From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id gOvgA7AdsF5EGwAA0tVLHw (envelope-from ) for ; Mon, 04 May 2020 13:50:40 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id WOYKEbodsF5MBQAA1q6Kng (envelope-from ) for ; Mon, 04 May 2020 13:50:50 +0000 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:470:142::17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4768A940021 for ; Mon, 4 May 2020 13:50:49 +0000 (UTC) Received: from localhost ([::1]:41492 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jVbUf-0004yL-J1 for larch@yhetil.org; Mon, 04 May 2020 09:50:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40560) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jVbUS-0004wC-2N for guix-devel@gnu.org; Mon, 04 May 2020 09:50:36 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:37651) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jVbUQ-0003TX-7o for guix-devel@gnu.org; Mon, 04 May 2020 09:50:35 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id A61765C0140; Mon, 4 May 2020 09:50:31 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Mon, 04 May 2020 09:50:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.net; h= from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm3; bh=sXW6bwRU/mlvdC03GkapoTSCE/ OzDxBy84tuiLNjDnY=; b=DMgxgJchJ/7iG8lBKeR3h1o1LD/7Cq774KzsYK876F n9fB2b0s1QdqXYpaYykFW+oMiFbGRKdzirY2AAAL6X1xk15BSaONClSLgp+i3X8l 6UPC4EA9fMGcLkKOa8XBP+TJGmzcRi2xyK2doexbzGxCqDtEHiUv2/4v6sCzYDdA kBd4/I5cRfRMPP9iNvs3duVG9vhv8yBVufnHV6GLHwoC0MAghCzPVa1b0hq5bk38 Te9UVeMK176UqEl5I+5LP4/wELX1SXtLTA8pePp2rkzlIiaCG1ya9NxgIw8oc4eX zDq+/oZ7pQDDz2VnxW0iFwqXUF+VH661tcZGTVfiBFtg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=sXW6bw RU/mlvdC03GkapoTSCE/OzDxBy84tuiLNjDnY=; b=l+lY51AWPelMOBWvLwG2f5 erEe+8+yxG6lFUCaR85V4NW/AaXBVFQtYktkVimpOKtbTGraNBJMB6LJQVkJVFWP loT77GwS6I7bO5jNFOhna7YLJqK8Nkx1gJ67GcZTCr+2FVN50cNRuTHlCuuf/kVo u1RQonGZGuMsa7Nb5z60TFhq88ZZum/kR+26a8T9mKEhHUOHfvu/uVsKuAua6Tqf txq30+rpgkl08wv8kCe9doKMi6IGVyOqTHi8PllWsJbFdMY72crC7kCBq/HUXGK1 BM4Vi1K3VMBD12SiVTaD+oUm/8sH40z5y3p+3IQmKXBnNThrcSHTzfxwc/akIu+Q == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrjeeggdeivdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhvffujghffffkgggtsehttdertddttddtnecuhfhrohhmpefmohhnrhgrugcu jfhinhhsvghnuceokhhonhhrrggurdhhihhnshgvnhesfhgrshhtmhgrihhlrdhnvghtqe enucggtffrrghtthgvrhhnpeegleelffduueeigeetudeiffdtleeukeelgeeiieeftddv ueegueejvdefjeegheenucffohhmrghinhepghhnuhdrohhrghenucfkphepledvrdduie elrddujeefrddvvdehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghi lhhfrhhomhepkhhonhhrrggurdhhihhnshgvnhesfhgrshhtmhgrihhlrdhnvght X-ME-Proxy: Received: from khs-macbook.home (lfbn-idf2-1-1364-225.w92-169.abo.wanadoo.fr [92.169.173.225]) by mail.messagingengine.com (Postfix) with ESMTPA id F39263066015; Mon, 4 May 2020 09:50:30 -0400 (EDT) From: Konrad Hinsen To: zimoun Subject: Re: unexpected reproducibility of reproducible blog post? In-Reply-To: References: Date: Mon, 04 May 2020 15:50:29 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=66.111.4.25; envelope-from=konrad.hinsen@fastmail.net; helo=out1-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/04 09:50:31 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Guix Devel Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 X-Spam-Score: -0.71 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=fastmail.net header.s=fm3 header.b=DMgxgJch; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=l+lY51AW; dmarc=pass (policy=none) header.from=fastmail.net; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Scan-Result: default: False [-0.71 / 13.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; GENERIC_REPUTATION(0.00)[-0.4947126383887]; DWL_DNSWL_FAIL(0.00)[fastmail.net:server fail,2001:470:142::17:server fail]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:142::/48:c]; FREEMAIL_FROM(0.00)[fastmail.net]; IP_REPUTATION_HAM(0.00)[asn: 22989(0.13), country: US(-0.00), ip: 2001:470:142::17(-0.49)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[fastmail.net:+,messagingengine.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[fastmail.net,none]; MX_GOOD(-0.50)[cached: eggs.gnu.org]; MAILLIST(-0.20)[mailman]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_IN_DNSWL_FAIL(0.00)[2001:470:142::17:server fail]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:22989, ipnet:2001:470:142::/48, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; TAGGED_FROM(0.00)[larch=yhetil.org]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[fastmail.net:s=fm3,messagingengine.com:s=fm2]; URIBL_BLOCKED(0.00)[messagingengine.com:dkim,gnu.org:url,fastmail.net:dkim]; FROM_HAS_DN(0.00)[]; FROM_NEQ_ENVFROM(0.00)[konrad.hinsen@fastmail.net,guix-devel-bounces@gnu.org]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; FORGED_RECIPIENTS_MAILLIST(0.00)[]; RCVD_COUNT_SEVEN(0.00)[7]; FORGED_SENDER_MAILLIST(0.00)[] X-TUID: 8bkmpRJywg4y Hi Simon, > I will add something overthere for tracking reproduciblity infos in > the future. It would actually be nice to have some external Guix reproducibility surveillance. A few benchmark packages that will be rebuilt regularly, using frozen commits via time-machine, and checked for bit-by-bit identity explicitly, not relying on Guix' hash mechanism. Trust but verify. My example is perhaps not such a bad start. Building a Docker container containing gcc exercises a lot of code in Guix. I looked a bit at grafts. The documentation at https://guix.gnu.org/manual/en/html_node/Security-Updates.html isn't very explicit about the reproducibility of grafts. In particular, it doesn't say if a package containing patched binaries retains its original hash, or receives a new unique one. With a unique hash, grafts would just be a tweak in the build system, and no less reproducible than standard builds. It looks like I have to dive into the source code to find out! Cheers, Konrad