Closed pacordova closed 2 years ago
gavinhoward
commented
2 years ago The only hangup I would have had is if the way you did it was not portable to POSIX sh. I consulted the standard, and your solution is portable!
I agree that reproducible builds are very important. So thank you for your contribution! I have accepted it, and it will be in the release out in a day or two. I just have to make sure everything builds correctly.
pacordova
commented
2 years ago No problem! Thank you for accepting my pull request!
One additional comment:
With this change I do get reproducible builds, although I do not use -flto
Your recommended optimization of -O3 I think should be ok, but I do know that Link Time Optimization (LTO) and Profile Guided Optimization (PGO) can both potentially break build determinism.
Either way the end user should be able get reproducible builds if they want it with this change.
The CFLAGS I was testing with were CFLAGS='-march=x86-64 -pipe -Os -fstack-protector-strong -fstack-clash-protection' with GCC 11.2.0.
gavinhoward
commented
2 years ago Thank you!
On POSIX systems,
findmay have indeterministic output (I believe based on the inode on the filesystem).sortis needed to ensure the output is deterministic.In my builds, this resulted in the build order in the generated
Makefilechanging around. Thus building on a fresh partition made withmkfs.ext4would result in the binary being different each time. The compiled binary code in thebcbinary shuffled around depending on which files were built first. Possibly the build order in the Makefile was affecting the order in which files were linked?I added
LC_ALL=Crecommended by reproducible-builds.org. See below for reference: