Bug 1124342

Summary: build binutils with --enable-deterministic-archives
Product: [Fedora] Fedora Reporter: Benedikt Morbach <bmorbach>
Component: binutilsAssignee: Nick Clifton <nickc>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: jakub, kmcmartin, mjuszkie, nickc, pbrobinson, pknirsch
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: binutils-2.24-20.fc22 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1136481 (view as bug list) Environment:
Last Closed: 2014-09-02 17:49:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 922257, 1136481    

Description Benedikt Morbach 2014-07-29 09:28:49 UTC 
Note:
I write about ar below, but all of this also applies to ranlib, strip and objcopy.


Description of problem:
GNU ar adds UIDs, GIDs file modes and timestamps to .a files.
Because of this, two builds from the same sources yield different results if they include static archives.
I'm currently working towards reproducible builds for Fedora, so that you can e.g. rebuild a srpm to confirm that the binary matches the one you downloaded.

This metadata in .a files is of course detrimental to that because they will always differ just by virtue of not having been built at the exact same time.


Steps to Reproduce:
1. build static library
2. build same library again
3. diff both
   --> They differ


Proposed solution:
ar has a command line switch 'D': 'When adding files and the archive index use zero for UIDs, GIDs, timestamps, and use consistent file modes for all files'[1]

However, it is impractical to add that to every build, so binutils upstream provides a configure option '--enable-deterministic-archives', which makes this behaviour the default, though it can still be disabled at runtime via the 'u' switch, in case someone wants to use ar to pack non-library files in an archive and cares about the metadata.

I propose we add this flag to our binutils build.


[1] https://sourceware.org/binutils/docs/binutils/ar-cmdline.html
Comment 1 Nick Clifton 2014-08-19 12:50:59 UTC 
Hi Benedikt,

  Please try out: binutils-2.24-20.fc22

Cheers
  Nick
Comment 2 Benedikt Morbach 2014-08-19 14:13:18 UTC 
Hi Nick,

Thanks for adding that.
It is probably to late for f21, right?
Comment 4 Marcin Juszkiewicz 2014-09-02 13:15:31 UTC 
make 4.0-3.fc22 fails to build on AArch64 unless  --enable-deterministic-archives is disabled:

http://arm.koji.fedoraproject.org/koji/taskinfo?taskID=2603405

make  check-local
make[2]: Entering directory '/builddir/build/BUILD/make-4.0'
cd tests && perl ./run_make_tests.pl -srcdir /builddir/build/BUILD/make-4.0 -make ../make 
------------------------------------------------------------------------------
Running tests for GNU make on Linux apm-mustang-ev3-12.ml3.eng.bos.redhat.com 3.15.0-0.36.sa2.aarch64 aarch64
                                 GNU Make 4.0
------------------------------------------------------------------------------
Finding tests...
features/archives ....................................... FAILED (3/10 passed)

I did checks with binutils 2.24-18/-19/-20 and it was -20 when it failed. Built -23 without --enable-deterministic-archives option and it passed again.

But it is probably bug in make testsuite rather than in binutils.
Comment 5 Kyle McMartin 2014-09-02 16:42:06 UTC 
i'm going to assume this isn't aarch64 specific, and is only biting us here since we're doing the rebuild with newer package versions than the fedora rebuild. i'll take a look at the make testsuite on x86_64.
Comment 6 Kyle McMartin 2014-09-02 17:49:35 UTC 
Closing this one, as I've cloned 1136481 for the make issue.