Notes for spell - reproducible builds result

Version annotated: 1.0-24
Identified issues:
Identifier: captures_build_path_via_assert
Description Absolute paths to source file names are embedded through assert(), which
embeds the value of the __FILE__ macro in the .data section, or via
filenames in debug symbols, which shows in the .text and .debug_str sections.
.
We have a pending patch to GCC to fix this in one central place.
.
https://gcc.gnu.org/ml/gcc-patches/2016-11/msg00182.html
.
If/when this is accepted, this issue should be fixed for all packages and
you should not need to fix it specifically in your package.
.
For more background information see:
.
• https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20160822/006788.html
• https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20160905/006984.html
• https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20160912/007076.html
Comments: In .rodata, right build has "version 1.0/2nd" where left build has "version 1.0".
.
The rest is almost certainly fallout since
(a) the package is reproducible in testing [where build-path variation is disabled],
(b) all other changes can appear to be padding NULs and fallout offset changes.
.
Due to VERSION=`pwd | …` assignment in configure.in.
.
Instead, upstream should parse up the version from version.texi (one-line file) and debian from dpkg-parsechangelog (to get the debian revision).
.
(After this, there are still differences however, eg https://gist.github.com/lamby/5279179c33eafc64f90aa29a647235ab/raw)
 

Our notes about issues affecting packages are stored in notes.git and are targeted at packages in Debian in 'unstable/amd64' (unless they say otherwise).

This page was built by the jenkins job reproducible_html_notes which is configured via this git repo. There is more information about jenkins.debian.net and about reproducible builds of Debian available elsewhere.
Please send technical feedback about this setup to the Debian jenkins development list, or as a bug report against the jenkins.debian.org package. Feedback about specific job results should go to their respective lists and/or the BTS.
The code of jenkins.debian.net is mostly GPL-2 licensed. The weather icons are public domain and were taken from the Tango Icon Library. Copyright 2014-2024 Holger Levsen and many others.
Last update: 2024-11-05 01:26 UTC