| 21 Apr 2026 |
|  manueljacob joined the room. | 18:28:09 |
| 22 Apr 2026 |
| manueljacob | Hi! Which settings do I have to set to get stable source paths in debug information? The debug information grabbed from cache.nixos.org has paths starting with /build/ while anything built locally has paths starting with e.g. /nix/var/nix/builds/nix-1361222-3717692701. | 00:23:25 |
| manueljacob | The problem was that nix silently ignored the sandbox = true setting. | 10:27:50 |
 raboof | That sounds surprising indeed. Are you on NixOS or another distro? How did you set it? | 11:13:58 |
| manueljacob | I’m running in a Docker container. I manually set to sandbox = true in nix.conf. When passing --privileged to podman (Docker clone) in addition to that, it worked. | 14:58:42 |
| manueljacob | This probably should be a warning instead of debug print: https://github.com/NixOS/nix/blob/cd16aee6c1343f1b1e48f6506f7c99327a2352bc/src/libstore/unix/build/derivation-builder.cc#L2132 | 15:03:59 |
| raboof | yeah that'd make sense to me | 15:04:47 |
| manueljacob | Better even, the default should be to use it if possible. If it is explicitly requested but it is not possible, it should be an error. | 15:10:09 |
| manueljacob | To get on-topic again... Is there an easy way to find regressing formerly reproducible builds? | 15:11:33 |
| manueljacob | E.g., when making a change to binutils, how can I check whether it broke reproducibility of some package? | 15:12:12 |
| raboof | Interesting question. I don't think we have an easy answer because we don't even have a full definition of "the same package" across changes, nor of "binutils and its dependendees" ;) . But doing a reproduciblity report for 'binutils and its referrers in nixpkgs' for two sets and comparing the results probably should get you close. Might be neat to set up a local instance of https://github.com/nix-community/lila for the reporting. expect a bit of a project, though. this would be valuable to document once you figure it out though! | 15:31:15 |
| manueljacob | Well, that would probably build 10s of thousands of packages. What would be a suitable set of packages to build? | 15:55:01 |
| manueljacob | Ideally, the re-build with changed binutils should rebuild only packages that were shown to be reproducible. | 15:55:37 |
| manueljacob | (shown to be reproducible before the binutils change) | 15:58:30 |
| raboof | That's ideally still most of them though 😊. I like to take 'the graphical installation iso' as testset (and that should be easy enough to prune to only things that depended on binutils), but that's still pretty arbitrary. Maybe nixpkgs-small? (not sure what's in that) | 16:21:55 |
|  @gkleen:synapse.li left the room. | 20:36:17 |
| 26 Apr 2026 |
| manueljacob | I think what I’ll do is to execute nix-build --check for every derivation in the build closure of some package, before and after the change, and compare them (filtering uninteresting ones such as those common between the two closures). | 12:51:26 |
| manueljacob | Mostly unrelated: I found that the coreutils package is not reproducible if built on different days. Would it make sense to catch such things by Lila? | 12:55:58 |
 Julien | Supposedly that's the kind of thing we catch because not everyone rebuilds on the same day ? | 19:20:17 |
| manueljacob | Well, https://reproducibility.nixos.social/evaluations/1/e4bae1bd10c9 and https://reproducibility.nixos.social/evaluations/4/e4bae1bd10c9 didn’t catch it. | 19:33:49 |
| manueljacob | Or does it not check not the debug packages? | 19:34:33 |
| manueljacob | * | 19:51:52 |
| Julien | It depends what is in the minimal iso | 19:55:50 |
| manueljacob | Sure, it doesn’t make much sense for the minimal-iso-runtime jobset to check reproducibility of anything not included in the minimal ISO, and I assume that debug information is not included in the ISO. I’m not sure it makes sense for minimal-iso-build-closure, but I think it would be useful to have all outputs (including debug information) checked for some packages in some jobset. | 20:35:43 |
| 27 Apr 2026 |
|  Ninja joined the room. | 14:39:15 |
| 28 Apr 2026 |
|  Aangularity joined the room. | 04:39:25 |
|  implr joined the room. | 08:13:50 |
| implr | Hi, I wrote in #users earlier but it got buried under a different discussion. I have a coreutils build failing tests, but only under nix on Gentoo. On nixos it builds fine. The kernel is of course different, but that shouldn't affect that test as far as I can tell | 08:18:45 |
| implr | it's nix-build -E '(import <nixpkgs> {}).pkgs.coreutils.override { singleBinary = false; }' (with the channel pointing to the same commit, but it doesn't seem to matter anyway, old versions still fail) | 08:18:56 |
| implr | curiously, on Gentoo nix-shell <derivation>; genericBuild; checkPhase also passes, so idk how do i even debug this | 08:19:54 |
