for opt in '' $(${CC-"$gcc"} -print-multi-lib | sed -n -e's/.*;@/-/p'); do
+    "$gcc" $opt -print-search-dirs |
+    sed -n -e 's/^libraries: =//p' |
+    sed -e 's/:/\n/g' |
+    xargs -n1 readlink -f |
+    grep -v 'gcc\|/[0-9.]\+$'
+done |
+sort -u |
+tr '\n' : |
+sed 's/:$//'
-- 
2.33.0

>From 76044e6a71281ba57ea8771279b6b3be33ff2dbf Mon Sep 17 00:00:00 2001
From: Simon McVittie <s...@debian.org>
Date: Wed, 18 Aug 2021 01:49:10 +0100
Subject: [PATCH 2/2] d/system-libdirs.sh: Always list directories with and
 without /usr

Until/unless all Debian systems are merged-/usr, pkg-config needs to
use a search path that includes both /usr/lib/i386-linux-gnu
and /lib/i386-linux-gnu, and so on for other architectures, even if
those directories are the same directory (hence normalized to the same
thing by `readlink -f`) on the system where pkg-config was built.

Because we already put the list of paths through `sort -u`, the easiest
way is to always both variants of each path, and let `sort -u` collapse
the duplicates into one.

Signed-off-by: Simon McVittie <s...@debian.org>
---
 debian/system-libdirs.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/debian/system-libdirs.sh b/debian/system-libdirs.sh
index f3ad49d..ccded03 100755
--- a/debian/system-libdirs.sh
+++ b/debian/system-libdirs.sh
@@ -11,6 +11,21 @@ for opt in '' $(${CC-"$gcc"} -print-multi-lib | sed -n -e's/.*;@/-/p'); do
     xargs -n1 readlink -f |
     grep -v 'gcc\|/[0-9.]\+$'
 done |
+while read -r line; do
+    case "$line" in
+        (/usr/*)
+            echo "$line"
+            echo "${line#/usr}"
+            ;;
+        (/lib*)
+            echo "$line"
+            echo "/usr$line"
+            ;;
+        (*)
+            echo "$line"
+            ;;
+    esac
+done |
 sort -u |
 tr '\n' : |
 sed 's/:$//'
-- 
2.33.0

Bug#992620: pkg-config: stores different system library paths if built with/without merged-/usr

Reply via email to