diff mbox series

[1/2] go.bbclass: change GOTMPDIR to improve reproducibility

Message ID 20251208091148.368769-1-changqing.li@windriver.com
State Accepted, archived
Commit 0642d2323072f561a4d0eeb9266213387b2997fc
Headers show
Series [1/2] go.bbclass: change GOTMPDIR to improve reproducibility | expand

Commit Message

Changqing Li Dec. 8, 2025, 9:11 a.m. UTC 
From: Changqing Li <changqing.li@windriver.com>

The Go toolchain writes temporary source files under GOTMPDIR and
compiles them there. To support reproducibility, Go passes options such
as -ffile-prefix-map=$WORK/b387=/tmp/go-build to the GCC instance it
invokes. The variable WORK is a temporary directory created under
GOTMPDIR, refer this example:

WORK=/build/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/build-tmp/go-build377321751
cd $WORK/b387
TERM='dumb' x86_64-wrs-linux-gcc -m64 -march=x86-64-v3 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/recipe-sysroot -I /tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/sources/buildah-1.41.5/src/github.com/containers/buildah/vendor/github.com/proglottis/gpgme -fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=$WORK/b387=/tmp/go-build -gno-record-gcc-switches -v -D_FILE_OFFSET_BITS=64 -I $WORK/b387/ -O2 -g -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/sources/buildah-1.41.5=/usr/src/debug/buildah/1.41.5 -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/build=/usr/src/debug/buildah/1.41.5 -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/recipe-sysroot= -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/recipe-sysroot-native= -pipe -v -ffile-prefix-map=/tmp/work/x86-64-v3-wrs-linux/buildah/1.41.5/sources/buildah-1.41.5/src/github.com/containers/buildah/vendor=/_/vendor -frandom-seed=TZkSPVSBUvDMjg4wKjWS -o $WORK/b387/_x004.o -c unset_agent_info.cgo2.c

OE also passes its own DEBUG_PREFIX_MAP to GCC(finally by CGO_CFLAGS),
including -ffile-prefix-map=${B}=${TARGET_DBGSRC_DIR}, where B is
${WORKDIR}/build. Because GOTMPDIR defaults to ${WORKDIR}/build-tmp, the
Go temporary directory looks like ${WORKDIR}/build-tmp/go-buildXYZ. Its
prefix therefore begins with ${WORKDIR}/build, so GCC matches the
DEBUG_PREFIX_MAP entry for ${B} first.

As a result, a path such as ${WORKDIR}/build-tmp/go-buildXYZ is
rewritten to ${TARGET_DBGSRC_DIR}-tmp/go-buildXYZ. This breaks the
-ffile-prefix-map option that Go itself adds, because the original WORK
path no longer matches the value Go expects. Since Go creates
go-buildXYZ directories randomly and internally, this causes the build
non-reproducible.

This patch changes GOTMPDIR from ${WORKDIR}/build-tmp to
${WORKDIR}/go-build-tmp so that the path no longer matches ${B}. This
prevents unintended replacements by OE's DEBUG_PREFIX_MAP and
restores reproducibility.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
 meta/classes-recipe/go.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Alexander Kanavin Dec. 8, 2025, 10:41 a.m. UTC | #1 
On Mon, 8 Dec 2025 at 10:11, Changqing Li via lists.openembedded.org
<changqing.li=windriver.com@lists.openembedded.org> wrote:

> This patch changes GOTMPDIR from ${WORKDIR}/build-tmp to
> ${WORKDIR}/go-build-tmp so that the path no longer matches ${B}. This
> prevents unintended replacements by OE's DEBUG_PREFIX_MAP and
> restores reproducibility.

Wait. Go does not have reproducibility problems right now: it is a
part of reproducibility test, and not in the exclusion list. So how
can the issues that this patch set aims to fix be observed?

Alex
Changqing Li Dec. 9, 2025, 2:37 a.m. UTC | #2 
On 12/8/25 18:41, Alexander Kanavin wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> On Mon, 8 Dec 2025 at 10:11, Changqing Li via lists.openembedded.org
> <changqing.li=windriver.com@lists.openembedded.org> wrote:
>
>> This patch changes GOTMPDIR from ${WORKDIR}/build-tmp to
>> ${WORKDIR}/go-build-tmp so that the path no longer matches ${B}. This
>> prevents unintended replacements by OE's DEBUG_PREFIX_MAP and
>> restores reproducibility.
> Wait. Go does not have reproducibility problems right now: it is a
> part of reproducibility test, and not in the exclusion list. So how
> can the issues that this patch set aims to fix be observed?

I checked autobuilder configs,  although we have reproducible test, but 
only test with openembeded-core

and layers under meta-openembeded,   and there is no recipe inherit 
go.bbclass(except etcd under meta-oe,  but already skipped)

So actually,  we don't have reproducible test for recipes that compile 
with go.

