diff mbox series

[pacman-dev] makepkg: deterministic PKGINFO libprovides for multiple library versions

Message ID 20200510224549.3581968-1-anthraxx@archlinux.org
State Accepted, archived
Headers show
Series [pacman-dev] makepkg: deterministic PKGINFO libprovides for multiple library versions | expand

Commit Message

Levente Polyak May 10, 2020, 10:45 p.m. UTC 
From: Levente Polyak <anthraxx@archlinux.org>

While iterating over the provides array, the find call for locating a
shared library may result in listing multiple entries which by itself
does not produce a stable deterministic order and may vary depending on
the underlying filesystem.
To provide a stable listing and a reproducible .PKGINFO file the result
of find is piped to sort with a static LC_ALL=C localisation.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
---
 scripts/makepkg.sh.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Eli Schwartz May 10, 2020, 10:49 p.m. UTC | #1 
On 5/10/20 6:45 PM, anthraxx@archlinux.org wrote:
> From: Levente Polyak <anthraxx@archlinux.org>
> 
> While iterating over the provides array, the find call for locating a
> shared library may result in listing multiple entries which by itself
> does not produce a stable deterministic order and may vary depending on
> the underlying filesystem.
> To provide a stable listing and a reproducible .PKGINFO file the result
> of find is piped to sort with a static LC_ALL=C localisation.

Wait, what. Do we have packages with libprovides providing multiple
versions of a shared library?

I mean yes, given this possibility it does seem like we'd need to sort
them, but still... why does this exist? :p
Allan McRae May 11, 2020, 2:17 a.m. UTC | #2 
On 11/5/20 8:49 am, Eli Schwartz wrote:
> On 5/10/20 6:45 PM, anthraxx@archlinux.org wrote:
>> From: Levente Polyak <anthraxx@archlinux.org>
>>
>> While iterating over the provides array, the find call for locating a
>> shared library may result in listing multiple entries which by itself
>> does not produce a stable deterministic order and may vary depending on
>> the underlying filesystem.
>> To provide a stable listing and a reproducible .PKGINFO file the result
>> of find is piped to sort with a static LC_ALL=C localisation.
> 
> Wait, what. Do we have packages with libprovides providing multiple
> versions of a shared library?
> 
> I mean yes, given this possibility it does seem like we'd need to sort
> them, but still... why does this exist? :p

There was historically a package that provided an old compatibility
library as well as the new one (you could only build against the new
one).  Really should have been a separate package.

Patch looks good.

A
diff mbox series

Patch

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index d1416d15..b95a03af 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -521,7 +521,7 @@  find_libprovides() {
 		missing=0
 		case "$p" in
 			*.so)
-				mapfile -t filename < <(find "$pkgdir" -type f -name $p\*)
+				mapfile -t filename < <(find "$pkgdir" -type f -name $p\* | LC_ALL=C sort)
 				if [[ $filename ]]; then
 					# packages may provide multiple versions of the same library
 					for fn in "${filename[@]}"; do