script/release.sh: make builds reproducible

What it takes is add an empty buildid, which, together with previously
added strip invocation, results in reproducible build!

NB: earlier versions of this patch also added the following:

1. non-random libseccomp install $prefix;

2. "objcopy --enable-deterministic-archives $prefix/lib/libseccomp.a"
   to strip ar dates and UIDs/GIDs;

3. "-B=0x00" to EXTRA_LDFLAGS to have non-variable NT_GNU_BUILD_ID.

Apparently, all this is not needed with strip.

Signed-off-by: Kir Kolyshkin <[email protected]>

Author: kolyshkin

script/release.sh

@@ -33,7 +33,6 @@ function build_project() {
 	local libseccomp_ver='2.5.1'
 	local tarball="libseccomp-${libseccomp_ver}.tar.gz"
 	local prefix
-	local ldflags="-w -s"
 	prefix="$(mktemp -d)"
 	wget "https://github.com/seccomp/libseccomp/releases/download/v${libseccomp_ver}/${tarball}"{,.asc}
 	tar xf "$tarball"
@@ -44,6 +43,11 @@ function build_project() {
 	)
 	mv "$tarball"{,.asc} "$builddir"
 
+	# For reproducible builds, add these to EXTRA_LDFLAGS:
+	#  -w to disable DWARF generation;
+	#  -s to disable symbol table;
+	#  -buildid= to remove variable build id.
+	local ldflags="-w -s -buildid="
 	# Add -a to go build flags to make sure it links against
 	# the provided libseccomp, not the system one (otherwise
 	# it can reuse cached pkg-config results).