[pacman-dev] [PATCH] makepkg: deterministic PKGINFO libprovides for multiple library versions
From: Levente Polyak <anthraxx@archlinux.org> While iterating over the provides array, the find call for locating a shared library may result in listing multiple entries which by itself does not produce a stable deterministic order and may vary depending on the underlying filesystem. To provide a stable listing and a reproducible .PKGINFO file the result of find is piped to sort with a static LC_ALL=C localisation. Signed-off-by: Levente Polyak <anthraxx@archlinux.org> --- scripts/makepkg.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index d1416d15..b95a03af 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -521,7 +521,7 @@ find_libprovides() { missing=0 case "$p" in *.so) - mapfile -t filename < <(find "$pkgdir" -type f -name $p\*) + mapfile -t filename < <(find "$pkgdir" -type f -name $p\* | LC_ALL=C sort) if [[ $filename ]]; then # packages may provide multiple versions of the same library for fn in "${filename[@]}"; do -- 2.26.2
On 5/10/20 6:45 PM, anthraxx@archlinux.org wrote:
From: Levente Polyak <anthraxx@archlinux.org>
While iterating over the provides array, the find call for locating a shared library may result in listing multiple entries which by itself does not produce a stable deterministic order and may vary depending on the underlying filesystem. To provide a stable listing and a reproducible .PKGINFO file the result of find is piped to sort with a static LC_ALL=C localisation.
Wait, what. Do we have packages with libprovides providing multiple versions of a shared library? I mean yes, given this possibility it does seem like we'd need to sort them, but still... why does this exist? :p -- Eli Schwartz Bug Wrangler and Trusted User
On 11/5/20 8:49 am, Eli Schwartz wrote:
On 5/10/20 6:45 PM, anthraxx@archlinux.org wrote:
From: Levente Polyak <anthraxx@archlinux.org>
While iterating over the provides array, the find call for locating a shared library may result in listing multiple entries which by itself does not produce a stable deterministic order and may vary depending on the underlying filesystem. To provide a stable listing and a reproducible .PKGINFO file the result of find is piped to sort with a static LC_ALL=C localisation.
Wait, what. Do we have packages with libprovides providing multiple versions of a shared library?
I mean yes, given this possibility it does seem like we'd need to sort them, but still... why does this exist? :p
There was historically a package that provided an old compatibility library as well as the new one (you could only build against the new one). Really should have been a separate package. Patch looks good. A
participants (3)
-
Allan McRae
-
anthraxx@archlinux.org
-
Eli Schwartz