Debian Bug report logs - #1006473
nix: reproducible-builds: build path embedded in debug symbols

version graph

Package: src:nix; Maintainer for src:nix is Thomas Koch <thomas@koch.ro>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Sat, 26 Feb 2022 00:15:02 UTC

Severity: normal

Tags: patch

Fixed in version nix/2.7.0+dfsg-1

Done: Thomas Koch <thomas@koch.ro>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Thomas Koch <thomas@koch.ro>:
Bug#1006473; Package src:nix. (Sat, 26 Feb 2022 00:15:04 GMT) (full text, mbox, link).

Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Thomas Koch <thomas@koch.ro>. (Sat, 26 Feb 2022 00:15:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: nix: reproducible-builds: build path embedded in debug symbols
Date: Fri, 25 Feb 2022 16:13:57 -0800
[Message part 1 (text/plain, inline)]
Source: nix
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The build path is embedded in debug symbols and possibly other places:

  /usr/lib/debug/.dwz/x86_64-linux-gnu/nix-bin.debug

  (string)        /tmp/reprotest.0U8byB/const_build_path
  vs.
  (string)        /tmp/reprotest.0U8byB/build-experiment-1

The attached patches fix this by passing -ffile-prefix-map via the
GLOBAL_CXXFLAGS variable in debian/rules.

Another option would be to figure out how to pass the values from
dpkg-buildflags...  CXXFLAGS should already be set by
debhelper/dpkg-buildflags, but it appears nix may ignore those values?


With this patch applied, nix should build reproducibly on
tests.reproducible-builds.org!


Thanks for maintaining nix!


live well,
  vagrant

[0001-debian-rules-Pass-argument-to-remove-full-path-to-bu.patch (text/x-diff, inline)]
From cc9bc42a9ddfabf03ada8fd97d7fee4f6b331932 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Sat, 26 Feb 2022 00:01:39 +0000
Subject: [PATCH] debian/rules: Pass argument to remove full path to build
 directory.

Pass -ffile-prefix-map via GLOBAL_CXXFLAGS to ensure reproducible
build regardless of build path.

https://reproducible-builds.org/docs/build-path/
---
 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 7c27c8b..c787d5a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,7 +24,7 @@ export EDITLINE_CFLAGS = "-DREADLINE"
 export EDITLINE_LIBS   = "/usr/lib/$(DEB_HOST_MULTIARCH)/libhistory.so /usr/lib/$(DEB_HOST_MULTIARCH)/libreadline.so"
 export V=1
 
-export GLOBAL_CXXFLAGS += -fstack-protector-strong -Wformat -Werror=format-security
+export GLOBAL_CXXFLAGS += -fstack-protector-strong -Wformat -Werror=format-security -ffile-prefix-map=$(CURDIR)=.
 
 
 %:
-- 
2.35.1


[signature.asc (application/pgp-signature, inline)]

Reply sent to Thomas Koch <thomas@koch.ro>:
You have taken responsibility. (Sun, 13 Mar 2022 16:39:07 GMT) (full text, mbox, link).

Notification sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Bug acknowledged by developer. (Sun, 13 Mar 2022 16:39:07 GMT) (full text, mbox, link).

Message #10 received at 1006473-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1006473-close@bugs.debian.org
Subject: Bug#1006473: fixed in nix 2.7.0+dfsg-1
Date: Sun, 13 Mar 2022 16:37:50 +0000
Source: nix
Source-Version: 2.7.0+dfsg-1
Done: Thomas Koch <thomas@koch.ro>

