all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Leo Famulari <leo@famulari.name>
To: Danny Milosavljevic <dannym@scratchpost.org>
Cc: 27563@debbugs.gnu.org
Subject: bug#27563: [PATCH v3 2/2] gnu: ghostscript: Write document ID only when encrypting.
Date: Fri, 7 Jul 2017 13:24:07 -0400	[thread overview]
Message-ID: <20170707172407.GA28712@jasmine.lan> (raw)
In-Reply-To: <20170707184225.4279f1cd@scratchpost.org>

[-- Attachment #1: Type: text/plain, Size: 3855 bytes --]

On Fri, Jul 07, 2017 at 06:42:25PM +0200, Danny Milosavljevic wrote:
> Leo Famulari <leo@famulari.name> wrote:
> > > That leaves the document UUID - and upstream, in some of the other
> > I think the lowest risk is to do nothing to Ghostscript and move the PDF
> > documentation to a separate 'doc' output. Then, we could have
> > reproducible binaries and ignore the PDF issues for now. Does anyone
> > know how many packages include PDF documentation built with Ghostscript?
> 
> Aren't the derivations of the doc outputs still a problem?  For
> example, Hydra will run out of space sooner or later because it keeps
> building them, right?

Do these timestamps and UUID affect the derivations? I figured they only
affected the result of running the derivation — that is, the output of
the build process. Those outputs are what we'd like to create
reproducibly, but they don't cause rebuilds if they are not
reproducible.

If a package's dependency graph is identical to before, Guix (and I
assume Hydra) will not rebuild it, even if we humans know that the built
output is unreproducible, such as when timestamps are embedded.

My apologies if I misinterpreted your question.

We run out of space and have to garbage collect periodically anyways.
Regardless, once we own the Hydra machine, I'd like for us to buy a huge
amount of storage and keep built outputs for much longer than we do now.
In practice, it's not really possible to go back in time more than 6
months of Guix, due to missing upstream sources and test suites with
expiration dates.

> > 2) At least some of the patches in the related Ghostscript discussions
> > seem to be proof of concepts rather than finished code:
> > https://bugs.ghostscript.com/show_bug.cgi?id=697484#c3
> > So, if these patches came from there, we'd want to be extra careful.
> 
> No, I wrote the ones here without external sources (except for the
> direct discussion on my newish upstream bug report, and the PDF and
> XMP specifications - whatever worth they have).

Ah, thanks for the clarification.

> > By the way, this is the patch used for Debian's latest Ghostscript
> > package:
> > 
> > https://anonscm.debian.org/git/printing/ghostscript.git/tree/debian/patches/2010_add_build_timestamp_setting.patch?id=e2bf3ad7026afe13636d4937430c3fdae7854078
> > 
> > That patch was not reviewed on a public forum, at least nothing I can
> > find with Google. Again, I'd want to get the Ghostscript team's advice.
> 
> On such an approach they advised that we should only generate *unique*
> UUIDs.  But the UUIDs are generated from these times.  So that linked
> patch would generate multiple non-unique uuids on systems.
> 
> That's why I removed the entire UUID and Time sections and actually
> didn't fiddle with the ghostscript-internal times at all.  Builds
> reproducibly.
> 
> I wonder how many packages actually use the ghostscript pdf writer
> too.  How to find that out?
> 
> Note that groff itself also fails to build reproducibly without the
> patches.
> 
> In any case, the patch 2/2 is quite tame (it looks scary because of
> the printf splitting, but it's actually just either leaving "/ID[...]"
> off or not, globally).
> 
> But I understand that it would be even easier to do nothing.  Wouldn't
> make the stuff reproducible, though.
> 
> I'd vote for an environment variable to disable UUID printing and also
> Time header printing.  That way it would do everything normally in
> regular usage - but when used in packages, it would just not *print*
> the problematic stuff.  No internal state is changed at all by the
> patches.

