[rb-general] GNU coding standards discussion

Ian Jackson ijackson at chiark.greenend.org.uk
Thu Dec 1 21:23:29 CET 2016 

gnu-prog-disc are having an extensive discussion on the topic of what
to put in standards.texi for reproducible builds.  A day or two ago, I
proposed (editing a much briefer definition from John Darrington) a
draft of such a definition, below.

I'd like your input.  Is this broadly the right kind of thing ?
Should `make install-strip' be changed to `make install' ?

gnu-proc-disc is not a public list, and it contains a number of quite
difficult-to-talk-to people :-), so you may find it easier to use me
as a go-between.


  Given the same inputs, running the build/install (normally
  "./configure; make; make install-strip") will always install an
  identical set of files into $DESTDIR/$prefix.

  Inputs means source code, dependencies, and tools.

  Identical means the files and directories have identical names,
  filetypes, contents, and permissions.  (For directories, the
  g+s permission bit may vary.)

  For filenames and contents `identical' means an identical sequence
  of bytes.  So it does not mean only semantically equivalent
  contents, such as an equivalent but different sequence of unicode
  codepoints.  (If the build/install is done in a non-UTF-8 locale,
  filenames and contents may depend on the locale.)

  Any symlinks have identical targets, and the hardlink structure (if
  any) wll be identical.

  If the build/install is done with the same password and group
  databases, the files will also have identical ownerships.

  The modification timestamp (mtime) of each file or directory is
  either:
   (i) In each build/install, no earlier than the start of that build;
   (ii) Identical across all builds/installs, and no later than the
       age of the youngest input.
  The ctime and atime are of no concern and may vary.


To expand somewhat on the context:

This is about what to put in the GNU coding standards.  The idea is
that the GNU documentation would ask GNU package maintainers to make
their packages reproducible.

It seems that rather than simply writing a general encouragement to
accept patches, the gnu-proc-disc list (and particularly rms) think it
desirable to try to give a definition of reproducibility.

>From the point of view of an upstream source package containing a
traditional GNU build system, that definition is necessarily going to
involve a more complicated definition of the output than we can use
for a binary package.

Also, I suggested that standards.texi ought to refer to the
reproducible builds project, but it seems that the GNU project and
particular RMS really don't like referring to external websites for
this kind of thing.

Anyway, I want the GNU project to do something useful here: GNU wants
to help, and (as a GNU and Debian person) I want to help GNU help in
the best way we can.


Regards,
Ian.

-- 
Ian Jackson <ijackson at chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

More information about the rb-general mailing list