We believe that the bug you reported is fixed in the latest version of
nix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1006473@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Koch <thomas@koch.ro> (supplier of updated nix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 13 Mar 2022 12:52:41 +0200
Source: nix
Architecture: source
Version: 2.7.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Thomas Koch <thomas@koch.ro>
Changed-By: Thomas Koch <thomas@koch.ro>
Closes: 1004113 1006473
Changes:
 nix (2.7.0+dfsg-1) unstable; urgency=medium
 .
   * new upstream version
   * Add note to nix-bin.README.Debian to set up nix channel.
     Thanks to Matt Armstrong <matt@rfc20.org> for reporting.
     Closes: #1004113
   * fix: build path embedded in debug symbols                                                                                                                         =99% =99%
     This broke reproducible-builds. Thanks to Vagrant Cascadian <vagrant@reproducible-builds.org>
     Closes: #1006473
Checksums-Sha1:
 24a5705dcf4ca6546c1be932cd5badea66cfd26d 2400 nix_2.7.0+dfsg-1.dsc
 d12b1d12c1448b5cda3ddc9e6e62e5612ef14260 838488 nix_2.7.0+dfsg.orig.tar.xz
 d7675a1467c181f9d82be2c4d3ff215a2ec3ece7 12080 nix_2.7.0+dfsg-1.debian.tar.xz
 11e3c3e05f8401ba71e40293af6a7082a7b13033 7977 nix_2.7.0+dfsg-1_source.buildinfo
Checksums-Sha256:
 56b82c769a62ebdd7f3a12fb50f63c55042b21877e72d223dc1cd859a1d99b8a 2400 nix_2.7.0+dfsg-1.dsc
 c6059bc1d7ab389788ae3604e07136cf79e360649edc3222a4673b9a2bcab77f 838488 nix_2.7.0+dfsg.orig.tar.xz
 bf7b5f486afb7dc046f39dff67423831781d53c9a451f66b81e495bfb9ca23a8 12080 nix_2.7.0+dfsg-1.debian.tar.xz
 adc55bf0f0c75ccdffc18fbbb8e0d94158bb4a1a3a47c6cb4f9fcdae3163fab9 7977 nix_2.7.0+dfsg-1_source.buildinfo
Files:
 aeff9ab34444334ccf53f68367c6d9c1 2400 devel optional nix_2.7.0+dfsg-1.dsc
 76182a2d5855219a60a25ed7646f5c0c 838488 devel optional nix_2.7.0+dfsg.orig.tar.xz
 386d2dabadaf5db9a0f9f0d4257fe351 12080 devel optional nix_2.7.0+dfsg-1.debian.tar.xz
 f7783f62d09c9746340489da98e63879 7977 devel optional nix_2.7.0+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEdgQCBVl/ppbxMTvKB/xIkQQrploFAmIuGW0ACgkQB/xIkQQr
plpujxAAzeP6zYNcz0+G/QfOdMAz288ZfJz6M14rqPBc9K6PEBgTn2zfiqbnxlFg
ULzA8K+HXBJkchs+bfQB8dXIccWz8K3nI116KbW9AHYwHbh6Ra8/vNiKtCuF0rXu
1DPRpU8/voouAASIna+rwkiRACD+Z385yO6+r8G4RaCjqV1qcLQnemhtpU39TF7v
MBqrxu0J/RaWUCv/907MIlHnG8UPxBrDsuGO2sBcv90cVpcnKNwFHGo9CVJNP4m5
mWkBGpjXs1ZxCmbz2qxCHsrueeHEoCUYTbAixfBG4AZFH51L6Tqu9+478edTlmJf
tiJocaUI+4MBKA6Smd9SwWHsyvtn9LrdyZ9t3ioWm417sa6KxcuV0YimM/kg9Fwk
B7oikpVQ88zwmFD9PTErfu9hbAGDsTJbOlJS2Y9kQEWElOAJ6U1HF/mEI3HRDX32
cMffHQqXaAM2705yhUX/BSv7LX5yu2qI6k/4aLAAF4dDAv7gVuFVsHyM+Xfp2kbi
PntBQc+spZPHjV4fQgcA93GuvYn6DZLqgtKTXNbWemvWq5JjrtMxQ42fV9JSkswW
P6gatPC3s/kvrZdlwFWBLJbWgY3pjfPQfl3oJyUvrp8QeP6t3UycnqZ3yDbClHpn
P1hEI6/n/QUzqmHnNE6Wo1V6W9/GNm9UfO+ZbPTIeuLqAReymUY=
=EVR1
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Apr 2022 07:27:26 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 10:18:23 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.