On 2021-08-25, Sebastian Ramacher wrote: > On 2021-06-23 13:16:47, Vagrant Cascadian wrote: >> The build username and build system hostname are embedded in binaries >> shipped in vlc: >> >> https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/vlc.html >> >> ./usr/lib/x86_64-linux-gnu/libvlccore.so.9.0.0 >> >> pbuilder1 >> vs. >> pbuilder2 >> >> ionos11-amd64 >> vs. >> i-capture-the-hostname >> >> The attached patch fixes this by setting VLC_COMPILE_BY and >> VLC_COMPILE_HOST to empty values in configure.ac. > > NACK. This information is part of the logs that are usually requested > from users by upstream. We want to have this information included in the > log so that upstream can easily identify where the logs are coming from > and what they are using. And for that purpose, a self-built deb or one > from a downstream distribution is different from the Debian one. The username and hostname of the build seems a rather imprecise way to find out information about the origin of the build... In the context of Debian, a given package+version has specific build logs associated with it findable at https://buildd.debian.org/PACKAGE I would expect downstream projects to have something similar (e.g. ubuntu). Obviously that wouldn't help for a self-built deb, but I would think the person who built the deb would already have that information (and ideally share that information with upstream)... Thanks for considering. Perhaps it will be best to take this upstream at this point, anyways... live well, vagrant >> This patch does not address all reproducibility issues in vlc >> (e.g. build paths), though applying it reduces the diff for the >> remaining issues. >> >> >> Thanks for maintaining vlc! >> >> >> live well, >> vagrant > >> From 01e2dcc51b31f1a06bcd07faa0ae3fbd0ddbe9c6 Mon Sep 17 00:00:00 2001 >> From: Vagrant Cascadian <vagrant@reproducible-builds.org> >> Date: Wed, 23 Jun 2021 19:33:47 +0000 >> Subject: [PATCH 1/3] Disable embedding the build hostname and username in the >> binaries. >> >> https://tests.reproducible-builds.org/debian/issues/user_hostname_manually_added_requiring_further_investigation_issue.html >> --- >> configure.ac | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/configure.ac b/configure.ac >> index 7db5256a8..5d6324cf9 100644 >> --- a/configure.ac >> +++ b/configure.ac >> @@ -4324,8 +4324,8 @@ AC_SUBST(VERSION_MINOR) >> AC_SUBST(VERSION_REVISION) >> AC_SUBST(VERSION_EXTRA) >> AC_SUBST(COPYRIGHT_YEARS) >> -AC_DEFINE_UNQUOTED(VLC_COMPILE_BY, "`whoami|sed -e 's/\\\/\\\\\\\/g'`", [user who ran configure]) >> -AC_DEFINE_UNQUOTED(VLC_COMPILE_HOST, "`hostname -f 2>/dev/null || hostname`", [host which ran configure]) >> +AC_DEFINE_UNQUOTED(VLC_COMPILE_BY, "", [user who ran configure]) >> +AC_DEFINE_UNQUOTED(VLC_COMPILE_HOST, "", [host which ran configure]) >> AC_DEFINE_UNQUOTED(VLC_COMPILER, "`$CC -v 2>&1 | tail -n 1 | sed -e 's/ *$//'`", [compiler]) >> dnl >> dnl Handle substvars that use $(top_srcdir) >> -- >> 2.32.0
Attachment:
signature.asc
Description: PGP signature