GNU bug report logs - #36747
Official MesCC bootstrap binaries differ from my locally built ones

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Sat, 20 Jul 2019 22:46:01 UTC

Severity: serious

Done: Mark H Weaver <mhw <at> netris.org>

Bug is archived. No further changes may be made.

Full log

Message #46 received at 36747 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 36747 <at> debbugs.gnu.org
Subject: Re: bug#36747: Official MesCC bootstrap binaries differ from my
 locally built ones
Date: Mon, 12 Aug 2019 03:08:45 -0400

Hi Ludovic,

Ludovic Courtès <ludo <at> gnu.org> writes:

> Mark H Weaver <mhw <at> netris.org> skribis:
>
>>> I have added a very similar set of two patches to wip-cu-binaries,
>>> branched @ ef809e3ac036eccc5f9c9edd8fb661d14ae15f2f.
>>>
>>> They give the same md5sum for me as the wip-binaries branch that
>>> branched off of master; so mine are at
>>> http://lilypond.org/janneke/guix/20190722/
>>
>> I built these, and here are the results:
>>
>> mhw <at> jojen /gnu/store/hd3lk0f08a0sq40qqa6yv1q9gbk7gxww-bootstrap-tarballs-0$ sha256sum *
>> b5915c71ff5ea722864e1097ce1e7ed50fd68ad7544521f2dd6969173c260276  guile-static-stripped-2.2.4-i686-linux.tar.xz
>> 1acd8f83e27d2fac311a5ca78e9bf11a9a1638b82469870d5c854c4e7afaa26a  linux-libre-headers-stripped-4.14.67-i686-linux.tar.xz
>> 021543d9bb6af55f39e68d69692e3cb74646ced2cad0bb9ac0047ef81e9d7330  mescc-tools-static-stripped-0.5.2-0.bb062b0-i686-linux.tar.xz
>> fb32090071b39fc804fb9a7fba96f0bc5eb844a0efd268fb24c42e6bfa959de0  mes-minimal-stripped-0.19-i686-linux.tar.xz
>> 9ee954dc19db5c8d4113c73a702fd8f79f26c51024220f2617d0572c0a85e69c  static-binaries-0-i686-linux.tar.xz
>>
>> Do these match what you built?
>
> We verified things back then:
>
>   https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00046.html
>
> This was on commit 4ae7dc7b9af64794081b1913740b97acd89c91bc, which is
> earlier than the one you’re looking at (commit
> ef809e3ac036eccc5f9c9edd8fb661d14ae15f2f, right?)

Yes.  However, I just noticed a more serious problem.

The "independent verification" that you and I performed at commit
4ae7dc7b9af64794081b1913740b97acd89c91bc was bogus, because at that
commit, %bootstrap-inputs had already been changed to use an earlier
draft of the reduced binary seed, based on unverified bootstrap tarballs
downloaded from lilypond.org.

In order to perform a truly independent verification, we need to build
the new bootstrap binaries without using the new bootstrap binaries.
Otherwise our verification is circular.

It seems to me that the best way to accomplish this is to backport the
new '%bootstrap-tarballs' from 'wip-cu-binaries' to the 'master' branch.

What do you think?

      Thanks,
        Mark
This bug report was last modified 5 years and 320 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.