From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp2.migadu.com ([2001:41d0:303:e224::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms13.migadu.com with LMTPS
	id qPJaKEI9bGfy1wAAe85BDQ:P1
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 25 Dec 2024 17:13:38 +0000
Received: from aspmx1.migadu.com ([2001:41d0:303:e224::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2.migadu.com with LMTPS
	id qPJaKEI9bGfy1wAAe85BDQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 25 Dec 2024 18:13:38 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=L2sBndWE;
	dkim=fail ("headers eddsa verify failed") header.d=josefsson.org header.s=ed2303 header.b=EjxHJbS9;
	dkim=fail ("headers rsa verify failed") header.d=josefsson.org header.s=rsa2303 header.b=VwP30Da0;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1735146818;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe:
	 list-post:dkim-signature:openpgp:openpgp;
	bh=XIWbmLgyHz+rtnrDspz5FBAwWlhymDmex7FgM4n/aRg=;
	b=iiRLXgGk2DoeVyTp3adNmcYIaqWYMBHjI1Rew0Hg0nyRwEbhRLlGp+nVV0UJvcFcgZfIcB
	Vt1oXavaS+PnJh3arOuMjHeXsuDH/+QMyMtgC/gWO4aRJBEBMzRxzGX95RIy+dnGWIv7pK
	/45dx7kqwhDBnsLT/UbnqFX5YZDCqlLDBWZYTC3iZB1O6puYRVs9zjnwpV/3kqoDPb85Vw
	kU2eGmSrab6y580FVYO+XeID7LxiljSsWdy95le+786Wy0OZoCA/e5ogcS+QyaeJiuFbiA
	BHGV5LNDdwEGVWKfeHFzh+jNDzh4MsOygVTpvZmHue+SP7SJD9cn9HugIj8Ayw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=L2sBndWE;
	dkim=fail ("headers eddsa verify failed") header.d=josefsson.org header.s=ed2303 header.b=EjxHJbS9;
	dkim=fail ("headers rsa verify failed") header.d=josefsson.org header.s=rsa2303 header.b=VwP30Da0;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1735146818; a=rsa-sha256; cv=none;
	b=ibWZP5PWJMyQit2KjBRl67WfoocFwkwtGrxggO/sLS9m/GhkWPCNObfozuT+w8j+0H0yS9
	b/q+JeKXLfu0IUpMg7X578+uQU/Qjmrkl/xTK2gfYGbhKYLSYz4XBRj/OshlyvOEmAOOuq
	LfYA9mZckxn2HvrMfKJTUKKAL7IOzIvdG7Iqbav2ssThjywIvMd0snprBr+oZdfGYVAKDw
	tjmp7SQJiy6BEYEIcyygH5vg5A4prZWcVhgCQEkkfnVgHrAizjAHoeMqciqd3OPzsyrr//
	0GAf1b60BWBOTbibxSXzl8BFj1dyDsXpgVxJVrvSLIKwvlje3WXu3u/hkfo0Vg==
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 9547763F3E
	for <larch@yhetil.org>; Wed, 25 Dec 2024 18:13:37 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces@gnu.org>)
	id 1tQUwZ-0006VQ-0M; Wed, 25 Dec 2024 12:13:11 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tQUwR-0006V1-Iv
 for bug-guix@gnu.org; Wed, 25 Dec 2024 12:13:03 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tQUwR-0007sd-AV
 for bug-guix@gnu.org; Wed, 25 Dec 2024 12:13:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:Date:From:To:Subject;
 bh=XIWbmLgyHz+rtnrDspz5FBAwWlhymDmex7FgM4n/aRg=; 
 b=L2sBndWEhCUcIPfspMFwdjEF47gUPDURk84SaFxz1OsrR7AfiXX1uKQUKzaq30F2DsB4/yI2yy/X8axxoijxLHOrTTrATOH1JGgHRXITORODychNPqH5Rb1S0j+Vgsd+0AdJLt68prSgRSGnib7W37KarFjvqTKpz99RSpOcGYVe8qAco0E2dL81U4vn7UX2azkBDNavE7b5dhCuE9BWDKF27W6jd+rc/mnJL190/7lLJDsoN4P1gAh6SdJkLKYQLNME+/o096hI+4N3JqqmA4EiFzJaKamdNgBJy+Ki3QhBovpNmYKr80kLj8I339MyMfSHfkq750x+Fsq74f8PRA==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tQUwQ-0006dK-3R
 for bug-guix@gnu.org; Wed, 25 Dec 2024 12:13:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: bug#75090: Make 'guix pack -f docker' tarballs reproducible?
