Possible new category for non-reproducible builds: --build-id=sha1
Bernhard M. Wiedemann
bernhardout at lsmod.de
Sun Apr 25 00:26:07 UTC 2021
On 24/04/2021 17.59, Roland Clobus wrote:
> I've looked the reproducible report for apt-cacher-ng .
> It looks like it is caused by a linker flag: -Wl,--build-id=sha1
man ld says
> If style is omitted, "sha1" is used.
So this is just the default made explicit.
If you see --build-id=uuid it is bad, because it will use randomness
instead of hashing inputs.
If you see variations in build-id with sha1 mode, it means there were
already variations in inputs before and those inputs should be made
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 236 bytes
Desc: OpenPGP digital signature
More information about the rb-general