| 17 May 2023 |
 delroth | posted the diff in https://github.com/NixOS/nixpkgs/issues/227800#issuecomment-1551487822 and reopened | 14:20:36 |
 @rnhmjoj:maxwell.ydns.eu | In reply to @delroth:delroth.net
really? I thought ability of posting images/videos was one of the reasons for moving over from IRC | 14:23:07 |
 raitobezarius | In reply to @rnhmjoj:maxwell.ydns.eu
really? I thought ability of posting images/videos was one of the reasons for moving over from IRC there's some incident ongoing currently | 14:23:24 |
| delroth | there was a trolling/spam attack on one of the channels recentlyt | 14:23:27 |
| delroth | * there was a trolling/spam attack on one of the channels recently | 14:23:28 |
| delroth | the two ELFs that have mismatching build-ids are... the 64 bit and 32 bit VDSO, respectively | 14:42:12 |
| delroth | love when someone seems to have had the same issue, sent a patch upstream to LKML, got it reviewed, and then it never got merged: https://lkml.org/lkml/2022/6/8/432 | 14:52:42 |
| delroth | (wouldn't have directly helped because it was specific to MIPS, but I expect it's the same problem) | 14:52:54 |
 @aloisw:kde.org | Why is the build path different to begin with in the NixOS case? | 14:54:36 |
| delroth | no clue! | 14:57:13 |
| delroth | oh, I think I know actually, it's because Nix arbitrarily and silently disables its sandboxing for no good reason sometimes, and I'm not using my usual development machine for these builds because it's not fast enough | 14:58:27 |
| delroth | so that might have been an unsandboxed build | 14:58:38 |
| delroth | https://github.com/NixOS/nix/issues/8165 | 14:59:05 |
| delroth | could be that when it's sandboxed properly the kernel actually builds reproducibly then... I forgot about this issue, and now I'm annoyed that it's still a problem and that I've possibly wasted several hours because of it again so I'm going to go do something else for a while | 15:00:44 |
| raitobezarius | I can try to reproduce | 15:01:10 |
| raitobezarius | What is your attr you're building? | 15:01:15 |
| raitobezarius | (on which rev?) | 15:01:17 |
| delroth | pkgs.linux on latest staging-next (which has the BTF fix) | 15:01:35 |
| raitobezarius | thx | 15:01:54 |
| @rnhmjoj:maxwell.ydns.eu | In reply to @delroth:delroth.net
could be that when it's sandboxed properly the kernel actually builds reproducibly then... I forgot about this issue, and now I'm annoyed that it's still a problem and that I've possibly wasted several hours because of it again so I'm going to go do something else for a while shouldn't it be reproducible by default? it's very surprising that there's a "reprodicible builds" project with a dozen linux distos on it, but not the kernel itself | 15:02:56 |
| delroth | of the two Linux distros that have CI on the Reproducible Builds infra, 0/2 have a reproducible Linux kernel | 15:05:22 |
| @rnhmjoj:maxwell.ydns.eu | In reply to @delroth:delroth.net
(it took 20min of 100% CPU time for diffoscope to generate this diff) https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/linux.html
looks like this CI machine wasn't as fast as yours | 15:10:32 |
| delroth | checking GUIX now, they don't have diffoscope outputs on their CI but they have NARs I can extract... | 15:11:31 |
| delroth | and every .ko.gz mismatches + System.map mismatch + bzImage mismatch | 15:12:26 |
| delroth | so might be the same BTF issue we've been having | 15:12:34 |
| delroth | anyway, the answer is that yes, there is a reproducible builds project with a dozen linux distros on it, but no, that doesn't mean the kernel builds reproducibly, in fact nobody seems to be able to at this point, and especially not "by default" :( | 15:15:54 |
| delroth | I suspect that Nix sandboxed might do the trick, the build-id diff in the VDSO should be entirely attributable to filename differences, and that shouldn't happen when sandboxed | 15:16:29 |
| delroth | (now, is it a good thing that we "hide" these sources of reproducibility with Nix? maybe, maybe not :) ) | 15:16:58 |
| delroth | * (now, is it a good thing that we "hide" these sources of unreproducibility with Nix? maybe, maybe not :) ) | 15:17:04 |
| @rnhmjoj:maxwell.ydns.eu | In reply to @delroth:delroth.net
anyway, the answer is that yes, there is a reproducible builds project with a dozen linux distros on it, but no, that doesn't mean the kernel builds reproducibly, in fact nobody seems to be able to at this point, and especially not "by default" :( but when NixOS briefly became 100% reproducible some time ago, was the kenrle included? | 15:18:25 |
