GNU bug report logs - #49801
Guix time machine provenance/manifest reproducibility issue?

Previous Next

Package: guix;

Reported by: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>

Date: Sun, 1 Aug 2021 00:22:01 UTC

Severity: normal

Full log

Message #11 received at 49801 <at> debbugs.gnu.org (full text, mbox):

From: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: 49801 <at> debbugs.gnu.org
Subject: Re: bug#49801: Guix time machine provenance/manifest
 reproducibility issue?
Date: Thu, 2 Sep 2021 00:27:42 +0200

[Message part 1 (text/plain, inline)]
Hi again.

With and without this patch:
> diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
> index fb8ce50fa7..af1cf77f07 100644
> --- a/guix/scripts/pull.scm
> +++ b/guix/scripts/pull.scm
> @@ -739,7 +739,7 @@ Use '~/.config/guix/channels.scm' instead."))
>               (cons (match ref
>                       (('commit . commit)
>                        (channel (inherit guix)
> -                               (url url) (commit commit) (branch
> #f)))
> +                               (url url) (commit commit)))
>                       (('branch . branch)
>                        (channel (inherit guix)
>                                 (url url) (commit #f) (branch
> branch)))

on top of 95c29d2746943733cbe8df7013854d45bb0df413 ("gnu: electron-cash:
Update to 4.2.5." which is today's master HEAD), I get the same diff
with and without time-machine.

I made and used this Makefile to build two hello tarball in both cases:
> COMMIT ?= 95c29d2746943733cbe8df7013854d45bb0df413
> 
> all: \
> 	hello-guix-$(COMMIT).tar.xz \
> 	hello-time-machine-$(COMMIT).tar.xz \
> 
> hello-guix-$(COMMIT).tar.xz:
> 	install -m 644 \
> 		`../pre-inst-env \
> 		guix pack \
> 		--compression=xz --save-provenance hello` \
> 	$@
> 
> hello-time-machine-$(COMMIT).tar.xz:
> 	install -m 644 \
> 		`../pre-inst-env guix time-machine \
> 			--branch=master \
> 			--commit=$(COMMIT) \
> 			-- \
> 			pack --compression=xz --save-provenance hello` \
> 	$@

And once the file named manifest is extracted from both tarballs I get
this diff (with and without your slightly modified patch):
> --- ./hello-guix-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/lw9x5aimyqcq5iazj786fv7q5l3h0syk-profile/manifest	1970-01-01 01:00:01.000000000 +0100
> +++ ./hello-time-machine-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/30pf6ppiqpjsjaaiw35kc5lp6dcixpf1-profile/manifest	1970-01-01 01:00:01.000000000 +0100
> @@ -12,4 +12,19 @@
>        "/gnu/store/a462kby1q51ndvxdv3b6p0rsixxrgx1h-hello-2.10"
>        (propagated-inputs ())
>        (search-paths ())
> -      (properties)))))
> +      (properties
> +        (provenance
> +          (repository
> +            (version 0)
> +            (url "https://git.savannah.gnu.org/git/guix.git")
> +            (branch #f)
> +            (commit
> +              "95c29d2746943733cbe8df7013854d45bb0df413")
> +            (name guix)
> +            (introduction
> +              (channel-introduction
> +                (version 0)
> +                (commit
> +                  "9edb3f66fd807b096b48283debdcddccfea34bad")
> +                (signer
> +                  "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA"))))))))))

PS: In the diff at the top there is a slight difference with the patch
    that you suggested: I only removed (branch #f) so I end up with one
    more parenthesis at the end.

Denis.

[Message part 2 (application/pgp-signature, inline)]
This bug report was last modified 3 years and 287 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.