Re: Reproducible build: linux-libre kernel

[Mark H Weaver <mhw@netris.org>]

rain1@openmailbox.org writes:

> I noticed that the linux-libre package we have is not a reproducible
> build using the command: guix build linux-libre --check
> --no-substitutes
>
> I did a bit of research into this these posts and blogs were helpful,
> as well as the mempo project:
> * <https://lwn.net/Articles/437864/>
> * <https://abraithwaite.net/2014/08/11/deterministic-kernel-builds/>
> *
> <https://github.com/rfree/mempo-kernel/blob/master/kernel-build/linux-mempo/build.sh#L95>
>
> So I've added these tweaks, performed the build twice and it seems to
> be reproducible now!

That's great news, thank you!  Please see below for comments.

> From 713017b65c9d5a03dcf709bb231113d2152558e1 Mon Sep 17 00:00:00 2001
> From: rain1 <rain1@openmailbox.org>
> Date: Wed, 30 Mar 2016 13:05:19 +0100
> Subject: [PATCH] * gnu/packages/linux.scm: Added setenv calls to tune the
>  build towards reproducibility.

Your commit message is missing the initial summary line, and needs some
other changes as well to conform with our conventions.

Also, it turns out that our build container already ensures that the
build user and host are deterministic, so the timestamps were the only
issue.

So, how about something like this for the commit message:

--8<---------------cut here---------------start------------->8---
gnu: linux-libre: Avoid introducing timestamps into the build.

* gnu/packages/linux.scm (linux-libre)[build-phase]: Set the
KCONFIG_NOTIMESTAMP and KBUILD_BUILD_TIMESTAMP environment variables to
avoid introducing timestamps into the build outputs.
--8<---------------cut here---------------end--------------->8---

> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index fb2b671..34403ae 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -9,6 +9,7 @@
>  ;;; Copyright ?? 2016 Christopher Allan Webber <cwebber@dustycloud.org>
>  ;;; Copyright ?? 2016 Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>
>  ;;; Copyright ?? 2016 Alex Kost <alezost@gmail.com>
> +;;; Copyright ?? 2016 Raymond Nicholson <rain1@openmailbox.org>

Your mail client doesn't seem to realize that this patch uses the UTF-8
encoding, so it's not including a header saying so, and the non-ASCII
copyright symbols are getting munged into two separate bytes.  When
trying to reply, my mail client is complaining about them.

> @@ -223,6 +224,12 @@ for SYSTEM and optionally VARIANT, or #f if there is no such configuration."
>    (let* ((version "4.5")
>           (build-phase
>            '(lambda* (#:key system inputs #:allow-other-keys #:rest args)
> +             ;; Tuning for a reproducible build

How about changing the comment to:

                ;; Avoid introducing timestamps
> +             (setenv "KCONFIG_NOTIMESTAMP" "1")
> +             (setenv "KBUILD_BUILD_TIMESTAMP" "0")

Also, Leo's suggestion to use SOURCE_DATE_EPOCH is a good one.

The following two settings can be dropped.

> +             (setenv "KBUILD_BUILD_USER" "guix")
> +             (setenv "KBUILD_BUILD_HOST" "guix")

What do you think?  Can you send an updated patch?

    Thank you!
       Mark