* Are Guix-generated Docker images reproducible?
@ 2024-09-16 11:27 Konrad Hinsen
2024-09-16 11:43 ` Ignas Lapėnas
2024-09-16 13:21 ` Suhail Singh
0 siblings, 2 replies; 5+ messages in thread
From: Konrad Hinsen @ 2024-09-16 11:27 UTC (permalink / raw)
To: Guix Devel
Hi everyone,
Suppose you do
guix time-machine --channels=channels.scm -- \
pack --format=docker --manifest=manifest.scm
You keep a copy of channels.scm and manifest.scm, and run the same
command a few months (and "guix pull"s) later, can you expect to get the
exact same Docker image file, bit for bit? If not, why not?
Cheers,
Konrad.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Are Guix-generated Docker images reproducible?
2024-09-16 11:27 Are Guix-generated Docker images reproducible? Konrad Hinsen
@ 2024-09-16 11:43 ` Ignas Lapėnas
2024-09-16 13:21 ` Suhail Singh
1 sibling, 0 replies; 5+ messages in thread
From: Ignas Lapėnas @ 2024-09-16 11:43 UTC (permalink / raw)
To: Konrad Hinsen; +Cc: Help Guix
Hi,
Most packages are reproducable, and should get you the exact same docker
image file.
https://qa.guix.gnu.org/reproducible-builds
As far as I know, it is possible, that source code is no longer
available and unreachable (There might be something already for long
term storage, but that I do not know), then the image might not
build. Or there might be tests that depend on time for some reason.
Hope that helps.
Konrad Hinsen <konrad.hinsen@fastmail.net> writes:
> Hi everyone,
>
> Suppose you do
>
> guix time-machine --channels=channels.scm -- \
> pack --format=docker --manifest=manifest.scm
>
> You keep a copy of channels.scm and manifest.scm, and run the same
> command a few months (and "guix pull"s) later, can you expect to get the
> exact same Docker image file, bit for bit? If not, why not?
>
> Cheers,
> Konrad.
--
Best Regards,
Ignas Lapėnas
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Are Guix-generated Docker images reproducible?
2024-09-16 11:27 Are Guix-generated Docker images reproducible? Konrad Hinsen
2024-09-16 11:43 ` Ignas Lapėnas
@ 2024-09-16 13:21 ` Suhail Singh
2024-09-16 14:49 ` Konrad Hinsen
1 sibling, 1 reply; 5+ messages in thread
From: Suhail Singh @ 2024-09-16 13:21 UTC (permalink / raw)
To: Konrad Hinsen; +Cc: Guix Devel
Konrad Hinsen <konrad.hinsen@fastmail.net> writes:
> Suppose you do
>
> guix time-machine --channels=channels.scm -- \
> pack --format=docker --manifest=manifest.scm
>
> You keep a copy of channels.scm and manifest.scm, and run the same
> command a few months (and "guix pull"s) later, can you expect to get the
> exact same Docker image file, bit for bit? If not, why not?
Based on what I have observed, I know that you can get the same docker
image (as identified by the image ID hash) in some instances. A
necessary condition, I imagine, would have to be for the build results
to be deterministic (i.e., the derivations to be "reproducible").
--
Suhail
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Are Guix-generated Docker images reproducible?
2024-09-16 13:21 ` Suhail Singh
@ 2024-09-16 14:49 ` Konrad Hinsen
2024-09-16 17:37 ` Suhail Singh
0 siblings, 1 reply; 5+ messages in thread
From: Konrad Hinsen @ 2024-09-16 14:49 UTC (permalink / raw)
To: Suhail Singh; +Cc: Guix Devel
Hi Ignas and Suhail,
Thanks for your comments!
As you may have guessed, the reason for my question was that I
encountered a non-reproducible Docker image build. And as both of you
point out, the packages entering into the images must be
reproducible. That's something I had actually checked for my specific
case. I was looking for other possible causes.
In the meantime, I found the explanation for my case: the packages in my
image are reproducible, but the profile composed from them is not, due
to a non-deterministic step in profile generation.
For the details: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=73295
Cheers,
Konrad.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Are Guix-generated Docker images reproducible?
2024-09-16 14:49 ` Konrad Hinsen
@ 2024-09-16 17:37 ` Suhail Singh
0 siblings, 0 replies; 5+ messages in thread
From: Suhail Singh @ 2024-09-16 17:37 UTC (permalink / raw)
To: Konrad Hinsen; +Cc: Suhail Singh, Guix Devel
Konrad Hinsen <konrad.hinsen@fastmail.net> writes:
> As you may have guessed, the reason for my question was that I
> encountered a non-reproducible Docker image build. And as both of you
> point out, the packages entering into the images must be
> reproducible.
Right, that's necessary, but as you observed, not sufficient.
> In the meantime, I found the explanation for my case: the packages in my
> image are reproducible, but the profile composed from them is not, due
> to a non-deterministic step in profile generation.
Good catch! It would be nice if profile generation preserved
reproducibility.
> For the details: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=73295
Thanks for the reference.
--
Suhail
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-09-16 17:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-16 11:27 Are Guix-generated Docker images reproducible? Konrad Hinsen
2024-09-16 11:43 ` Ignas Lapėnas
2024-09-16 13:21 ` Suhail Singh
2024-09-16 14:49 ` Konrad Hinsen
2024-09-16 17:37 ` Suhail Singh
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.