Package: guix;
Reported by: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org>
Date: Sun, 1 Aug 2021 00:22:01 UTC
Severity: normal
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Denis 'GNUtoo' Carikli <GNUtoo <at> cyberdimension.org> To: bug-guix <at> gnu.org Subject: Guix time machine provenance/manifest reproducibility issue? Date: Sun, 1 Aug 2021 02:21:42 +0200
[Message part 1 (text/plain, inline)]
Hi,
I've been trying to reproduce a tarball
(sz1lkq3ryr5iv6amy6f3d2pziks27g28-tarball-pack.tar.xz) that I generated
with guix pack on guix master the 28 January 2021.
To build it, in January, I used the following commands:
> guix pull
> guix pack \
> --compression=xz \
> --save-provenance \
> -RR \
> --symlink=/usr/local/bin/repo=bin/repo \
> --symlink=/usr/local/bin/repo-env.sh=etc/profile \
> git-repo le-certs nss-certs git python-certifi
That tarball is publicly available in the Replicant ftp server[1].
The extracted provenance file (named manifest) has the following
content:
> ;; This file was automatically generated and is for internal use only.
> ;; It cannot be passed to the '--manifest' option.
>
> (manifest
> (version 3)
> (packages
> (("git-repo"
> "2.4.1"
> "out"
> "/gnu/store/d4frkcdq15a7gyfjdggwg44ryi46fa2d-git-repo-2.4.1R"
> (propagated-inputs ())
> (search-paths ())
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))) ("le-certs"
> "0"
> "out"
> "/gnu/store/x004p4hnyy0ickg2f5msvrpszhy9hzpl-le-certs-0R"
> (propagated-inputs ())
> (search-paths ())
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))) ("nss-certs"
> "3.57"
> "out"
> "/gnu/store/shc8qpw1y2k7q668rx4gl6aff0wp1n6v-nss-certs-3.57R"
> (propagated-inputs ())
> (search-paths ())
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))) ("git"
> "2.30.0"
> "out"
> "/gnu/store/378nlw54nxy991jcilnnbrxasnfvv9wl-git-2.30.0R"
> (propagated-inputs ())
> (search-paths
> (("GIT_SSL_CAINFO"
> ("etc/ssl/certs/ca-certificates.crt")
> #f
> regular
> #f)
> ("GIT_EXEC_PATH"
> ("libexec/git-core")
> #f
> directory
> #f)))
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))) ("python-certifi"
> "2020.11.8"
> "out"
> "/gnu/store/hmp6ab9kw1z3hjns9h1fm3afsq4g6j7x-python-certifi-2020.11.8R"
> (propagated-inputs ())
> (search-paths ())
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))))))
So I tried to reproduce it with the following command:
> guix time-machine \
> --commit=f9bd4621dd92a9415276706b476b9bd2973411fa -- \
> pack \
> --compression=xz \
> --save-provenance \
> -RR \
> --symlink=/usr/local/bin/repo=bin/repo \
> --symlink=/usr/local/bin/repo-env.sh=etc/profile \
> git-repo le-certs nss-certs git python-certifi
But the new tarball filename was different.
vivien in #guix helped me a lot by trying to build that tarball too and
me and viven have the same filename with guix-time-machine:
bfxvk59q0m034iyq5zkk841zkisayyjl-tarball-pack.tar.xz
We then managed to get to the root cause of the difference.
All the binaries were the sames. All the differences comes from the
fact that the provenance file (named 'manifest') is different.
That difference then produces a different profile name and also affects
/usr/bin as that references the profile.
Diffing the two provenance files gives that:
> +++
> bfxvk59q0m034iyq5zkk841zkisayyjl-tarball-pack/gnu/store/216jiimdyw7zyx8s9b3fz67aw69ydkvw-profile/manifest
> 1970-01-01 01:00:01.000000000 +0100 @@ -15,9 +15,10 @@ (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
> (version 0)
> @@ -36,9 +37,10 @@
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
> (version 0)
> @@ -57,9 +59,10 @@
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
> (version 0)
> @@ -88,9 +91,10 @@
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
> (version 0)
> @@ -109,9 +113,10 @@
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
I've tried to add --branch=master to guix time-machine and used guix
gc -D to remove the older tarball as it didn't rebuild it even with
--rounds=2, and at the end I still got the exact same
bfxvk59q0m034iyq5zkk841zkisayyjl-tarball-pack.tar.xz tarball (I've
compared both with cmp).
Am I doing something wrong, or is there an issue that needs to be fixed
somehow?
References:
-----------
[1]https://ftp.osuosl.org/pub/replicant/build-tools/repo/28-01-2021/
Denis.
[Message part 2 (application/pgp-signature, inline)]
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.