[rb-general] Making CMake packages reproducible

Peter Wu peter at lekensteyn.nl
Tue Oct 2 13:47:53 CEST 2018


While working on making a package reproducible that uses CMake as build
system (wireshark on Arch Linux, but in a smaller form, x265 in Debian),
I found one feature of CMake that makes packages non-reproducible if the
build directory changes. If a project:

1) builds with a shared library
2) and has an executable linking with that library
3) then CMake will link with -Wl,-rpath,$builddir
4) and .build-id will be different
5) on install, the rpath is stripped, but build-id remains unchanged.

For example, building x265 on Debian sid reveals:

    [100%] Linking CXX executable x265
    /usr/bin/c++  -g -O2 -fdebug-prefix-map=/home/user/x1/x265-2.8=.
    [..] CMakeFiles/cli.dir/x265.cpp.o
    -o x265 -Wl,-rpath,/home/user/x1/x265-2.8/x265-8bit: libx265.so.160 [..]
    -- Installing: /home/user/x1/x265-2.8/debian/tmp/usr/bin/x265
    -- Set runtime path of "/home/user/x1/x265-2.8/debian/tmp/usr/bin/x265" to ""

To avoid the rpath from being set, use cmake -DCMAKE_SKIP_RPATH=ON. This
used to be done by default when using debhelper, but was removed in
https://bugs.debian.org/538977 due to test programs that relied on the
library path to be set.

Would it make sense to set it by default in debhelper? Projects that
have tests depending on the rpath location can either override
-DCMAKE_SKIP_RPATH=OFF (making the build path part of the build
environment) or set LD_LIBRARY_PATH. Or should every package include
this option? (This question applies both to Debian and Arch Linux).

(Apart from the RPATH issue, x265 uses __FILE__ which would require
-fmacro-prefix-map or -ffile-prefix-map to be set, similar to
Kind regards,
Peter Wu

More information about the rb-general mailing list