Debian Bug report logs - #1009934
openssl: reproducible-builds: Embeded compiler flags contain build paths

Package: src:openssl; Maintainer for src:openssl is Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>;

Reported by: Vagrant Cascadian <vagrant@reproducible-builds.org>

Date: Wed, 20 Apr 2022 22:51:01 UTC

Severity: normal

Tags: patch

Forwarded to https://github.com/openssl/openssl/pull/11545

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, reproducible-bugs@lists.alioth.debian.org, Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>:
Bug#1009934; Package src:openssl. (Wed, 20 Apr 2022 22:51:03 GMT) (full text, mbox, link).

Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>. (Wed, 20 Apr 2022 22:51:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: submit@bugs.debian.org
Subject: openssl: reproducible-builds: Embeded compiler flags contain build paths
Date: Wed, 20 Apr 2022 15:46:41 -0700
[Message part 1 (text/plain, inline)]
Source: openssl
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The compiler flags usually contain the build path on Debian package
builds, and openssl embeds the compiler flags used in various binaries:

  https://tests.reproducible-builds.org/debian/rb-pkg/unstable/armhf/diffoscope-results/openssl.html

  /usr/lib/libcrypto.so.1.1

  compiler:·gcc·-fPIC...-ffile-prefix-map=/build/1st/openssl-1.1.1n=.·-fstack-...
  vs.
  compiler:·gcc·-fPIC...-ffile-prefix-map=/build/2/openssl-1.1.1n/2nd=.·-fstack-...


The attached patch fixes this by adjusting util/mkbuildinf.pl to strip
the buildpath out and replace it with the with the placeholder string
"BUILDPATH".


Unfortunately, there are other outstanding issues affecting the
reproducibility of openssl, but applying this patch should reduce the
differences, making it easier to debug the remaining issues.


Thanks for maintaining openssl!


live well,
  vagrant

[0001-util-mkbuildinf.pl-Replace-build-path-in-cflags-with.patch (text/x-diff, inline)]
From 04cb9131bd4a7193a94a70fcfcf8132bff2d0fd8 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Wed, 20 Apr 2022 22:26:55 +0000
Subject: [PATCH] util/mkbuildinf.pl: Replace build path in cflags with a
 placeholder string.

The compiler flags are embedded in various binary files, which on
debian systems typically includes -ffile-prefix-map or
-fdebug-prefix-map which contains the full build path.

https://tests.reproducible-builds.org/debian/issues/unstable/records_build_flags_issue.html
---
 util/mkbuildinf.pl | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl
index 1c273872be..2231700f95 100755
--- a/util/mkbuildinf.pl
+++ b/util/mkbuildinf.pl
@@ -8,8 +8,15 @@
 
 use strict;
 use warnings;
+use Cwd;
+use File::Basename;
 
 my ($cflags, $platform) = @ARGV;
+
+my $abs_srcdir = dirname(dirname(Cwd::realpath($0)));
+# replace full path to build directory with string BUILDDIR, passed
+# via -ffile-prefix-map, -fdebug-prefix-map or -fmacro-prefix-map
+$cflags =~ s/prefix-map=$abs_srcdir=/prefix-map=BUILDDIR=/ ;
 $cflags = "compiler: $cflags";
 
 my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC";
-- 
2.30.2


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>:
Bug#1009934; Package src:openssl. (Sun, 01 May 2022 06:39:02 GMT) (full text, mbox, link).

Acknowledgement sent to Sebastian Andrzej Siewior <sebastian@breakpoint.cc>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>. (Sun, 01 May 2022 06:39:02 GMT) (full text, mbox, link).

Message #10 received at 1009934@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
To: Vagrant Cascadian <vagrant@reproducible-builds.org>, 1009934@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: [Pkg-openssl-devel] Bug#1009934: openssl: reproducible-builds: Embeded compiler flags contain build paths
Date: Sun, 1 May 2022 08:34:41 +0200
control: forwarded -1 https://github.com/openssl/openssl/pull/11545

On 2022-04-20 15:46:41 [-0700], Vagrant Cascadian wrote:
> The compiler flags usually contain the build path on Debian package
> builds, and openssl embeds the compiler flags used in various binaries:
…
> Unfortunately, there are other outstanding issues affecting the
> reproducibility of openssl, but applying this patch should reduce the
> differences, making it easier to debug the remaining issues.

so this report looked awkwardly familiar. The pull request
	https://github.com/openssl/openssl/pull/11545

should work for you, right?

> live well,
>   vagrant

Sebastian

Set Bug forwarded-to-address to 'https://github.com/openssl/openssl/pull/11545'. Request was from Sebastian Andrzej Siewior <sebastian@breakpoint.cc> to 1009934-submit@bugs.debian.org. (Sun, 01 May 2022 06:39:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>:
Bug#1009934; Package src:openssl. (Sun, 01 May 2022 16:15:02 GMT) (full text, mbox, link).

Acknowledgement sent to Vagrant Cascadian <vagrant@reproducible-builds.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>. (Sun, 01 May 2022 16:15:02 GMT) (full text, mbox, link).

Message #17 received at 1009934@bugs.debian.org (full text, mbox, reply):

From: Vagrant Cascadian <vagrant@reproducible-builds.org>
To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 1009934@bugs.debian.org
Subject: Re: Bug#1009934: openssl: reproducible-builds: Embeded compiler flags contain build paths
Date: Sun, 01 May 2022 09:11:21 -0700
[Message part 1 (text/plain, inline)]
On 2022-05-01, Sebastian Andrzej Siewior wrote:
> control: forwarded -1 https://github.com/openssl/openssl/pull/11545
>
> On 2022-04-20 15:46:41 [-0700], Vagrant Cascadian wrote:
>> The compiler flags usually contain the build path on Debian package
>> builds, and openssl embeds the compiler flags used in various binaries:
> …
>> Unfortunately, there are other outstanding issues affecting the
>> reproducibility of openssl, but applying this patch should reduce the
>> differences, making it easier to debug the remaining issues.
>
> so this report looked awkwardly familiar. The pull request
> 	https://github.com/openssl/openssl/pull/11545
>
> should work for you, right?

That looks great, glad it is in progress!

It should be updated to also handle -fmacro-prefix-map and
-ffile-prefix-map (basically combining both -fmacro-prefix-map and
-fdebug-prefix-map), which were more recently added to various
compilers.

Fairly recently -ffile-prefix-map became the default dpkg-buildflags.

I'll comment on the pull request...

live well,
  vagrant

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 09:18:56 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.