daps output is not reproducible

[bmwiedemann]

Problem description

While working on reproducible builds for openSUSE, I found that the release-notes-openSUSE package varied in every build.
daps .pdf and .html output varies between builds.

http://rb.zq1.de/compare.factory-20181023/release-notes-openSUSE-compare.out

/usr/share/doc/release-notes/openSUSE/RELEASE-NOTES.de.pdf differs at offset '3511' (PDF document, version 1.4)
@@ -1,7 +1,7 @@
 00000d80  65 3c 2f 64 63 3a 6c 61  6e 67 75 61 67 65 3e 0a  |e</dc:language>.|
 00000d90  20 20 20 20 20 20 20 20  20 20 20 20 3c 64 63 3a  |            <dc:|
 00000da0  64 61 74 65 3e 32 30 31  38 2d 30 39 2d 32 34 54  |date>2018-09-24T|
-00000db0  31 38 3a 33 37 3a 30 39  5a 3c 2f 64 63 3a 64 61  |18:37:09Z</dc:da|
+00000db0  31 38 3a 33 37 3a 35 38  5a 3c 2f 64 63 3a 64 61  |18:37:58Z</dc:da|
 00000dc0  74 65 3e 0a 20 20 20 20  20 20 20 20 3c 2f 72 64  |te>.        </rd|
 00000dd0  66 3a 44 65 73 63 72 69  70 74 69 6f 6e 3e 0a 20  |f:Description>. |

/usr/share/doc/release-notes/openSUSE/RELEASE-NOTES.en.html differs (XML 1.0 document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/release-notes/openSUSE/RELEASE-NOTES.en.html	2018-02-28 00:00:00.000000000 +0000
+++ new//usr/share/doc/release-notes/openSUSE/RELEASE-NOTES.en.html	2018-02-28 00:00:00.000000000 +0000
@@ -75,7 +75,7 @@
    </p><p>
     The workaround is simple: convert the legacy MBR partition to the
     new GPT to avoid this problem completely.
-   </p></div></div><div class="sect1 " id="general"><div class="titlepage"><div><div><h2 class="title" id="general"><span class="number">2 </span><span xmlns:dm="urn:x-suse:ns:docmanager" class="name">General</span> <a title="Permalink" class="permalink" href="#general">#</a></h2></div></div></div><div class="sect2 " id="id36"><div class="titlepage"><div><div><h3 class="title" id="id36"><span class="number">2.1 </span><span xmlns:dm="urn:x-suse:ns:docmanager" class="name">System with LUKS-Encrypted Partition Does Not Boot</span> <a title="Permalink" class="permalink" href="#id36">#</a></h3></div></div></div><p>In some cases, Plymouth does not display the passphrase prompt
+   </p></div></div><div class="sect1 " id="general"><div class="titlepage"><div><div><h2 class="title" id="general"><span class="number">2 </span><span xmlns:dm="urn:x-suse:ns:docmanager" class="name">General</span> <a title="Permalink" class="permalink" href="#general">#</a></h2></div></div></div><div class="sect2 " id="id1372"><div class="titlepage"><div><div><h3 class="title" id="id1372"><span class="number">2.1 </span><span xmlns:dm="urn:x-suse:ns:docmanager" class="name">System with LUKS-Encrypted Partition Does Not Boot</span> <a title="Permalink" class="permalink" href="#id1372">#</a></h3></div></div></div><p>In some cases, Plymouth does not display the passphrase prompt

http://rb.zq1.de/compare.factory-20181023/release-notes-openSUSE-provenance.dot.svg shows how the .pdf is created.

Expected behavior

daps should use the $SOURCE_DATE_EPOCH env var as date+time as defined in https://reproducible-builds.org/specs/source-date-epoch/

daps should use deterministic ID numbers in .html output (maybe by not processing inputs in indeterministic filesystem readdir order)

Steps to reproduce the behavior

do a few builds and compare results

osc co openSUSE:Factory/release-notes-openSUSE && cd $_
osc build --keep-pkg=RPMS
unrpm RPMS/release-notes-openSUSE-*.noarch.rpm
md5sum usr/share/doc/release-notes/openSUSE/RELEASE-NOTES.de.*

[ghost]

I think neither of these is really under our control:

• Date/time are added by FOP, I think
• The IDs are generated by XSLT's generate-id() function, so making that predictable would need a patch to libxml.

[bmwiedemann]

In a sense, both are also under our control:
https://build.opensuse.org/package/show/openSUSE:Factory/libxml2
https://build.opensuse.org/package/show/openSUSE:Factory/xmlgraphics-fop

[fsundermeyer]

• http://docbook.sourceforge.net/release/xsl/1.77.0/doc/fo/generate.consistent.ids.html (try setting this parameter in the DC-file)
• we can set a "pubdate" stringparam during profiling. Not sure if that will help, remains to be tested. DAPS already uses it for packaging targets, should be easy to enable that for other builds, too, if necessary

[ghost]

Ok, so I just added the generate.consistent.ids parameter to the openSUSE RN Makefile. That one seems to work, presumably we could also add it into our SUSE DocBook stylesheets, meaning all documents would get this behavior by default, not just the openSUSE RN. I see no huge drawbacks there.

About the Date/Time issue -- https://svn.apache.org/repos/asf/xmlgraphics/site/deploy/fop/1.0/metadata.pdf (p.3) seems to indicate that you could set the value actually (assuming they are using the word "should" in the proper way), albeit discouraging users from doing so. I have not yet tried but I guess we could optionally support faking this value in https://github.com/openSUSE/suse-xsl. Making this reproducible by default seems like a less than ideal decision to me because this information can actually be useful. (All the while there of course is also file ctime/mtime, so in a way this information is duplicated.)

[ghost]

@bmwiedemann I have tried tricking FOP into writing different file creation dates but that has not worked. I only got it to write an additional fake modification time field which we didn't have before at all. So, in the end, I think we need a fix in FOP itself. The doc team has no one with sufficient proficiency in Java and thus cannot provide such a fix.

Can we close this here? edit: closing this, feel free to reopen

ftr, I found that outside of OBS, this is a good tool for diffing binaries: http://tboudet.free.fr/hexdiff/.