From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Wurmus <rekado@elephly.net>
Subject: Re: [PATCH] Help Ruby packages be reproducible
Date: Thu, 31 Dec 2015 11:03:08 +0100
Message-ID: <87wprv9bqb.fsf@elephly.net>
References: <56821E47.9010400@uq.edu.au> <87io3h4ta3.fsf@elephly.net>
	<56832AA3.8030109@uq.edu.au> <56832BA6.6030806@uq.edu.au>
	<877fjwbavn.fsf@elephly.net> <56846E35.6010805@uq.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35860)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1aEa4o-0008DO-Ht
	for guix-devel@gnu.org; Thu, 31 Dec 2015 05:03:23 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1aEa4n-0002jY-KN
	for guix-devel@gnu.org; Thu, 31 Dec 2015 05:03:22 -0500
In-reply-to: <56846E35.6010805@uq.edu.au>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Ben Woodcroft <b.woodcroft@uq.edu.au>
Cc: "guix-devel@gnu.org" <guix-devel@gnu.org>


Ben Woodcroft <b.woodcroft@uq.edu.au> writes:

> On 31/12/15 03:26, Ludovic Courtès wrote:
>> Ben Woodcroft <b.woodcroft@uq.edu.au> skribis:
>>
>>> On 29/12/15 15:46, Ben Woodcroft wrote:
>>>> Unfortunately none of these builds are reproducible because rubygems
>>>> in Guix generally aren't. For one, this is because .gem files are
>>>> archives whose contents are timestamped.
>>> I should clarify. What I meant was the cache .gem files
>>>
>>> /gnu/store/ib83mg5zsyr5x2w0m3i1f84gdvdbp5x9-ruby-ascii85-1.0.2/lib/ruby/gems/2.2.0/cache$
>>> tar tvf Ascii85-1.0.2.gem |head
>>> -r--r--r-- wheel/wheel     703 2015-12-27 22:44 metadata.gz
>>> -r--r--r-- wheel/wheel    7436 2015-12-27 22:44 data.tar.gz
>>> -r--r--r-- wheel/wheel     268 2015-12-27 22:44 checksums.yaml.gz
>> We should arrange so that gems are created with a fixed timestamp and
>> UID/GID, and a well-defined file ordering, as with:
>>
>>    --mtime=@0 --sort=name --owner=root:0 --group=root:0
>>
>> We also need to make sure gzip is always run with -n/--no-name.  That
>> way, the gz files above will not include an additional timestamp.
>>
>>  From what I can see in
>> <git://git.debian.org/git/reproducible/notes.git>, this is not addressed
>> yet in other distros.
> Ludo are you suggesting we should abandon the deletion approach?

Abandoning the deletion approach only makes sense if we have control
over the way “gem” packages up archives.  As far as I remember “gem”
archives are actually regular tarballs with some additional metadata.
The “gem” command itself does not expose any means by which we could
control the mtime of the archive contents.

As the “.gem” file itself is likely redundant I don’t see a problem
removing it as you proposed.

@Dave: what do you think about just removing the cached “.gem”?

> I think you are right as usual. Better in attached?

It looks good to me, thank you.

~~ Ricardo