On 2022-04-27, Vagrant Cascadian wrote: > Lately, I've been trying to get a handle on the status of the really > core packages in Debian ... > I'd also be really curious to hear about the status of similar package > sets in other distros! With my metaphorical guix hoodie[1] on... $ guix describe Generation 73 May 02 2022 05:21:25 (current) guix 9dafaf1 repository URL: /home/vagrant/src/guix branch: master commit: 9dafaf163574edca5cb4eac0f8dc3edbb0ef0a75 $ guix challenge --diff=none $(cat guix-base-set) /gnu/store/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5 contents differ: no local build for '/gnu/store/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5' https://ci.guix.gnu.org/nar/zstd/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5: 19rg55v51wliy9v30sm82f38rxm1lqjpfqs6r63ikb3vklnj0pnw https://bordeaux.guix.gnu.org/nar/lzip/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5: 14fax6g9sx7qj64z73hrh8ydlbv6kxzhd1hbyqz7v0ra51bprv1k /gnu/store/7qz2jlghm4gc87jww5j24c5mcip0whzy-keyutils-1.6.3 contents differ: no local build for '/gnu/store/7qz2jlghm4gc87jww5j24c5mcip0whzy-keyutils-1.6.3' https://ci.guix.gnu.org/nar/lzip/7qz2jlghm4gc87jww5j24c5mcip0whzy-keyutils-1.6.3: 1sag2bq9kbp5np3fpakyi4xg96kxq5xwbb7ib4hamx2bqh6vscr9 https://bordeaux.guix.gnu.org/nar/lzip/7qz2jlghm4gc87jww5j24c5mcip0whzy-keyutils-1.6.3: 07ln4fqgvg0ag2d881xhgdw2h3m1lqzs6xlac8p7rz2rgx0wx1yr /gnu/store/ajw8nnrnd6hr183skwqdgc8c7mazg97h-isl-0.23 contents differ: no local build for '/gnu/store/ajw8nnrnd6hr183skwqdgc8c7mazg97h-isl-0.23' https://ci.guix.gnu.org/nar/lzip/ajw8nnrnd6hr183skwqdgc8c7mazg97h-isl-0.23: 03a180af1my7lmsnig01qhrirxa2fp7j052jw9kv5ff4i6ya7fh4 https://bordeaux.guix.gnu.org/nar/lzip/ajw8nnrnd6hr183skwqdgc8c7mazg97h-isl-0.23: 1j24gc6ysa9d3z4hq6lsxvdik94ddb7nj93krv7cs5lmbmjwmqw7 /gnu/store/45b6181w68a3lprx9m6riwgyinw3y145-guix-1.3.0-25.c1719a0 contents differ: no local build for '/gnu/store/45b6181w68a3lprx9m6riwgyinw3y145-guix-1.3.0-25.c1719a0' https://ci.guix.gnu.org/nar/lzip/45b6181w68a3lprx9m6riwgyinw3y145-guix-1.3.0-25.c1719a0: 0p7lhfxcx7bfjfwlyrp6h5j9fcyzswyj2wkbnhcd3fgxm5swdi6c https://bordeaux.guix.gnu.org/nar/lzip/45b6181w68a3lprx9m6riwgyinw3y145-guix-1.3.0-25.c1719a0: 0yfpcsmvbnzw0vpjrjwwrjih4ss3yvk7cy4k6ibdpsn7dcx9kw2c /gnu/store/1jgcbdzx2ss6xv59w55g3kr3x4935dfb-guile-3.0.8 contents differ: no local build for '/gnu/store/1jgcbdzx2ss6xv59w55g3kr3x4935dfb-guile-3.0.8' https://ci.guix.gnu.org/nar/lzip/1jgcbdzx2ss6xv59w55g3kr3x4935dfb-guile-3.0.8: 0vppx6fk1a7gvk9ccz9ma992w1h5bhfk535acddrnkhyrk92z5ln https://bordeaux.guix.gnu.org/nar/lzip/1jgcbdzx2ss6xv59w55g3kr3x4935dfb-guile-3.0.8: 05w5i5zq1k1avqx2gqxnqynn5lmdizis9babk34dkmnazb3h77kb 47 store items were analyzed: - 42 (89.4%) were identical - 5 (10.6%) differed - 0 (0.0%) were inconclusive I love that Guix really has batteries included when it comes to reproducible builds verification! :) At first, I thought I would have to build all this stuff locally, but then I realized guix actually has two independent build farms, so guix challenge can compare the results between them! For more data points, one could build them all locally! The fact that the guix and guile packages do not build reproducibly is a little disappointing as they're both so central to guix itself; I suspect parallelism triggers those reproducibility issues(from experience with Debian), though that may just reveal other issue in guile itself. The linux-libre package *ought* to be reproducible; I hope it is something easy to fix there... $ guix challenge --diff=diffoscope linux-libre /gnu/store/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5 contents differ: no local build for '/gnu/store/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5' https://ci.guix.gnu.org/nar/zstd/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5: 19rg55v51wliy9v30sm82f38rxm1lqjpfqs6r63ikb3vklnj0pnw https://bordeaux.guix.gnu.org/nar/lzip/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5: 14fax6g9sx7qj64z73hrh8ydlbv6kxzhd1hbyqz7v0ra51bprv1k ... 0% ETA: 4 days, 2:03:47 Ok... well, I guess I won't wait for the results... A better "core" package set for GNU Guix could surely be created. I came up with this list of packages by taking the essential, required and build-essential package sets from Debian, tweaking the package names appropriately, dropping debian-specific stuff, and adding guile and guix to create "guix-base-set": acl attr audit bash binutils bzip2 coreutils diffutils e2fsprogs elogind findutils gawk gcc glibc gmp grep guile guix gzip isl keyutils libcap libcap-ng libnsl libselinux libsigsegv libtirpc libxcrypt linux-pam linux-libre mpfr ncurses openssl patch pcre pcre2 perl readline rpcsvc-proto sed shadow tar tzdata util-linux xz zlib zstd > I would also like to see if there is anything in Debian or other > distros that still needs to be pushed upstream, so we can all benefit! Will dig into some of these issues and see how Debian and Guix are building them to see if there are any patches to share and push upstream. [1] Actually wearing my Aspiration Tech hoodie at the moment, but the Guix hoodie is around here somewhere... live well, vagrant