[rb-general] GNU coding standards discussion
Daniel Shahaf
danielsh at apache.org
Sat Dec 3 14:19:10 CET 2016
Holger Levsen wrote on Sat, Dec 03, 2016 at 12:05:28 +0000:
> I think we actually agree on something, that is "compilation of the same
> source always has bit by bit identical results" so that we can check for
> reproducibility by checking for identical hashes and/or plain /usr/bin/diff
> should return "no bit difference".
>
> So I think we also agree that Signals "reproducible builds", which
> requires a specific tool to determine whether two builds are identical,
> are actual not Reproducible Builds according to our shared definition.
I see three tiers of reproducibility; in order:
- Bitwise identical: same length and byte-by-byte equal.
- Equal up to generic transformation: two packages are identical if
f(alice) is bitwise identical to f(bob), for some well-known function
f() that doesn't depend on the particular package.
For example, a .buildinfo file could specify a list of byte offsets to
exclude from comparison, and then the comparator would check whether
two builds of the package are bitwise identical *except* for the bytes
at the given offsets. (Example: "bar" would compare equal to "baz" if
the byte at offset 2 is ignored.)
- Package-specific tool required to determine whether two builds are
identical.
Each of these definitions implies the following ones.
I agree that we should use "bitwise identical" as the goal; but if
a particular package cannot meet that goal, then a package-agnostic
fallback sense of reproducibility would be preferable to
a package-specific one.
Cheers,
Daniel
More information about the rb-general
mailing list