picotool
picotool copied to clipboard
embedding ${CMAKE_SYSTEM_VERSION} makes picotool unreproducible
Hi,
maybe you have heard about the reproducible builds effort which a number of big organizations like Debian, Fedora, NixOS, Guix or Arch Linux are implementing. You can find more information here: https://reproducible-builds.org/#why-does-it-matter
In Debian, i'm using this patch to make picotool reproducible and allow independent verification that the provided source code results in the same application binary irrespective of who compiles it:
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -41,7 +41,7 @@ else()
add_executable(picotool main.cpp)
set(PICOTOOL_VERSION 1.1.2)
- set(SYSTEM_VERSION "${CMAKE_SYSTEM_NAME} ${CMAKE_SYSTEM_VERSION}")
+ set(SYSTEM_VERSION "${CMAKE_SYSTEM_NAME}")
set(COMPILER_INFO "${CMAKE_C_COMPILER_ID}-${CMAKE_C_COMPILER_VERSION}, ${CMAKE_BUILD_TYPE}")
target_compile_definitions(picotool PRIVATE
PICOTOOL_VERSION="${PICOTOOL_VERSION}"
I'm wondering if you would consider adding this kind of change to picotool or whether I will continue applying this patch in Debian.
Thanks!