From: zimoun <zimon.toutoune@gmail.com>
To: "Denis 'GNUtoo' Carikli" <GNUtoo@cyberdimension.org>
Cc: 49801@debbugs.gnu.org
Subject: bug#49801: Guix time machine provenance/manifest reproducibility issue?
Date: Thu, 2 Sep 2021 10:10:22 +0200 [thread overview]
Message-ID: <CAJ3okZ0cU72g479HwbCTcTb1hUURD_W+2aV3z+XTTEf=1KwztQ@mail.gmail.com> (raw)
In-Reply-To: <20210902002742.3866243a@primarylaptop.localdomain>
Hi Denis,
Thanks for the investigation and the attempt.
Well, I miss if it works or not...
On Thu, 2 Sept 2021 at 00:27, Denis 'GNUtoo' Carikli
<GNUtoo@cyberdimension.org> wrote:
> With and without this patch:
> > diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
> > index fb8ce50fa7..af1cf77f07 100644
> > --- a/guix/scripts/pull.scm
> > +++ b/guix/scripts/pull.scm
> > @@ -739,7 +739,7 @@ Use '~/.config/guix/channels.scm' instead."))
> > (cons (match ref
> > (('commit . commit)
> > (channel (inherit guix)
> > - (url url) (commit commit) (branch
> > #f)))
> > + (url url) (commit commit)))
> > (('branch . branch)
> > (channel (inherit guix)
> > (url url) (commit #f) (branch
> > branch)))
>
> on top of 95c29d2746943733cbe8df7013854d45bb0df413 ("gnu: electron-cash:
> Update to 4.2.5." which is today's master HEAD), I get the same diff
> with and without time-machine.
...here I understand the patch fixes the issue...
> I made and used this Makefile to build two hello tarball in both cases:
> > COMMIT ?= 95c29d2746943733cbe8df7013854d45bb0df413
> >
> > all: \
> > hello-guix-$(COMMIT).tar.xz \
> > hello-time-machine-$(COMMIT).tar.xz \
> >
> > hello-guix-$(COMMIT).tar.xz:
> > install -m 644 \
> > `../pre-inst-env \
> > guix pack \
> > --compression=xz --save-provenance hello` \
> > $@
> >
> > hello-time-machine-$(COMMIT).tar.xz:
> > install -m 644 \
> > `../pre-inst-env guix time-machine \
> > --branch=master \
> > --commit=$(COMMIT) \
> > -- \
> > pack --compression=xz --save-provenance hello` \
> > $@
>
> And once the file named manifest is extracted from both tarballs I get
> this diff (with and without your slightly modified patch):
> > --- ./hello-guix-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/lw9x5aimyqcq5iazj786fv7q5l3h0syk-profile/manifest 1970-01-01 01:00:01.000000000 +0100
> > +++ ./hello-time-machine-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/30pf6ppiqpjsjaaiw35kc5lp6dcixpf1-profile/manifest 1970-01-01 01:00:01.000000000 +0100
> > @@ -12,4 +12,19 @@
> > "/gnu/store/a462kby1q51ndvxdv3b6p0rsixxrgx1h-hello-2.10"
> > (propagated-inputs ())
> > (search-paths ())
> > - (properties)))))
> > + (properties
> > + (provenance
> > + (repository
> > + (version 0)
> > + (url "https://git.savannah.gnu.org/git/guix.git")
> > + (branch #f)
> > + (commit
> > + "95c29d2746943733cbe8df7013854d45bb0df413")
> > + (name guix)
> > + (introduction
> > + (channel-introduction
> > + (version 0)
> > + (commit
> > + "9edb3f66fd807b096b48283debdcddccfea34bad")
> > + (signer
> > + "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))))))))))
...but then here I see it does not fix it.
However, because you run "./pre-inst-env guix pack --save-provenance",
it seems expected that the 'properties' is empty. From my
understanding, '(find guix-channels? channels)' does not return the
'guix' channel because it is the current Git checkout. It is not the
case with "guix time-machine" because it creates an inferior using the
'guix' channel.
Moreover, if you want to try the patch, you need to run:
./pre-inst-env guix pull -p /tmp/new
./tmp/new/bin/guix describe # return commit 12345
./tmp/new/bin/guix pack --save-provenance
./tmp/new/bin/guix time-machine --commit=12345 -- pack --save-provenance
and be careful with the '--localstatedir' and '--sysconfdir' variables
at './configure' time.
Well, from my point of view, the Guix way would be:
guix describe -f channels > channels.scm
guix pack --save-provenance
then later or elsewehere
guix time-machine -C channels.scm -- pack --save-provenance
Although, it will not fix the bug you are exposing. :-)
WDYT?
Last, I have not carefully checked and maybe I am wrong, the both
options "--commit=1234 --branch=master" are exclusive I guess; i.e.,
the argument 'master' passed to '--branch' is not used in this case,
IIUC.
Cheers,
simon
next prev parent reply other threads:[~2021-09-02 8:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-01 0:21 bug#49801: Guix time machine provenance/manifest reproducibility issue? Denis 'GNUtoo' Carikli
2021-08-17 12:11 ` zimoun
2021-09-01 22:27 ` Denis 'GNUtoo' Carikli
2021-09-02 8:10 ` zimoun [this message]
2021-09-02 14:12 ` Denis 'GNUtoo' Carikli
2021-09-02 19:30 ` zimoun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJ3okZ0cU72g479HwbCTcTb1hUURD_W+2aV3z+XTTEf=1KwztQ@mail.gmail.com' \
--to=zimon.toutoune@gmail.com \
--cc=49801@debbugs.gnu.org \
--cc=GNUtoo@cyberdimension.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.