Okay, thank you for explaining this (especially if you already explained
it! It's hard to join a conversation like this halfway through). I'll
read your patches carefully later today.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  reply	other threads:[~2017-07-07 17:25 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-03 18:08 bug#27563: ghostscript-with-cups is not reproducible Danny Milosavljevic
2017-07-03 18:16 ` bug#27563: [PATCH] gnu: ghostscript: Add phase "remove-timestamps" Danny Milosavljevic
2017-07-03 19:18   ` Efraim Flashner
2017-07-05 21:57     ` Ludovic Courtès
2017-07-04 19:08   ` Leo Famulari
2017-07-03 19:46 ` bug#27563: [PATCH v2] gnu: ghostscript: Remove timestamps Danny Milosavljevic
2017-07-06  9:07 ` bug#27563: [PATCH] gnu: ghostscript: Don't write document UUID; use "" as instance UUID Danny Milosavljevic
2017-07-07 11:55   ` Ludovic Courtès
2017-07-07 13:28     ` Danny Milosavljevic
2017-07-06 10:32 ` bug#27563: [PATCH v3 0/2] Make ghostscript reproducible Danny Milosavljevic
2017-07-06 10:32   ` bug#27563: [PATCH v3 1/2] gnu: ghostscript: Don't write document UUID; use "" as instance UUID Danny Milosavljevic
2017-07-06 10:32   ` bug#27563: [PATCH v3 2/2] gnu: ghostscript: Write document ID only when encrypting Danny Milosavljevic
2017-07-07 12:02     ` Ludovic Courtès
2017-07-07 13:21       ` Danny Milosavljevic
2017-07-07 16:21         ` Leo Famulari
2017-07-07 16:42           ` Danny Milosavljevic
2017-07-07 17:24             ` Leo Famulari [this message]
2017-07-08 13:50               ` Leo Famulari
2017-07-07 17:45             ` Ludovic Courtès
2017-07-07 12:00   ` bug#27563: [PATCH v3 0/2] Make ghostscript reproducible Ludovic Courtès
2017-07-07 13:25     ` Danny Milosavljevic
2017-07-07 15:18       ` Ludovic Courtès
2017-07-07 15:44         ` Danny Milosavljevic
2017-07-07 17:51           ` Ludovic Courtès
2017-07-07 18:20             ` Danny Milosavljevic
2017-07-08 14:32               ` Ludovic Courtès
2017-07-09 23:40         ` bug#27563: [PATCH v4 0/3] " Danny Milosavljevic
2017-07-09 23:46           ` bug#27563: [PATCH v4 1/3] gnu: ghostscript: Make "/ID" optional, depending on environment variable Danny Milosavljevic
2017-07-09 23:46             ` bug#27563: [PATCH v4 2/3] gnu: ghostscript: Make XMP UUID headers " Danny Milosavljevic
2017-07-10 15:23               ` Ludovic Courtès
2017-07-09 23:46             ` bug#27563: [PATCH v4 3/3] gnu: ghostscript: Make "/CreationDate", "/ModDate" optoinal, " Danny Milosavljevic
2017-07-10 15:25               ` Ludovic Courtès
2017-07-10 15:21             ` bug#27563: [PATCH v4 1/3] gnu: ghostscript: Make "/ID" optional, " Ludovic Courtès
2017-07-10 16:35           ` bug#27563: [PATCH v4 0/3] Make ghostscript reproducible Danny Milosavljevic
2017-07-07 15:34     ` bug#27563: [PATCH v3 0/2] " Danny Milosavljevic
2017-07-07 17:46       ` Ludovic Courtès
2017-07-06 10:59 ` bug#27563: ghostscript-with-cups is not reproducible Danny Milosavljevic

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170707172407.GA28712@jasmine.lan \
    --to=leo@famulari.name \
    --cc=27563@debbugs.gnu.org \
    --cc=dannym@scratchpost.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.