[Dev-luatex] Bug#1009196: texlive-binaries: Reproducible content of .fmt files

Hans Hagen j.hagen at xs4all.nl
Mon Apr 11 09:00:19 CEST 2022

On 4/11/2022 6:56 AM, Norbert Preining wrote:
> Hi Luigi, hi all luatex devs,
> here at Debian we got a bug report about reproducability of luatex
> format dumps. It contains a patch to make the hyphenation exception list
> sorted. (I attach the patch)
> Could you please take a look whether this is still relevant for the
> latest release of luatex.
it actually defeats one of the security properties of lua (which was 
explicitly introduced at some point: make sure that hashes have random 
order each run so that it's harder to retrieve sensitive data from mem)

that said, it means that as soon as something gets stored in the format 
otherwise (than exceptions) one can face the same issue (although one 
can work around that by sorting etc)

if you want reproducibility for some testing, mess with this instead:

#if !defined(luai_makeseed)
#include <time.h>
#define luai_makeseed()		cast(unsigned int, time(NULL))

anyway, formats with embedded lua data (serialized or bytecode is never 
guaranteed the same unless one does soem effort)

fwiw: the easiest solution is to not store patterns and exceptions in 
the format and just load them runtime which is just as fast (in 
retrospect not a good idea to store it but it was needed for some plain 
compatibility testing)


(who in the past has been bitten by this 'random feature' when we made 
the switch to 5.3, or maybe it was even 5.2; it used to be 'random per 
binary' and became 'random per run' but we decided to stick with 
official lua)

                                           Hans Hagen | PRAGMA ADE
               Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
        tel: 038 477 53 69 | www.pragma-ade.nl | www.pragma-pod.nl

More information about the dev-luatex mailing list