all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: zimoun <zimon.toutoune@gmail.com>
To: "Denis 'GNUtoo' Carikli" <GNUtoo@cyberdimension.org>
Cc: 49801@debbugs.gnu.org
Subject: bug#49801: Guix time machine provenance/manifest reproducibility issue?
Date: Thu, 2 Sep 2021 10:10:22 +0200	[thread overview]
Message-ID: <CAJ3okZ0cU72g479HwbCTcTb1hUURD_W+2aV3z+XTTEf=1KwztQ@mail.gmail.com> (raw)
In-Reply-To: <20210902002742.3866243a@primarylaptop.localdomain>

Hi Denis,

Thanks for the investigation and the attempt.

Well, I miss if it works or not...

On Thu, 2 Sept 2021 at 00:27, Denis 'GNUtoo' Carikli
<GNUtoo@cyberdimension.org> wrote:

> With and without this patch:
> > diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
> > index fb8ce50fa7..af1cf77f07 100644
> > --- a/guix/scripts/pull.scm
> > +++ b/guix/scripts/pull.scm
> > @@ -739,7 +739,7 @@ Use '~/.config/guix/channels.scm' instead."))
> >               (cons (match ref
> >                       (('commit . commit)
> >                        (channel (inherit guix)
> > -                               (url url) (commit commit) (branch
> > #f)))
> > +                               (url url) (commit commit)))
> >                       (('branch . branch)
> >                        (channel (inherit guix)
> >                                 (url url) (commit #f) (branch
> > branch)))
>
> on top of 95c29d2746943733cbe8df7013854d45bb0df413 ("gnu: electron-cash:
> Update to 4.2.5." which is today's master HEAD), I get the same diff
> with and without time-machine.

...here I understand the patch fixes the issue...

> I made and used this Makefile to build two hello tarball in both cases:
> > COMMIT ?= 95c29d2746943733cbe8df7013854d45bb0df413
> >
> > all: \
> >       hello-guix-$(COMMIT).tar.xz \
> >       hello-time-machine-$(COMMIT).tar.xz \
> >
> > hello-guix-$(COMMIT).tar.xz:
> >       install -m 644 \
> >               `../pre-inst-env \
> >               guix pack \
> >               --compression=xz --save-provenance hello` \
> >       $@
> >
> > hello-time-machine-$(COMMIT).tar.xz:
> >       install -m 644 \
> >               `../pre-inst-env guix time-machine \
> >                       --branch=master \
> >                       --commit=$(COMMIT) \
> >                       -- \
> >                       pack --compression=xz --save-provenance hello` \
> >       $@
>
> And once the file named manifest is extracted from both tarballs I get
> this diff (with and without your slightly modified patch):
> > --- ./hello-guix-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/lw9x5aimyqcq5iazj786fv7q5l3h0syk-profile/manifest 1970-01-01 01:00:01.000000000 +0100
> > +++ ./hello-time-machine-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/30pf6ppiqpjsjaaiw35kc5lp6dcixpf1-profile/manifest 1970-01-01 01:00:01.000000000 +0100
> > @@ -12,4 +12,19 @@
> >        "/gnu/store/a462kby1q51ndvxdv3b6p0rsixxrgx1h-hello-2.10"
> >        (propagated-inputs ())
> >        (search-paths ())
> > -      (properties)))))
> > +      (properties
> > +        (provenance
> > +          (repository
> > +            (version 0)
> > +            (url "https://git.savannah.gnu.org/git/guix.git")
> > +            (branch #f)
> > +            (commit
> > +              "95c29d2746943733cbe8df7013854d45bb0df413")
> > +            (name guix)
> > +            (introduction
> > +              (channel-introduction
> > +                (version 0)
> > +                (commit
> > +                  "9edb3f66fd807b096b48283debdcddccfea34bad")
> > +                (signer
> > +                  "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA"))))))))))

...but then here I see it does not fix it.

However, because you run "./pre-inst-env guix pack --save-provenance",
it seems expected that the 'properties' is empty.  From my
understanding, '(find guix-channels? channels)' does not return  the
'guix' channel because it is the current Git checkout.  It is not the
case with "guix time-machine" because it creates an inferior using the
'guix' channel.

Moreover, if you want to try the patch, you need to run:

    ./pre-inst-env guix pull -p /tmp/new
    ./tmp/new/bin/guix describe # return commit 12345
    ./tmp/new/bin/guix pack --save-provenance
    ./tmp/new/bin/guix time-machine --commit=12345 -- pack --save-provenance

and be careful with the '--localstatedir' and '--sysconfdir' variables
at './configure' time.


Well,  from my point of view, the Guix way would be:

   guix describe -f channels > channels.scm
   guix pack --save-provenance

then later or elsewehere

  guix time-machine -C channels.scm -- pack --save-provenance

Although, it will not fix the bug you are exposing. :-)
WDYT?

Last, I have not carefully checked and maybe I am wrong, the both
options "--commit=1234 --branch=master" are exclusive I guess; i.e.,
the argument 'master' passed to '--branch' is not used in this case,
IIUC.

Cheers,
simon




  reply	other threads:[~2021-09-02  8:11 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-01  0:21 bug#49801: Guix time machine provenance/manifest reproducibility issue? Denis 'GNUtoo' Carikli
2021-08-17 12:11 ` zimoun
2021-09-01 22:27   ` Denis 'GNUtoo' Carikli
2021-09-02  8:10     ` zimoun [this message]
2021-09-02 14:12       ` Denis 'GNUtoo' Carikli
2021-09-02 19:30         ` zimoun

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJ3okZ0cU72g479HwbCTcTb1hUURD_W+2aV3z+XTTEf=1KwztQ@mail.gmail.com' \
    --to=zimon.toutoune@gmail.com \
    --cc=49801@debbugs.gnu.org \
    --cc=GNUtoo@cyberdimension.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.