embedding ${CMAKE_SYSTEM_VERSION} makes picotool unreproducible

[josch]

Hi,

maybe you have heard about the reproducible builds effort which a number of big organizations like Debian, Fedora, NixOS, Guix or Arch Linux are implementing. You can find more information here: https://reproducible-builds.org/#why-does-it-matter

In Debian, i'm using this patch to make picotool reproducible and allow independent verification that the provided source code results in the same application binary irrespective of who compiles it:

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -41,7 +41,7 @@ else()

     add_executable(picotool main.cpp)
     set(PICOTOOL_VERSION 1.1.2)
-    set(SYSTEM_VERSION "${CMAKE_SYSTEM_NAME} ${CMAKE_SYSTEM_VERSION}")
+    set(SYSTEM_VERSION "${CMAKE_SYSTEM_NAME}")
     set(COMPILER_INFO "${CMAKE_C_COMPILER_ID}-${CMAKE_C_COMPILER_VERSION}, ${CMAKE_BUILD_TYPE}")
     target_compile_definitions(picotool PRIVATE
             PICOTOOL_VERSION="${PICOTOOL_VERSION}"

I'm wondering if you would consider adding this kind of change to picotool or whether I will continue applying this patch in Debian.

Thanks!