fix: add reproducible build flags to CMake configuration

[18202781743]

Added CMAKE_SKIP_BUILD_RPATH=ON flag to CMake configuration for
reproducible builds
This flag prevents CMake from embedding build directory paths in
binaries, ensuring consistent builds across different environments
The flag is appended to existing CMake flags through
DEB_CMAKE_EXTRA_FLAGS variable
This change addresses build reproducibility issues where binaries could
differ due to embedded build paths

Influence:

1. Verify that builds produce identical binaries when built from same
   source
2. Test building in different directories to ensure no path dependencies
3. Check that RPATH is not embedded in generated binaries
4. Validate that existing functionality remains unchanged
5. Test cross-environment builds for consistency

fix: 为CMake配置添加可重复编译参数

在CMake配置中添加CMAKE_SKIP_BUILD_RPATH=ON标志以实现可重复编译
该标志防止CMake在二进制文件中嵌入构建目录路径，确保在不同环境中构建的一
致性
该标志通过DEB_CMAKE_EXTRA_FLAGS变量附加到现有的CMake标志中
此更改解决了由于嵌入构建路径导致二进制文件可能不同的构建可重复性问题

Influence:

1. 验证从相同源代码构建时是否生成相同的二进制文件
2. 在不同目录中测试构建以确保没有路径依赖
3. 检查生成的二进制文件中是否未嵌入RPATH
4. 验证现有功能是否保持不变
5. 测试跨环境构建的一致性

Summary by Sourcery

Add CMAKE_SKIP_BUILD_RPATH=ON to CMake configuration via DEB_CMAKE_EXTRA_FLAGS to avoid embedding build paths in binaries and achieve reproducible builds across environments

Enhancements:

• Ensure builds are reproducible by preventing CMake from embedding build directory paths in binaries

Build:

• Append CMAKE_SKIP_BUILD_RPATH=ON to DEB_CMAKE_EXTRA_FLAGS in debian rules to enforce skip of build rpath

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Added the CMAKE_SKIP_BUILD_RPATH=ON flag into the CMake configuration via DEB_CMAKE_EXTRA_FLAGS in debian/rules to prevent embedding build directory paths and guarantee reproducible binaries across environments.

File-Level Changes

Change	Details	Files
Enable reproducible builds by skipping RPATH embedding	Appended "-DCMAKE_SKIP_BUILD_RPATH=ON" to DEB_CMAKE_EXTRA_FLAGS Updated override_dh_auto_configure in debian/rules to include the new flag Preserved existing CMake flags while extending them with the reproducibility option	debian/rules

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-bot]

TAG Bot

New tag: 2.0.16
DISTRIBUTION: unstable
Suggest: synchronizing this PR through rebase #384

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: 18202781743, BLumia

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[BLumia]

CMAKE_BUILD_RPATH_USE_ORIGIN 管用吗？（参考）

[18202781743]

没试过，这个参数系统那边给的建议，

[deepin-ci-robot]

deepin pr auto review

我来对这个git diff进行审查：

1. 语法逻辑分析：

• 语法正确，符合debian/rules文件的格式规范
• 变量定义和使用符合makefile语法
• DEB_CMAKE_EXTRA_FLAGS的追加方式正确

2. 代码质量改进建议：

• 建议在添加reproducible编译参数时添加注释说明其具体作用
• 可以考虑将DEB_CMAKE_EXTRA_FLAGS的定义放在文件开头，与其他export变量放在一起，提高可读性

3. 代码性能分析：

• 这个修改主要是为了支持reproducible builds，不会对运行时性能产生影响
• -DCMAKE_SKIP_BUILD_RPATH=ON参数会跳过构建时的RPATH设置，对构建过程有轻微优化

4. 代码安全性分析：

• 这个修改提高了构建的可重现性，有助于安全审计
• -DCMAKE_SKIP_BUILD_RPATH=ON参数可以防止潜在的安全问题，避免运行时使用不信任的库路径

具体改进建议：

diff --git a/debian/rules b/debian/rules
index 9ba6f2d0..335ead37 100755
--- a/debian/rules
+++ b/debian/rules
@@ -7,6 +7,11 @@ export DEB_CFLAGS_MAINT_APPEND = -Wall
 export DEB_CXXFLAGS_MAINT_APPEND = -Wall
 export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-E
 
+# Enable reproducible builds
+# -DCMAKE_SKIP_BUILD_RPATH=ON: Skip build-time RPATH to ensure reproducible builds
+# and prevent potential security issues from untrusted library paths
+export DEB_CMAKE_EXTRA_FLAGS = -DCMAKE_SKIP_BUILD_RPATH=ON
+
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 
 VERSION = $(DEB_VERSION_UPSTREAM)

主要改进点：

1. 将DEB_CMAKE_EXTRA_FLAGS改为export变量，使其与其他编译参数保持一致
2. 添加了更详细的注释说明参数的作用和安全考虑
3. 将参数定义移到文件开头，与其他export变量放在一起，提高可维护性

这些修改不会改变功能，但能提高代码的可读性和可维护性。

[18202781743]

/forcemerge

[deepin-bot]

This pr force merged! (status: blocked)