From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 8P50I7rYb2IUfgEAbAwnHQ (envelope-from ) for ; Mon, 02 May 2022 15:12:26 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id ECpmI7rYb2JcHQAA9RJhRA (envelope-from ) for ; Mon, 02 May 2022 15:12:26 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3D30C65E1 for ; Mon, 2 May 2022 15:12:26 +0200 (CEST) Received: from localhost ([::1]:44458 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nlVqj-00045Z-AH for larch@yhetil.org; Mon, 02 May 2022 09:12:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35790) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nlVqN-000431-H5 for guix-devel@gnu.org; Mon, 02 May 2022 09:12:03 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:57910) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nlVqL-0006Gx-C5 for guix-devel@gnu.org; Mon, 02 May 2022 09:12:03 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20]) (Authenticated sender: vagrant@aikidev.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 1D8931AB96; Mon, 2 May 2022 06:11:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=reproducible-builds.org; s=1.vagrant; t=1651497118; bh=5UpV6x+qwu2vtHikEhvRZMh5wu82W6sBRPzuMVt+42E=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=xfZEoKaZYfLlXV2Ew9+u9C7hiA5gIzNuYohCm//q0LDT6Ud6yuYrfdouzf4fdoBP1 o6y4g7OhJcZ/cCGZfTdOziIPA7RxgtD0Qis2OHj7HlCVv5xQjoX+7GY9uIiXF3/O4D xiyrBDVEHjie+W/iTTCUeYjZ8rjBJ/T03Zd7S9KUXvXVfr531zGUgdKYp/YvviHibP dxBvw92Ri1ACetEy6TTjxX0OhQ656rsKKlalsPEFDcZacRZHhd8kYGTnAFrfpPG0Sm hPJVAwtlGQ0uHxP/DAxXQxDAYgiCyd2oedN+zOZca6kBpb43IQcrRzerfJORnbMfTA VXjvCZ/YuhZUA== From: Vagrant Cascadian To: rb-general@lists.reproducible-builds.org Subject: Reproducibility of "core" packages in GNU Guix In-Reply-To: <87wnfagvnp.fsf@contorta> References: <87wnfagvnp.fsf@contorta> Date: Mon, 02 May 2022 06:11:52 -0700 Message-ID: <87wnf4t6xz.fsf@contorta> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: none client-ip=173.255.214.101; envelope-from=vagrant@reproducible-builds.org; helo=cascadia.aikidev.net X-Spam_score_int: -15 X-Spam_score: -1.6 X-Spam_bar: - X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, PDS_BTC_ID=0.471, PDS_BTC_MSGID=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1651497146; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=aX/t4LvRzfSk7oXp8FV+kV4n/rQ9ON19tnghO3rQVzw=; b=dJHvl/StNrnM+KOIhZwDQSXgltxwIu2+dOwEqV1b+V6BSB7bD0fYWTclSoSVZC8lhulAVy 3o1kmiCwXR9d4DDGhLbrwzh5BP3B3KXlaXuOi1nPYrNDNBjp2aF3R0r3iEDvM3KEg+zn2X 065CkTQRr+Fn4H6N0DKoxyyBw4Dg3gBx/CGERDbFllgwGFSM6N2eQbVVXTcNcQHd8O9i2V nt5AmGazeuJd0oQfvokZ6EVqLNsdhKt5Fq3oI/e7R59/5VkccKpVio++dGBCUhJMVRmtVx HZzDh1nIp5X70rq/vTNu8zbtXv1m9/R764mfPcUO5UE6VuuiRtL3ewMnQAF+Rg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1651497146; a=rsa-sha256; cv=none; b=LLRFACYw4iMCmWPxrgwmJQ1sFXJsmLuThrsekgpxTVVFFMvDzqX0zSD1inmBhX+R1JqNvg bKMCg1zmMSSNpNIVyQRs+h4JDqdKAR0B4cbWtLVQd7IeDpR2LkEcjPbe9GAaadXknLq1MH wkunS90gAfnPjd4ihnaSeqhr9uZZHMxkyJP4HLsIM17mY/2sYPHYj6KezKv4AFTtrD68LY b+w0059YblEzN6X3d8a2n7xwNd7oFMlf9Ez44Gd397spDOCPCO2VVz7/Rdefm1uk4cXpwH 2P2FMEQq4pBqpyQoW5Ur8cJpeItTZbsEOApWJw1tMMkrz/tuDKp/L1tDf9Aa2Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=reproducible-builds.org header.s=1.vagrant header.b=xfZEoKaZ; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -8.59 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=reproducible-builds.org header.s=1.vagrant header.b=xfZEoKaZ; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 3D30C65E1 X-Spam-Score: -8.59 X-Migadu-Scanner: scn0.migadu.com X-TUID: MxhXo2YFWx7d --=-=-= Content-Type: text/plain On 2022-04-27, Vagrant Cascadian wrote: > Lately, I've been trying to get a handle on the status of the really > core packages in Debian ... > I'd also be really curious to hear about the status of similar package > sets in other distros! With my metaphorical guix hoodie[1] on... $ guix describe Generation 73 May 02 2022 05:21:25 (current) guix 9dafaf1 repository URL: /home/vagrant/src/guix branch: master commit: 9dafaf163574edca5cb4eac0f8dc3edbb0ef0a75 $ guix challenge --diff=none $(cat guix-base-set) /gnu/store/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5 contents differ: no local build for '/gnu/store/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5' https://ci.guix.gnu.org/nar/zstd/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5: 19rg55v51wliy9v30sm82f38rxm1lqjpfqs6r63ikb3vklnj0pnw https://bordeaux.guix.gnu.org/nar/lzip/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5: 