picotool icon indicating copy to clipboard operation
picotool copied to clipboard

Published 20 hours ago verified publisher icon raspberrypi

embedding ${CMAKE_SYSTEM_VERSION} makes picotool unreproducible

Open josch opened this issue 1 month ago • 0 comments

Hi,

maybe you have heard about the reproducible builds effort which a number of big organizations like Debian, Fedora, NixOS, Guix or Arch Linux are implementing. You can find more information here: https://reproducible-builds.org/#why-does-it-matter

In Debian, i'm using this patch to make picotool reproducible and allow independent verification that the provided source code results in the same application binary irrespective of who compiles it:

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -41,7 +41,7 @@ else()
 
     add_executable(picotool main.cpp)
     set(PICOTOOL_VERSION 1.1.2)
-    set(SYSTEM_VERSION "${CMAKE_SYSTEM_NAME} ${CMAKE_SYSTEM_VERSION}")
+    set(SYSTEM_VERSION "${CMAKE_SYSTEM_NAME}")
     set(COMPILER_INFO "${CMAKE_C_COMPILER_ID}-${CMAKE_C_COMPILER_VERSION}, ${CMAKE_BUILD_TYPE}")
     target_compile_definitions(picotool PRIVATE
             PICOTOOL_VERSION="${PICOTOOL_VERSION}"

I'm wondering if you would consider adding this kind of change to picotool or whether I will continue applying this patch in Debian.

Thanks!

josch avatar Jun 06 '24 05:06 josch