Bugzilla – Bug 1143905
fwupd does not build reproducibly with LTO
Last modified: 2019-08-27 03:57:08 UTC
This is because meson.build
calls fu-hash.py src/libfwupdprivate.a
and .a files contain unreproducible LTO data now.
this produces a fu-hash.h file with a nondeterministic
that gets embedded in various binaries.
unrelated to this there are still deviations from
oops, link at the end was meant to be
fwupd uses FU_BUILD_HASH to determine if the plugin is built with the daemon or not. I'll check if there is any better target to generate the hash.
It's hard to replace libfwupdprivate.a. A workaround would be to add a never used libfwupdprivate.so and hash the so file, but it's unlikely to be upstreamed...
Maybe you could strip LTO stuff from the .a before hashing with a call like
Stripping .o files sounds a feasible solution. Will work on that.
Upstream tweaks the hash script to calculate the source files instead of the static library.
(In reply to Gary Ching-Pang Lin from comment #6)
> Upstream tweaks the hash script to calculate the source files instead of the
> static library.
Submitted the patch sr#726084
Closing this bug.