Bug 1143905 - fwupd does not build reproducibly with LTO
fwupd does not build reproducibly with LTO
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Development
Current
Other openSUSE Factory
: P5 - None : Normal (vote)
: ---
Assigned To: Gary Ching-Pang Lin
E-mail List
:
Depends on:
Blocks: 1081754
  Show dependency treegraph
 
Reported: 2019-08-02 04:53 UTC by Bernhard Wiedemann
Modified: 2019-08-27 03:57 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2019-08-02 04:53:43 UTC
This is because meson.build 
calls fu-hash.py src/libfwupdprivate.a

and .a files contain unreproducible LTO data now.

this produces a fu-hash.h file with a nondeterministic
FU_BUILD_HASH string

that gets embedded in various binaries.


unrelated to this there are still deviations from
https://github.com/openSUSE/pesign-obs-integration/pull/8
Comment 1 Bernhard Wiedemann 2019-08-02 04:56:13 UTC
oops, link at the end was meant to be
https://github.com/openSUSE/pesign-obs-integration/issues/9
Comment 2 Gary Ching-Pang Lin 2019-08-02 07:09:34 UTC
fwupd uses FU_BUILD_HASH to determine if the plugin is built with the daemon or not. I'll check if there is any better target to generate the hash.
Comment 3 Gary Ching-Pang Lin 2019-08-21 03:47:13 UTC
It's hard to replace libfwupdprivate.a. A workaround would be to add a never used libfwupdprivate.so and hash the so file, but it's unlikely to be upstreamed...
Comment 4 Bernhard Wiedemann 2019-08-21 10:52:28 UTC
Maybe you could strip LTO stuff from the .a before hashing with a call like
https://github.com/openSUSE/brp-check-suse/blob/master/brp-15-strip-debug#L40
Comment 5 Gary Ching-Pang Lin 2019-08-22 06:26:28 UTC
Stripping .o files sounds a feasible solution. Will work on that.
Comment 6 Gary Ching-Pang Lin 2019-08-26 01:55:59 UTC
https://github.com/fwupd/fwupd/commit/5611fd0581b1c28de97321daefae798a78f475b8
Upstream tweaks the hash script to calculate the source files instead of the static library.
Comment 7 Martin Liška 2019-08-26 06:29:30 UTC
(In reply to Gary Ching-Pang Lin from comment #6)
> https://github.com/fwupd/fwupd/commit/
> 5611fd0581b1c28de97321daefae798a78f475b8
> Upstream tweaks the hash script to calculate the source files instead of the
> static library.

Great.
Comment 8 Gary Ching-Pang Lin 2019-08-27 03:57:08 UTC
Submitted the patch sr#726084
Closing this bug.