14fax6g9sx7qj64z73hrh8ydlbv6kxzhd1hbyqz7v0ra51bprv1k /gnu/store/7qz2jlghm4gc87jww5j24c5mcip0whzy-keyutils-1.6.3 contents differ: no local build for '/gnu/store/7qz2jlghm4gc87jww5j24c5mcip0whzy-keyutils-1.6.3' https://ci.guix.gnu.org/nar/lzip/7qz2jlghm4gc87jww5j24c5mcip0whzy-keyutils-1.6.3: 1sag2bq9kbp5np3fpakyi4xg96kxq5xwbb7ib4hamx2bqh6vscr9 https://bordeaux.guix.gnu.org/nar/lzip/7qz2jlghm4gc87jww5j24c5mcip0whzy-keyutils-1.6.3: 07ln4fqgvg0ag2d881xhgdw2h3m1lqzs6xlac8p7rz2rgx0wx1yr /gnu/store/ajw8nnrnd6hr183skwqdgc8c7mazg97h-isl-0.23 contents differ: no local build for '/gnu/store/ajw8nnrnd6hr183skwqdgc8c7mazg97h-isl-0.23' https://ci.guix.gnu.org/nar/lzip/ajw8nnrnd6hr183skwqdgc8c7mazg97h-isl-0.23: 03a180af1my7lmsnig01qhrirxa2fp7j052jw9kv5ff4i6ya7fh4 https://bordeaux.guix.gnu.org/nar/lzip/ajw8nnrnd6hr183skwqdgc8c7mazg97h-isl-0.23: 1j24gc6ysa9d3z4hq6lsxvdik94ddb7nj93krv7cs5lmbmjwmqw7 /gnu/store/45b6181w68a3lprx9m6riwgyinw3y145-guix-1.3.0-25.c1719a0 contents differ: no local build for '/gnu/store/45b6181w68a3lprx9m6riwgyinw3y145-guix-1.3.0-25.c1719a0' https://ci.guix.gnu.org/nar/lzip/45b6181w68a3lprx9m6riwgyinw3y145-guix-1.3.0-25.c1719a0: 0p7lhfxcx7bfjfwlyrp6h5j9fcyzswyj2wkbnhcd3fgxm5swdi6c https://bordeaux.guix.gnu.org/nar/lzip/45b6181w68a3lprx9m6riwgyinw3y145-guix-1.3.0-25.c1719a0: 0yfpcsmvbnzw0vpjrjwwrjih4ss3yvk7cy4k6ibdpsn7dcx9kw2c /gnu/store/1jgcbdzx2ss6xv59w55g3kr3x4935dfb-guile-3.0.8 contents differ: no local build for '/gnu/store/1jgcbdzx2ss6xv59w55g3kr3x4935dfb-guile-3.0.8' https://ci.guix.gnu.org/nar/lzip/1jgcbdzx2ss6xv59w55g3kr3x4935dfb-guile-3.0.8: 0vppx6fk1a7gvk9ccz9ma992w1h5bhfk535acddrnkhyrk92z5ln https://bordeaux.guix.gnu.org/nar/lzip/1jgcbdzx2ss6xv59w55g3kr3x4935dfb-guile-3.0.8: 05w5i5zq1k1avqx2gqxnqynn5lmdizis9babk34dkmnazb3h77kb 47 store items were analyzed: - 42 (89.4%) were identical - 5 (10.6%) differed - 0 (0.0%) were inconclusive I love that Guix really has batteries included when it comes to reproducible builds verification! :) At first, I thought I would have to build all this stuff locally, but then I realized guix actually has two independent build farms, so guix challenge can compare the results between them! For more data points, one could build them all locally! The fact that the guix and guile packages do not build reproducibly is a little disappointing as they're both so central to guix itself; I suspect parallelism triggers those reproducibility issues(from experience with Debian), though that may just reveal other issue in guile itself. The linux-libre package *ought* to be reproducible; I hope it is something easy to fix there... $ guix challenge --diff=diffoscope linux-libre /gnu/store/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5 contents differ: no local build for '/gnu/store/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5' https://ci.guix.gnu.org/nar/zstd/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5: 19rg55v51wliy9v30sm82f38rxm1lqjpfqs6r63ikb3vklnj0pnw https://bordeaux.guix.gnu.org/nar/lzip/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5: 14fax6g9sx7qj64z73hrh8ydlbv6kxzhd1hbyqz7v0ra51bprv1k ... 0% ETA: 4 days, 2:03:47 Ok... well, I guess I won't wait for the results... A better "core" package set for GNU Guix could surely be created. I came up with this list of packages by taking the essential, required and build-essential package sets from Debian, tweaking the package names appropriately, dropping debian-specific stuff, and adding guile and guix to create "guix-base-set": acl attr audit bash binutils bzip2 coreutils diffutils e2fsprogs elogind findutils gawk gcc glibc gmp grep guile guix gzip isl keyutils libcap libcap-ng libnsl libselinux libsigsegv libtirpc libxcrypt linux-pam linux-libre mpfr ncurses openssl patch pcre pcre2 perl readline rpcsvc-proto sed shadow tar tzdata util-linux xz zlib zstd > I would also like to see if there is anything in Debian or other > distros that still needs to be pushed upstream, so we can all benefit! Will dig into some of these issues and see how Debian and Guix are building them to see if there are any patches to share and push upstream. [1] Actually wearing my Aspiration Tech hoodie at the moment, but the Guix hoodie is around here somewhere... live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYm/YmQAKCRDcUY/If5cW qmnLAP4hMp2HTaDW+4MJWq5Q5Lqgtaift+BN6ePr7AFM9sN3jQEAzhpodgs0OWiB +XX6DDcoRboORAAYHxH0ADTd/P5Ocgg= =2P6+ -----END PGP SIGNATURE----- --=-=-=--