Add creation of the build-id to the linker flags

[imciner2]

This is the toolchain part of the implementation of the build-id. This should now make the linker build in a build-id to the libraries/executables, and use one that also allows reproducibility.

ref: JuliaPackaging/Yggdrasil#11013, JuliaPackaging/BinaryBuilder.jl#1272

[imciner2]

Forgot that build-id is an ELF only thing, so we can only add it on Linux and FreeBSD.

[giordano]

Can we have some tests?

[giordano]

Side note, I just realised we may not have reproducibility tests in this repo. We have some in BinaryBuilder: https://github.com/search?q=repo%3AJuliaPackaging%2FBinaryBuilder.jl+reproducibility+language%3AJulia+path%3A%2F%5Etest%5C%2F%2F&type=code

[imciner2]

I've blind-coded a test for this based on what I think the output should be. Let's see if that passes. it's a bit awkward because we don't have the actual elf to query here, so I had to do a readelf inside the script and just parse the output.

[giordano]

Can ObjectFile.jl read the notes?

[imciner2]

Can ObjectFile.jl read the notes?

It can, but I didn't see any place where we can get the actual compiled file out in these tests already (or at least I didn't see any tests doing it), and we didn't have ObjectFile.jl in the deps already, so I didn't dive deeper into trying to make that work.

Using ObjectFile.jl, this is pseudo-code to test if the build-id section exists (and can also form the basis for an Audit pass in BinaryBuilder.jl):

l = open(<lib>)
obj_handles = readmeta(l)
obj = first(obj_handles)
sec = ELFSections(obj)

# This will be true if there is no section
findfirst(s -> section_name(s) == ".note.gnu.build-id", sec) === nothing

[imciner2]

And I guess readelf in the sandbox is old enough it doesn't decode the name of the section, so we have to match on the description NT_GNU_BUILD_ID instead (which was in the output).

[giordano]

Looks good to me. @vtjnash do you want to have a look?

[imciner2]

It's not quite as easy on Windows. Apparently, the support for build-id was added in binutils 2.25, which means we can only support the build-id on Windows for GCC >= 5.2.0 and not the default GCC 4.8.5 we use.

[giordano]

You should be able to access gcc_version to conditionally set that, right?

[imciner2]

Yep, that variable should be accessible. I just went down the rabbit hole of also adding a test for the Windows COFF format including the build-id info.

[imciner2]

Ok, after going down yet another rabbit hole to get the tests for the build-id running on the Windows binaries, this should be good to go now. We will add a reproducible build-id to all platforms other than macOS automatically now (but I think I read somewhere macOS compilers provided a build-id already, so that shouldn't be a problem).