Resent-From: Simon Josefsson <simon@josefsson.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Wed, 25 Dec 2024 17:13:01 +0000
Resent-Message-ID: <handler.75090.B.173514674525449@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 75090
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 75090@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.173514674525449
 (code B ref -1); Wed, 25 Dec 2024 17:13:01 +0000
Received: (at submit) by debbugs.gnu.org; 25 Dec 2024 17:12:25 +0000
Received: from localhost ([127.0.0.1]:38676 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tQUvp-0006cP-AK
 for submit@debbugs.gnu.org; Wed, 25 Dec 2024 12:12:25 -0500
Received: from lists.gnu.org ([209.51.188.17]:35924)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <simon@josefsson.org>) id 1tQUvm-0006cH-St
 for submit@debbugs.gnu.org; Wed, 25 Dec 2024 12:12:23 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <simon@josefsson.org>)
 id 1tQUtg-0006JK-4L
 for bug-guix@gnu.org; Wed, 25 Dec 2024 12:10:12 -0500
Received: from uggla.sjd.se ([2001:9b1:8633::107])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <simon@josefsson.org>)
 id 1tQUtd-0007Kt-3w
 for bug-guix@gnu.org; Wed, 25 Dec 2024 12:10:11 -0500
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed;
 d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:Date:
 Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
 Content-Description; bh=XIWbmLgyHz+rtnrDspz5FBAwWlhymDmex7FgM4n/aRg=;
 t=1735146599; x=1736356199; b=EjxHJbS9h0ZNbAgOFy7EbFhPxGLXaTDGxwpilTlIZgUfRRg
 CXTwuRX0VSuBs3Luhq32aPy7rlAbQr66o/zthBg==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID:Date:
 Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
 Content-Description; bh=XIWbmLgyHz+rtnrDspz5FBAwWlhymDmex7FgM4n/aRg=;
 t=1735146599; x=1736356199; b=VwP30Da0shMvh3fKzab6i1DJ+aAf/Gp7El3ZwRjxY1RPg0e
 wPbhQmQ7w5y/JRQCf5lywDtDMhDq0C+58Ksmlk94CGXGrguaigmL6y1LTvXIFxxtKo5guGQTUCK4Z
 ONKZ5drzNF0TclNXDRalyOhfVpsNLUzD8k2irOTqaAigLdLEj45JNYy8FPXiUXSiFcsRJZOtJiQAX
 eN+fWwbHSM82xbIIQQxtQOQKvjt+TcILG5tlTiScA7+iTCRUEkhPxnN9318rtgjKLGy/2if/QZwL3
 2qN91CMdubNev7BbnSA/WuRKHcIVBB+GcUDzukprNFFPFmkVquWyqThrwCxTNlSC1mNekCSjKHrXD
 M4DdOC3H8vPh3tnA2XoJAt8PRBc0lG4NrRT3ROR8TWQ9et5L4A94GggpA4+9E+got1LG9OaBPTlLp
 cPhVSQ7NEv8Mn+KWVoyEpyS1;
Received: from h-178-174-130-130.a498.priv.bahnhof.se ([178.174.130.130]:46134
 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <simon@josefsson.org>) id 1tQUtR-007X99-O8
 for bug-guix@gnu.org; Wed, 25 Dec 2024 17:09:57 +0000
X-Hashcash: 1:23:241225:bug-guix@gnu.org::LygcWLijrr5QqAa/:uY1n
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE;
 url=https://josefsson.org/key-20190320.txt
Date: Wed, 25 Dec 2024 18:10:14 +0100
Message-ID: <87msgjofih.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Received-SPF: pass client-ip=2001:9b1:8633::107;
 envelope-from=simon@josefsson.org; helo=uggla.sjd.se
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Reply-to:  Simon Josefsson <simon@josefsson.org>
From:  Simon Josefsson via Bug reports for GNU Guix <bug-guix@gnu.org>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: bug-guix-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Scanner: mx12.migadu.com
X-Migadu-Spam-Score: -1.61
X-Spam-Score: -1.61
X-Migadu-Queue-Id: 9547763F3E
X-TUID: juVDj7QQoruG

