Source: nix Severity: normal Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: buildpath X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
The build path is embedded in debug symbols and possibly other places: /usr/lib/debug/.dwz/x86_64-linux-gnu/nix-bin.debug (string) /tmp/reprotest.0U8byB/const_build_path vs. (string) /tmp/reprotest.0U8byB/build-experiment-1 The attached patches fix this by passing -ffile-prefix-map via the GLOBAL_CXXFLAGS variable in debian/rules. Another option would be to figure out how to pass the values from dpkg-buildflags... CXXFLAGS should already be set by debhelper/dpkg-buildflags, but it appears nix may ignore those values? With this patch applied, nix should build reproducibly on tests.reproducible-builds.org! Thanks for maintaining nix! live well, vagrant
From cc9bc42a9ddfabf03ada8fd97d7fee4f6b331932 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian <vagr...@reproducible-builds.org> Date: Sat, 26 Feb 2022 00:01:39 +0000 Subject: [PATCH] debian/rules: Pass argument to remove full path to build directory. Pass -ffile-prefix-map via GLOBAL_CXXFLAGS to ensure reproducible build regardless of build path. https://reproducible-builds.org/docs/build-path/ --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 7c27c8b..c787d5a 100755 --- a/debian/rules +++ b/debian/rules @@ -24,7 +24,7 @@ export EDITLINE_CFLAGS = "-DREADLINE" export EDITLINE_LIBS = "/usr/lib/$(DEB_HOST_MULTIARCH)/libhistory.so /usr/lib/$(DEB_HOST_MULTIARCH)/libreadline.so" export V=1 -export GLOBAL_CXXFLAGS += -fstack-protector-strong -Wformat -Werror=format-security +export GLOBAL_CXXFLAGS += -fstack-protector-strong -Wformat -Werror=format-security -ffile-prefix-map=$(CURDIR)=. %: -- 2.35.1
signature.asc
Description: PGP signature
