[Rpm-ecosystem] Proposal: Create deterministic archives

Florian Festi ffesti at redhat.com
Tue Mar 1 15:58:00 UTC 2016 

On 02/26/2016 05:19 PM, Nick Clifton wrote:
> Hi Guys,
> 
>   [I apologise if this is the wrong way to ask questions on this list - this
>   is my first posting].
> 
> 
>   I would like to suggest a change to the brp-strip-static-archive script so 
>   that in addition to stripping the debug information it would also convert 
>   the archive to the deterministic format[1].  This would have the effect that 
>   different copies of the same library built at different times and/or by 
>   different people would compare as being the same.
> 
>   This change could also take place when the archive is created, by changing
>   the behaviour of the "ar" program so that deterministic libraries are the 
>   default.  This was tried however and it lead to lots of problems building
>   packages because most of them use the "ar cru" command to add files to a
>   library.  This command does not work with deterministic archives because
>   the timestamp information is not stored in the archive.
> 
>   The change to the brp-strip-static-archive script is quite straightforward:
> 
> --- brp-strip-static-archive.orig	2016-02-26 16:08:44.262149260 +0000
> +++ brp-strip-static-archive	2016-02-26 16:09:16.173333309 +0000
> @@ -16,5 +16,5 @@ for f in `find "$RPM_BUILD_ROOT" -type f
>          grep -v "^${RPM_BUILD_ROOT}/\?usr/lib/debug"  | \
>  	grep 'current ar archive' | \
>  	sed -n -e 's/^\(.*\):[ 	]*current ar archive/\1/p'`; do
> -	$STRIP -g "$f"
> +	$STRIP -g --enable-deterministic-archives "$f"
>  done
> 
>   Is this an acceptable change ?

The question is where the --enable-deterministic-archives parameter is
supported. Requiring a quite recent version of strip is fine, IMHO. If
it is not supported on all platforms we need a bit more fine tuning.

May be adding a macro for just controlling this behaviour may also help.
Even better if we can auto detect if the strip version used supports it
e.g. via a configure check.

Florian

-- 

Red Hat GmbH, http://www.de.redhat.com/ Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael
O'Neill, Charles Peters

More information about the Rpm-ecosystem mailing list