Make the build reproducible #19
Conversation
Whilst working on the Reproducible Builds effort [0] we noticed that infernal could not be built reproducibly. This is because it embeds the current build timestamp and the absolute build directory from which it was built into generated files. This patch checks that if SOURCE_DATE_EPOCH [1] is set and, if so, omits these fields. This was originally filed in Debian as #946315 [2]. [0] https://reproducible-builds.org/ [1] https://reproducible-builds.org/specs/source-date-epoch/ [2] https://bugs.debian.org/946315 Signed-off-by: Chris Lamb <lamby@debian.org>
|
I think you may have misunderstood the code. The code you have modified is not embedding a timestamp or build directory into the compiled binaries. It is recording the current time and working directory of an analysis result, in output result files, at runtime, and we believe this is an important feature. I'm going to reject the pull request for this reason. |
… but it is embedding them into generated files and if these files are built and then shipped (like they are in Debian) then it results in the package being unreproducible. Also, do note that this does not disable this recording in the usual case, only when |
|
Sounds like your definition of "reproducible" is at odds with ours. We're recording runtime information to assist in reproducibility of analyses. |
|
It is worth noting, that |
Whilst working on the Reproducible Builds effort we noticed that infernal could not be built reproducibly.
This is because it embeds the current build timestamp and the absolute build directory from which it was built into generated files. This patch checks that if
SOURCE_DATE_EPOCHis set and, if so, omits these fields.(This was originally filed in Debian as #946315)