spotifyd does not build reproducibly
bmwiedemann opened this issue · 1 comments
Description
While working on reproducible builds for openSUSE, I found that
our spotifyd package varied in each build.
To Reproduce
- build
spotifydbinaries twice from scratch cmp spotifyd{1,2}
Expected behavior
binaries should be able to produce bit-identical binaries.
Logs
Click to show logs
--- old /usr/bin/spotifyd (objdump)
+++ new /usr/bin/spotifyd (objdump)
@@ -631764,7 +631764,7 @@
9a5020 60617379 6e632066 6e602072 6573756d `async fn` resum
9a5030 65642061 66746572 20636f6d 706c6574 ed after complet
9a5040 696f6e6c 69627265 73706f74 5f5f554e ionlibrespot__UN
- 9a5050 4b4e4f57 4e437a31 4a6f4746 6373706f KNOWNCz1JoGFcspo
+ 9a5050 4b4e4f57 4e5a6259 30435948 6f73706f KNOWNZbY0CYHospo
9a5060 74696679 646c6962 72657370 6f742d55 tifydlibrespot-U
9a5070 4e4b4e4f 574e454f 46526563 65697665 NKNOWNEOFReceive
9a5080 6420696e 76616c69 64207061 636b6574 d invalid packet
Versions
- OS: openSUSE-Tumbleweed-20230215
- Spotifyd: 0.3.3
- cargo: 1.67
Additional context
This is fixed with
librespot-org/librespot@9de1f38
so using librespot-core 0.4+ instead of 0.2.0 solves this problem.
Thanks for raising this. Guess, we'll have to keep that open, until someone gets around to doing that (presumably massive) update. 😅
I might be able to start tackling that in a few weeks, when I have more time. Still not sure, though, whether it makes sense to put in the work for 0.4, while 0.5 is already in the works with some very promising features. Probably still better, to not let the gap grow further between librespot upstream and our used version.