And I tested with this step:

on a host,  with build path ra,  and another build path rb-extend, 
bitbake buildah under both project,

the rpm of ra, and rb-extend is different,   and with these 2 patches,  
the rpm will be the same.

//Changqing

>
> Alex
Alexander Kanavin Dec. 9, 2025, 9:39 a.m. UTC | #3 
On Tue, 9 Dec 2025 at 03:37, Changqing Li <changqing.li@windriver.com> wrote:
> Wait. Go does not have reproducibility problems right now: it is a
> part of reproducibility test, and not in the exclusion list. So how
> can the issues that this patch set aims to fix be observed?
>
> I checked autobuilder configs,  although we have reproducible test, but only test with openembeded-core
>
> and layers under meta-openembeded,   and there is no recipe inherit go.bbclass(except etcd under meta-oe,  but already skipped)
>
> So actually,  we don't have reproducible test for recipes that compile with go.

I see. I was confused and thought this fixes the go toolchain somehow.

There is one recipe on oe-core that does inherit go class
(go-helloworld), can you check why reproducibility issues don't happen
there? It would be good to have a reproducibility test for things
written in go in core, so this doesn't again regress quietly.

Alex
Changqing Li Dec. 9, 2025, 10:12 a.m. UTC | #4 
On 12/9/25 17:39, Alexander Kanavin wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> On Tue, 9 Dec 2025 at 03:37, Changqing Li<changqing.li@windriver.com> wrote:
>> Wait. Go does not have reproducibility problems right now: it is a
>> part of reproducibility test, and not in the exclusion list. So how
>> can the issues that this patch set aims to fix be observed?
>>
>> I checked autobuilder configs,  although we have reproducible test, but only test with openembeded-core
>>
>> and layers under meta-openembeded,   and there is no recipe inherit go.bbclass(except etcd under meta-oe,  but already skipped)
>>
>> So actually,  we don't have reproducible test for recipes that compile with go.
> I see. I was confused and thought this fixes the go toolchain somehow.
>
> There is one recipe on oe-core that does inherit go class
> (go-helloworld), can you check why reproducibility issues don't happen
> there? It would be good to have a reproducibility test for things
> written in go in core, so this doesn't again regress quietly.

This issue reproduced when cgo is enabled,  and go internally add 
--ffile-prefix-map="WorkDir"=/tmp/go-build" to gcc

to tell gcc not include workdir in object file. for go-helloworld, it 
should be pure go,  does not include the "C", so it will not met this 
issue.

//Changqing

> Alex
Alexander Kanavin Dec. 9, 2025, 10:19 a.m. UTC | #5 
On Tue, 9 Dec 2025 at 11:13, Changqing Li <changqing.li@windriver.com> wrote:
> This issue reproduced when cgo is enabled,  and go internally add --ffile-prefix-map="WorkDir"=/tmp/go-build" to gcc
>
> to tell gcc not include workdir in object file. for go-helloworld, it should be pure go,  does not include the "C", so it will not met this issue.

Alright. The patches are ok then, please summarize these points in v2
commit messages.

Alex
Alexander Kanavin Dec. 15, 2025, 6:06 p.m. UTC | #6 
On Tue, 9 Dec 2025 at 11:13, Changqing Li <changqing.li@windriver.com> wrote:

> There is one recipe on oe-core that does inherit go class
> (go-helloworld), can you check why reproducibility issues don't happen
> there? It would be good to have a reproducibility test for things
> written in go in core, so this doesn't again regress quietly.
>
> This issue reproduced when cgo is enabled,  and go internally add --ffile-prefix-map="WorkDir"=/tmp/go-build" to gcc
>
> to tell gcc not include workdir in object file. for go-helloworld, it should be pure go,  does not include the "C", so it will not met this issue.

I have filed a bugzilla ticket for the missong cgo reproducibility
testing: https://bugzilla.yoctoproject.org/show_bug.cgi?id=16100

If you have ideas how to address it (with something minimal) in
oe-core, that would be welcome.

Alex
diff mbox series

Patch

diff --git a/meta/classes-recipe/go.bbclass b/meta/classes-recipe/go.bbclass
index e0f667373e..ed986ff5d4 100644
--- a/meta/classes-recipe/go.bbclass
+++ b/meta/classes-recipe/go.bbclass
@@ -79,7 +79,7 @@  B = "${WORKDIR}/build"
 export GOPATH = "${B}"
 export GOENV = "off"
 export GOPROXY ??= "https://proxy.golang.org,direct"
-export GOTMPDIR ?= "${WORKDIR}/build-tmp"
+export GOTMPDIR ?= "${WORKDIR}/go-build-tmp"
 GOTMPDIR[vardepvalue] = ""
 
 GO_SRCURI_DESTSUFFIX = "${@os.path.join(os.path.basename(d.getVar('S')), 'src', d.getVar('GO_IMPORT')) + '/'}"