From 4b2fa040eb2414ace66feedac92c2b05a68e1143 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Sun, 10 Oct 2021 21:10:02 +0200 Subject: librsvg: restore reproducibility (From OE-Core rev: c6fbac3b1db14aa73b4161371dd49644f3cced74) Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- ...em-deps-sort-dependencies-before-using-th.patch | 53 ++++++++++++++++++++++ meta/recipes-gnome/librsvg/librsvg_2.52.0.bb | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-gnome/librsvg/librsvg/0001-vendor-system-deps-sort-dependencies-before-using-th.patch (limited to 'meta/recipes-gnome/librsvg') diff --git a/meta/recipes-gnome/librsvg/librsvg/0001-vendor-system-deps-sort-dependencies-before-using-th.patch b/meta/recipes-gnome/librsvg/librsvg/0001-vendor-system-deps-sort-dependencies-before-using-th.patch new file mode 100644 index 0000000000..9fe11930d3 --- /dev/null +++ b/meta/recipes-gnome/librsvg/librsvg/0001-vendor-system-deps-sort-dependencies-before-using-th.patch @@ -0,0 +1,53 @@ +From 9c20757ef8055535579ca3b7e69834e6917200e2 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Fri, 24 Sep 2021 16:20:40 +0200 +Subject: [PATCH] vendor/system-deps: sort dependencies before using them + +Otherwise they come out in non-reproducible order, leaking into +target binaries. + +Upstream-Status: Pending +Signed-off-by: Alexander Kanavin + + +Signed-off-by: Alexander Kanavin +--- + vendor/system-deps/.cargo-checksum.json | 3 ++- + vendor/system-deps/src/lib.rs | 6 +++--- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/vendor/system-deps/.cargo-checksum.json b/vendor/system-deps/.cargo-checksum.json +index aae6cb9..73155dc 100644 +--- a/vendor/system-deps/.cargo-checksum.json ++++ b/vendor/system-deps/.cargo-checksum.json +@@ -1 +1,2 @@ +-{"files":{"Cargo.toml":"56ab5070dc9019b039c5e9904bb466b0879c33a7f69dd030b97abab321b7cc04","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","README.md":"3fe7396637bf9233908f41c6001cfcb00a379225e06e36e508c8b3d7264a8aae","src/lib.rs":"594e5f14180590adc9ea0a8ba1cc35f9a8a260322d08de3037efac3ce1dc729b","src/metadata.rs":"4c8d6ac2c88646a5b97ecb50ed44b65e5b2865cce6897add85b29ca2ae08c2bb","src/test.rs":"1ec48d1e443a0a4ac8035a2b60ff0321543aa2fa998fee72cf7762a936bf5f8c","src/tests/testanotherlib.pc":"bb4fd942324e6d49ce3becd827aa5c948d1924ca6681904a3695c19b1424eb3c","src/tests/testdata.pc":"43f481e989c03674fed5ef78c6420b3f8d36a2ce001928d86c418d1844acd5e7","src/tests/testlib-2.0.pc":"152eb0c70c14c3d948118408f3d1fd3bb7531b02aa792db85bd957f7db90b45b","src/tests/testlib-3.0.pc":"cd39c2ef88f6828c9291150cc4b624e769abef484674eaebaa4f67979501315f","src/tests/testlib.pc":"75c0d8a5345f65794f583c83e1cf0dbf3385af6e6abea1d61bb86eef707a52db","src/tests/toml-missing-file/no-cargo-toml-here":"6ab4da4b56f15315df6538610cfcd2ba3d0f9a7a8414678ff00ab5a78f7d41fa"},"package":"480c269f870722b3b08d2f13053ce0c2ab722839f472863c3e2d61ff3a1c2fa6"} ++{"files":{"Cargo.toml":"56ab5070dc9019