From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id ONiZKNFnymBMGwAAgWs5BA (envelope-from ) for ; Wed, 16 Jun 2021 23:06:25 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id +P89JNFnymCTBwAA1q6Kng (envelope-from ) for ; Wed, 16 Jun 2021 21:06:25 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5B3811168A for ; Wed, 16 Jun 2021 23:06:25 +0200 (CEST) Received: from localhost ([::1]:42930 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ltcjw-0008HI-02 for larch@yhetil.org; Wed, 16 Jun 2021 17:06:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52032) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ltcX1-0003V1-27 for guix-patches@gnu.org; Wed, 16 Jun 2021 16:53:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41871) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ltcX0-0006Cj-Ia for guix-patches@gnu.org; Wed, 16 Jun 2021 16:53:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ltcX0-0004KH-5n for guix-patches@gnu.org; Wed, 16 Jun 2021 16:53:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#48933] [PATCH] build: Make outputs of node-build-system reproducible. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 16 Jun 2021 20:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 48933 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Lars-Dominik Braun Cc: 48933@debbugs.gnu.org, jlicht@fsfe.org Received: via spool by 48933-submit@debbugs.gnu.org id=B48933.162387673016563 (code B ref 48933); Wed, 16 Jun 2021 20:53:02 +0000 Received: (at 48933) by debbugs.gnu.org; 16 Jun 2021 20:52:10 +0000 Received: from localhost ([127.0.0.1]:53417 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ltcW9-0004J5-RJ for submit@debbugs.gnu.org; Wed, 16 Jun 2021 16:52:10 -0400 Received: from eggs.gnu.org ([209.51.188.92]:54090) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ltcW8-0004Ir-7v for 48933@debbugs.gnu.org; Wed, 16 Jun 2021 16:52:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:33726) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ltcW1-0005ch-L6; Wed, 16 Jun 2021 16:52:01 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=36618 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ltcW1-0000G9-DV; Wed, 16 Jun 2021 16:52:01 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: Date: Wed, 16 Jun 2021 22:51:59 +0200 In-Reply-To: (Lars-Dominik Braun's message of "Wed, 9 Jun 2021 14:56:58 +0200") Message-ID: <87bl85pm6o.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1623877585; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=Xrc6u5haDzaqa7N7nET9Zf1ZYgiwtMFzOvLmX5YFTVs=; b=QlDoWXW7V2HHrS5x1+MzzrWGANrrNWbL4F9LN3OOnzmC9JU9iClhpgA0u+aZkoTZFUZXM+ r+PxvMb/M9Xvo5ZS5/wxJ4o/R/KVg1Q/3OxoC853mTThyKH36BWBcA9FT1dKU2QUd4MwVf ydDJ+WRIcixT/DVkJLhuE8JUoRZles9jBbkq19LQpjrGilT48yche/5GkS9y8yMM+GkBmP jvZ13KD9ATXAA5v1PGaJKJLDk5seQNZPJdLOLwHnkH7NPVx1SGMh3mnmfx0Ku2Zba6k2ZC Nac3jw6GV+KhExCIGztkPQjkWqt90VRdn/HsYiAKJoiYCrmoSXs1nRxNZbeufw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1623877585; a=rsa-sha256; cv=none; b=c7vSRxAZEyXegeN5jhnkvfiLlNNi1EqPzwOWIi9ffku9PUuScYg52CXw0K7exZ8GUFe8SX PsBHAW68GkhwNyfOz3X3vHmW6bF7gEBVY1nBeoZQNLbDF+LmYJ2wa+dXQVJ9k9e8sS+eZf sj6ciUk2ZIs7g4eanE+cXjpyedh4vtRLS2o+fSG6p95Luaw/Rf8vjblfo5pcQmw36Gk9WB C/NjMXYF/CHM4vv3K2Q3ve8m+EkpS1A+eYanIhsV+7/SmxBeFv1KWxmhRn1ZOIPj6Pp4mb NGDQzIXxM8K62V+4pj/eq/UvGPjX2kQaNDzUBEvsKcagaLQ28pcC5ABHiq+lJw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -2.93 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 5B3811168A X-Spam-Score: -2.93 X-Migadu-Scanner: scn1.migadu.com X-TUID: ItjFYzPb3IgH Hi, Lars-Dominik Braun skribis: > package.json records two hashes of package.tgz, which change for each > build, resulting in non-reproducible builds. > > * guix/build/node-build-system.scm (repack): Add reproducibility options > to tar command. Yay! > (define* (repack #:key inputs #:allow-other-keys) > - (invoke "tar" "-czf" "../package.tgz" ".") > + (invoke "tar" > + ;; Add options suggested by https://reproducible-builds.org/do= cs/archives/ > + "--sort=3Dname" > + (string-append "--mtime=3D" (getenv "SOURCE_DATE_EPOCH")) I think it should be "--mtime=3D@". > + "--owner=3D0" > + "--group=3D0" > + "--numeric-owner" > + "--pax-option=3Dexthdr.name=3D%d/PaxHeaders/%f,delete=3Datime,= delete=3Dctime" > + "-czf" "../package.tgz" ".") I didn=E2=80=99t know about this =E2=80=98--pax-option=E2=80=99 trick; sinc= e it=E2=80=99s only useful when POSIXLY_CORRECT is set, perhaps we can remove it? (guix docker) does this: --8<---------------cut here---------------start------------->8--- (define %tar-determinism-options ;; GNU tar options to produce archives deterministically. '("--sort=3Dname" "--mtime=3D@1" "--owner=3Droot:0" "--group=3Droot:0" ;; When 'build-docker-image' is passed store items, the 'nlink' of the ;; files therein leads tar to store hard links instead of actual copies. ;; However, the 'nlink' count depends on deduplication in the store; it= 's ;; an "implicit input" to the build process. '--hard-dereference' ;; eliminates it. "--hard-dereference")) --8<---------------cut here---------------end--------------->8--- and (guix packages) does something similar. So =E2=80=98--sort=3Dname=E2=80=99 seems to be missing. HTH, Ludo=E2=80=99.