Hi fontconfig@, Whilst working on the Reproducible Builds[0] effort, we noticed that fontconfig generates cache files with unreproducible/non-deterministic filenames. This is a supplement to the changes added in f098adac54ab where we ensured that the checksums themselves were determistic but the files that were stored in the cache directory are currently being given "random" names via uuid(3)'s uuid_generate_random function, thus any images that generate such files have different contents on every build. This patch changes the behaviour of the cache directory filename calculation to be based on the "source" directory name, rather than being entirely random. An alternative solution could be to continue to use the previous uuid_generate_random function but use this alternative codepath if the SOURCE_DATE_EPOCH[1] environment variable was determined to be present via getenv(3). This work was sponsored by Tails[2] and tracked in Debian in #864082[3]. [0] https://reproducible-builds.org/ [1] https://reproducible-builds.org/specs/source-date-epoch/ [2] https://tails.boum.org/ [3] https://bugs.debian.org/864082 --- src/fccache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- Chris Lamb chris-lamb.co.uk / @lolamby
From 70565e0f73d116a2a9523146228efcca1e76b016 Mon Sep 17 00:00:00 2001 From: Chris Lamb <chris@xxxxxxxxxxxxxxxx> Date: Mon, 29 Oct 2018 15:48:51 -0400 Subject: [PATCH] Make the cache filenames determinstic Whilst working on the Reproducible Builds[0] effort, we noticed that fontconfig generates cache files with unreproducible/non-deterministic filenames. This is a supplement to the changes added in f098adac54ab where we ensured that the checksums themselves were determistic but the files that were stored in the cache directory are currently being given "random" names via uuid(3)'s uuid_generate_random function, thus any images that generate such files have different contents on every build. This patch changes the behaviour of the cache directory filename calculation to be based on the "source" directory name, rather than being entirely random. An alternative solution could be to continue to use the previous uuid_generate_random function but use this alternative codepath if the SOURCE_DATE_EPOCH[1] environment variable was determined to be present via getenv(3). This work was sponsored by Tails[2] and tracked in Debian in #864082[3]. [0] https://reproducible-builds.org/ [1] https://reproducible-builds.org/specs/source-date-epoch/ [2] https://tails.boum.org/ [3] https://bugs.debian.org/864082 --- src/fccache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fccache.c b/src/fccache.c index 87073ba..b57c773 100644 --- a/src/fccache.c +++ b/src/fccache.c @@ -101,7 +101,7 @@ FcDirCacheCreateUUID (FcChar8 *dir, ret = FcFalse; goto bail3; } - uuid_generate_random (uuid); + uuid_generate_sha1 (uuid, target, target, strlen(target)); if (force) hash_add = FcHashTableReplace; else -- 2.19.1
_______________________________________________ Fontconfig mailing list Fontconfig@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/fontconfig