b039c5e9904bb466b0879c33a7f69dd030b97abab321b7cc04","LICENSE-APACHE":"a60eea817514531668d7e00765731449fe14d059d3249e0bc93b36de45f759f2","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","README.md":"3fe7396637bf9233908f41c6001cfcb00a379225e06e36e508c8b3d7264a8aae", ++"src/lib.rs":"d88593afdcb0cc3765bf427913ebb718ac6dcd9d62d1381d9afe44dddef3abbf","src/metadata.rs":"4c8d6ac2c88646a5b97ecb50ed44b65e5b2865cce6897add85b29ca2ae08c2bb","src/test.rs":"1ec48d1e443a0a4ac8035a2b60ff0321543aa2fa998fee72cf7762a936bf5f8c","src/tests/testanotherlib.pc":"bb4fd942324e6d49ce3becd827aa5c948d1924ca6681904a3695c19b1424eb3c","src/tests/testdata.pc":"43f481e989c03674fed5ef78c6420b3f8d36a2ce001928d86c418d1844acd5e7","src/tests/testlib-2.0.pc":"152eb0c70c14c3d948118408f3d1fd3bb7531b02aa792db85bd957f7db90b45b","src/tests/testlib-3.0.pc":"cd39c2ef88f6828c9291150cc4b624e769abef484674eaebaa4f67979501315f","src/tests/testlib.pc":"75c0d8a5345f65794f583c83e1cf0dbf3385af6e6abea1d61bb86eef707a52db","src/tests/toml-missing-file/no-cargo-toml-here":"6ab4da4b56f15315df6538610cfcd2ba3d0f9a7a8414678ff00ab5a78f7d41fa"},"package":"480c269f870722b3b08d2f13053ce0c2ab722839f472863c3e2d61ff3a1c2fa6"} +diff --git a/vendor/system-deps/src/lib.rs b/vendor/system-deps/src/lib.rs +index af14348..5f0682e 100644 +--- a/vendor/system-deps/src/lib.rs ++++ b/vendor/system-deps/src/lib.rs +@@ -242,11 +242,11 @@ impl Dependencies { + self.libs.get(name) + } + +- /// An iterator visiting all system dependencies in arbitrary order. ++ /// An iterator visiting all system dependencies in sorted (for build reproducibility) order. + /// The first element of the tuple is the name of the `toml` key defining the + /// dependency in `Cargo.toml`. + pub fn iter(&self) -> impl Iterator { +- self.libs.iter().map(|(k, v)| (k.as_str(), v)) ++ self.libs.iter().map(|(k, v)| (k.as_str(), v)).sorted_by_key(|x| x.0) + } + + fn aggregate_str &Vec>( +@@ -338,7 +338,7 @@ impl Dependencies { + let mut flags = BuildFlags::new(); + let mut include_paths = Vec::new(); + +- for (name, lib) in self.libs.iter() { ++ for (name, lib) in self.libs.iter().sorted_by_key(|x| x.0) { + include_paths.extend(lib.include_paths.clone()); + + if lib.source == Source::EnvVariables diff --git a/meta/recipes-gnome/librsvg/librsvg_2.52.0.bb b/meta/recipes-gnome/librsvg/librsvg_2.52.0.bb index 50489453df..47d3880873 100644 --- a/meta/recipes-gnome/librsvg/librsvg_2.52.0.bb +++ b/meta/recipes-gnome/librsvg/librsvg_2.52.0.bb @@ -23,6 +23,7 @@ SRC_URI += "file://0001-Makefile.am-pass-rust-target-to-cargo-also-when-not-.pat file://0003-New-ToCairoARGB-trait.patch \ file://0004-impl-ToPixel-for-CairoARGB.patch \ file://0001-crossbeam-utils-check-only-the-architecture-not-the-.patch \ + file://0001-vendor-system-deps-sort-dependencies-before-using-th.patch \ " SRC_URI[archive.sha256sum] = "bd821fb3e16494b61f5185addd23b726b064f203122b3ab4b3d5d7a44e6bf393" -- cgit v1.2.3-54-g00ecf