Possible new category for non-reproducible builds: --build-id=sha1
Bernhard M. Wiedemann
bernhardout at lsmod.de
Sun Apr 25 00:26:07 UTC 2021
On 24/04/2021 17.59, Roland Clobus wrote:
> I've looked the reproducible report for apt-cacher-ng [1].
> It looks like it is caused by a linker flag: -Wl,--build-id=sha1
man ld says
> --build-id=style
> If style is omitted, "sha1" is used.
So this is just the default made explicit.
If you see --build-id=uuid it is bad, because it will use randomness
instead of hashing inputs.
If you see variations in build-id with sha1 mode, it means there were
already variations in inputs before and those inputs should be made
deterministic.
Ciao
Bernhard m.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20210425/6a5df57a/attachment.sig>
More information about the rb-general
mailing list