So, I've got a fix for the reproducibility issues for maradns... part of the fixes are fairly obvious, setting a specific date and setting the version to be, well, the version... But there's one nervous-making issue this revealed; maradns embeds a random number at build time ... allegedly for systems that don't have /dev/urandom... see maradns-3.5.0020/deadwood-3.5.0020/src/Makefile.ubuntu2004: # Since some systems may not have /dev/urandom (Windows, *cough* *cough*), we # keep a randomly generated prime around So it's got some code to generate a random number at build time and embed it in the binary. Now, if there's anything I know about good practices about random numbers, this sort of thing is generally a very large red flag! It also makes the package build differently every time! So, Debian's maradns package just removes this embedding of a "random" number, and I've basically adapted their patches to build reproducibly on guix too... by basically embedding the same "random" number every single build! That said, hopefully it actually uses /dev/urandom and this is just a fallback for when /dev/urandom is missing? Is that actually how this is supposed to work? Is that actually how the code does work? If that's the case, I think the following patch should work ok on Guix. But I wanted some extra eyes on this before pushing... live well, vagrant p.s. Obviously, I picked the best random number. From a2e10d39de37c363b25f06dbb275e2bf6d614b7c Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Sun, 5 Jun 2022 13:57:27 -0700 Subject: [PATCH 3/3] gnu: maradns: Build reproducibly. * gnu/packages/patches/maradns-deadwood-do-not-embed-random-number.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch. * gnu/package/dns.scm (maradns)[source]: Add patch. [arguments]: Pass VERSION and COMPILED via makeflags. --- gnu/local.mk | 1 + gnu/packages/dns.scm | 7 +++- ...-deadwood-do-not-embed-random-number.patch | 38 +++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/maradns-deadwood-do-not-embed-random-number.patch diff --git a/gnu/local.mk b/gnu/local.mk index 68b317b32a..ff1135e48e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1471,6 +1471,7 @@ dist_patch_DATA = \ %D%/packages/patches/lvm2-static-link.patch \ %D%/packages/patches/mailutils-variable-lookup.patch \ %D%/packages/patches/make-impure-dirs.patch \ + %D%/packages/patches/maradns-deadwood-do-not-embed-random-number.patch \ %D%/packages/patches/mariadb-link-libatomic.patch \ %D%/packages/patches/mars-install.patch \ %D%/packages/patches/mars-sfml-2.3.patch \ diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index fea255c930..39268ddfcf 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -1302,7 +1302,10 @@ (define-public maradns (version-major+minor version) "/" version "/maradns-" version ".tar.xz")) (sha256 - (base32 "1qgabw6y2bwy6y88dikis62k789i0xh7iwxan8jmqpzvksqwjfgw")))) + (base32 "1qgabw6y2bwy6y88dikis62k789i0xh7iwxan8jmqpzvksqwjfgw")) + (patches + (search-patches + "maradns-deadwood-do-not-embed-random-number.patch")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; need to be root to run tests @@ -1310,6 +1313,8 @@ (define-public maradns (list ,(string-append "CC=" (cc-for-target)) (string-append "PREFIX=" %output) + (string-append "COMPILED=" "2012-04-18") + (string-append "VERSION=" ,version) (string-append "RPM_BUILD_ROOT=" %output)) #:phases (modify-phases %standard-phases diff --git a/gnu/packages/patches/maradns-deadwood-do-not-embed-random-number.patch b/gnu/packages/patches/maradns-deadwood-do-not-embed-random-number.patch new file mode 100644 index 0000000000..7e51e79259 --- /dev/null +++ b/gnu/packages/patches/maradns-deadwood-do-not-embed-random-number.patch @@ -0,0 +1,38 @@ +Adapted from https://sources.debian.org/src/maradns/2.0.13-1.4/debian/patches/deadwood_makefile.patch/ + +diff --git a/deadwood-3.5.0020/src/Makefile.ubuntu2004 b/deadwood-3.5.0020/src/Makefile.ubuntu2004 +index 62868aa..2c8c094 100644 +--- a/deadwood-3.5.0020/src/Makefile.ubuntu2004 ++++ b/deadwood-3.5.0020/src/Makefile.ubuntu2004 +@@ -29,13 +29,10 @@ all: Deadwood version.h + # + + clean: +- rm -f Test DwMain DwTcp *.exe *.o a.out RandomPrime writehash_test* \ +- Deadwood foo* dw_cache DwHash DwCompress *stackdump \ +- core ; \ +- ./make.version.h ; if [ -e /dev/urandom ] ; \ +- then rm DwRandPrime.h ; \ +- cc RandomPrime.c ; ./a.out > DwRandPrime.h ; rm a.out \ +- ; fi ++ rm -f Test DwMain DwTcp *.exe *.o a.out writehash_test* \ ++ Deadwood foo* dw_cache DwHash DwCompress *stackdump core ++ ++ + + version.h: + ./make.version.h +@@ -67,11 +64,8 @@ DwSocket.o: DwSocket.c DwStr.h DwSocket.h + DwSys.o: DwSys.c DwStr.h version.h + $(CC) $(FLAGS) -Wall -c -o DwSys.o DwSys.c + +-RandomPrime: RandomPrime.c +- $(CC) -O3 -o RandomPrime RandomPrime.c +- +-DwRandPrime.h: RandomPrime +- if [ -e /dev/urandom ] ; then ./RandomPrime > DwRandPrime.h ; fi ++DwRandPrime.h: ++ echo '#define MUL_CONSTANT 1238145941' > DwRandPrime.h + + DwHash.o: DwHash.c DwStr.h DwRandPrime.h DwHash.h + $(CC) $(FLAGS) -Wall -c -o DwHash.o DwHash.c -- 2.35.1