On Mo, 12.04.21 20:40, Fedora Development ML (devel(a)lists.fedoraproject.org) wrote:
On Mon, 2021-04-12 at 15:46 -0400, Ben Cotton wrote:
>
https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects
Putting packaging info into a binary guarantees that each successive
package containing ELF binaries will not contain exactly the same
binaries, even if there are no changes.
Now, what I just wrote there is predicated on "reproducible builds"
where the same source (including deps, headers) and the same toolchain
produce the same output. This may or may not be a thing. My concern is
that we completely eliminate the possibility of binaries being
unchanged.
I think this is a misunderstanding how reproducible builds are
supposed to work. For example, consider $SOURCE_DATE_EPOCH as defined
here:
https://reproducible-builds.org/specs/source-date-epoch/
It's expressly defined to be used as the source timestamp when that
source timestamp is included in build output. It also also expressly
documented to be a value initialized from the packaging Changelog
timestamps. Or in other words: the way the reproducible builds project
understands their own stuff it's absolutely OK to generate different
output on package rebuilds that change the package versions.
Or in other words: packaging metadata are sources too. If they change
(and a version bump constitutes a change) the output might change, and
that's expected. What's key really is that the only things that can
effect generated output are the build/packaging environment and the
sources, but not parameters outside of that, such as the actual
wallclock.
My concern centers around the Copy on Write (CoW) use case - when
packages are updated, some files changes, and some may stay the same.
Where they are the same, we can save I/O and possibly download time
long term.
Reproducible builds the way they are defined do not address such
file-level CoW optimization so much. They do address CoW optimization
on a package level much more however: i.e. the same package build will
have the same files in them, no matter what.
Or to say this differently: if you want reproducible to work the way
ou think it should work, you'd have to start by convincing the uptream
maintainers to kill $SOURCE_DATE_EPOCH and similar concepts, but good
luck with that.
Lennart
--
Lennart Poettering, Berlin