Notes for vlc - reproducible builds result

Version annotated: 2.2.0~rc1-1
Identified issues:
Identifier: timestamps_from_cpp_macros
URL https://wiki.debian.org/ReproducibleBuilds/TimestampsFromCPPMacros
Description The C pre-processor macros `__DATE__`, `__TIME__`,
capture the current time, and thus will obviously make a build
unreproducible.
Identifier: different_due_to_umask
Description Files have varying permissions because of different umasks.
Identifier: users_and_groups_in_tarball
URL https://wiki.debian.org/ReproducibleBuilds/UsersAndGroupsInTarballs
Description Tarballs capture user and group for each of its members.
Identifier: captures_build_path
Description Captures build path, e.g., /build/1st/foo-42.0 v. /build/foo-42.0/2nd
.
Until early 2024 we varied the build path when testing packages from unstable
and experimental, which we have stopped doing now as the build path is recorded
as part of the environment and thus can be used when rebuilding.
.
This issue is kept here for the time being.
.
This issue is only for miscellaneous issues which need individual fixes,
please create new issues for specific issues, e.g. gcc_captures_build_path.
.
Here follows some general tips for packages using the standard GNU toolchain:
.
If using autoconf, make sure you call ./configure via a relative and not absolute path.
.
If your issue is related to using the `__FILE__` macro, or the recording of
--debug-prefix-map flags in non-GCC non-debugging output, this is what is
fixed by our patch mentioned above; you should not need to fix it
specifically in your package.
.
For more background information see:
.
• https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20160822/006788.html
• https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20160905/006984.html
• https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20160912/007076.html
Identifier: user_hostname_manually_added_requiring_further_investigation
Description Packages which intentionally capture the username or hostname into a custom format,
but aren't obviously using any tool or system which has this as a core issue.
Interesting because they could be fixed by fixing these things at build time.
Identifier: records_build_flags
Description Records $CFLAGS, which vary intentionally due to the «-fdebug-prefix-map=${BUILDPATH}=.»,
«-ffile-prefix-map=${BUILDPATH}=.» or «-fmacro-prefix-map=${BUILDPATH}=.» flags.
.
We have a patch pending to GCC to fix this issue centrally:
.
https://gcc.gnu.org/ml/gcc-patches/2016-11/msg00182.html
.
Though the patch is currently unlikely to be merged. If/when this
is accepted, this issue should be fixed for all packages and you
should not need to fix it specifically in your package.
.
There is also a work-in-progress patch to dpkg that could address this issue:
.
https://bugs.debian.org/985553
.
For more background information see:
.
• https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20160822/006788.html
• https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20160905/006984.html
• https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20160912/007076.html
Identifier: unsorted_cache_file_by_vlc-cache-gen
Description File lists are generated in the plugins.dat file, which varies
with the readdir() order.
Bugs noted: 990247: "vlc: reproducible builds: Fix passing sort order to tar when generating default.vlt"
990248+: "vlc: reproducible builds: builds different default.vlt file depending on umask"
Comments: The zsh completions file is generated with various
non-deterministic ordering issues by
extras/analyser/zsh_completion.sh,
mod_list and/or module_list_get needs to be sorted
https://sources.debian.org/src/vlc/3.0.16-1/extras/analyser/zsh.cpp/#L247
 

Our notes about issues affecting packages are stored in notes.git and are targeted at packages in Debian in 'unstable/amd64' (unless they say otherwise).