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi

I am creating docker archives using:

guix pack guix bash-minimal coreutils-minimal net-base --save-provenance -S=
 /bin=3Dbin -S /share=3Dshare -f docker --image-tag=3Dguix --max-layers=3D8=
 --verbosity=3D2

To my surprise the output was not reproducible between re-runs.

The reason is because of the timestamp and ownership information in the
outer tarball.  The internals are identical and reproducible.  See
diffoscope output below.

I tried to work around it by wrapping either the 'guix pack' or
'guix-daemon' commands with this environment variable, which I suggest
for inspiration as additional parameters to tar:

TAR_OPTIONS=3D"--owner=3D0 --group=3D0 --numeric-owner --sort=3Dname --mode=
=3Dgo+u,go-w --mtime=3D@0"

I would prefer 'guix pack' produced reproducible archives by default.

Alternatively, provide a way to allow me as user to specify some
parameters for 'guix pack' to make that happen.

/Simon

jas@kaka:~/src/guix-container$ diffoscope stage1-docker-pack.tar.gz-1 stage=
1-docker-pack.tar.gz-2=20
=2D-- stage1-docker-pack.tar.gz-1
+++ stage1-docker-pack.tar.gz-2
=E2=94=82   --- stage1-docker-pack.tar.gz-1-content
=E2=94=9C=E2=94=80=E2=94=80 +++ stage1-docker-pack.tar.gz-2-content
=E2=94=82 =E2=94=9C=E2=94=80=E2=94=80 file list
=E2=94=82 =E2=94=82 @@ -1,10 +1,10 @@
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999) 42145=
7920 2024-12-25 16:31:15.000000 sha256:e69812bf459ea0fba42d1d6fd518410a4e58=
8ddd4e4c007ddb4dd48c9c04293a/layer.tar
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999) 56330=
240 2024-12-25 16:31:16.000000 sha256:45e67bf9fcad2f255f20dc614224b9e4260da=
1b63f2a361c2479e1ed64a9210a/layer.tar
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999) 37632=
000 2024-12-25 16:31:16.000000 sha256:a8d1b46be57ba5a41051dedcf2d8d7bb2f13a=
9d58078729a962d04f5178274ba/layer.tar
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999) 41523=
200 2024-12-25 16:31:16.000000 sha256:0756f500c123ba4f34cda21e5232932799fd3=
6c15243f7fcb1ef38ff6ec7533d/layer.tar
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999) 37806=
080 2024-12-25 16:31:17.000000 sha256:bf18d11d88b81af3f6fb49b7d4b092d479b79=
67ac8dc4980cc381170997c6ccf/layer.tar
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999) 17582=
080 2024-12-25 16:31:17.000000 sha256:9263a9904763737f9e8bdf08ca52cede34c2f=
a9e99abe7f9ef273111752cb2ca/layer.tar
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999) 14776=
3200 2024-12-25 16:31:20.000000 sha256:3d9a70bc298db46d9fdd95badacd3ec5586f=
3965110bb85b748be6bcfc57b171/layer.tar
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999)    10=
240 2024-12-25 16:31:14.000000 sha256:3fb6718bc797283e8283fe1b843596ace2e62=
db47d5b38d228a64a6bbb7c3564/layer.tar
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999)      =
736 2024-12-25 16:31:21.000000 manifest.json
=E2=94=82 =E2=94=82 --rw-r--r--   0 nixbld     (997) nixbld     (999)      =
842 2024-12-25 16:31:21.000000 config.json
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999) 42145=
7920 2024-12-25 16:41:20.000000 sha256:e69812bf459ea0fba42d1d6fd518410a4e58=
8ddd4e4c007ddb4dd48c9c04293a/layer.tar
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999) 56330=
240 2024-12-25 16:41:21.000000 sha256:45e67bf9fcad2f255f20dc614224b9e4260da=
1b63f2a361c2479e1ed64a9210a/layer.tar
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999) 37632=
000 2024-12-25 16:41:22.000000 sha256:a8d1b46be57ba5a41051dedcf2d8d7bb2f13a=
9d58078729a962d04f5178274ba/layer.tar
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999) 41523=
200 2024-12-25 16:41:22.000000 sha256:0756f500c123ba4f34cda21e5232932799fd3=
6c15243f7fcb1ef38ff6ec7533d/layer.tar
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999) 37806=
080 2024-12-25 16:41:22.000000 sha256:bf18d11d88b81af3f6fb49b7d4b092d479b79=
67ac8dc4980cc381170997c6ccf/layer.tar
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999) 17582=
080 2024-12-25 16:41:23.000000 sha256:9263a9904763737f9e8bdf08ca52cede34c2f=
a9e99abe7f9ef273111752cb2ca/layer.tar
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999) 14776=
3200 2024-12-25 16:41:25.000000 sha256:3d9a70bc298db46d9fdd95badacd3ec5586f=
3965110bb85b748be6bcfc57b171/layer.tar
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999)    10=
240 2024-12-25 16:41:19.000000 sha256:3fb6718bc797283e8283fe1b843596ace2e62=
db47d5b38d228a64a6bbb7c3564/layer.tar
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999)      =
736 2024-12-25 16:41:26.000000 manifest.json
=E2=94=82 =E2=94=82 +-rw-r--r--   0 nixbld     (997) nixbld     (999)      =
842 2024-12-25 16:41:26.000000 config.json
jas@kaka:~/src/guix-container$=20

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCZ2w8dhQcc2ltb25Aam9z
ZWZzc29uLm9yZwAKCRBRcisI/kdFolS9AP9SiacOwwv/Ljjy5xRtSr7oLC/qTI4N
bU55c/QBqV2EcAD/V4CFBFN63O7OFRDIQ100CYhotoRUnF7IQ+Pme7XPnQU=
=mjf4
-----END PGP SIGNATURE-----
--=-=-=--