| 17 May 2023 |
 delroth | no clue! | 14:57:13 |
| delroth | oh, I think I know actually, it's because Nix arbitrarily and silently disables its sandboxing for no good reason sometimes, and I'm not using my usual development machine for these builds because it's not fast enough | 14:58:27 |
| delroth | so that might have been an unsandboxed build | 14:58:38 |
| delroth | https://github.com/NixOS/nix/issues/8165 | 14:59:05 |
| delroth | could be that when it's sandboxed properly the kernel actually builds reproducibly then... I forgot about this issue, and now I'm annoyed that it's still a problem and that I've possibly wasted several hours because of it again so I'm going to go do something else for a while | 15:00:44 |
 raitobezarius | I can try to reproduce | 15:01:10 |
| raitobezarius | What is your attr you're building? | 15:01:15 |
| raitobezarius | (on which rev?) | 15:01:17 |
| delroth | pkgs.linux on latest staging-next (which has the BTF fix) | 15:01:35 |
| raitobezarius | thx | 15:01:54 |
 @rnhmjoj:maxwell.ydns.eu | In reply to @delroth:delroth.net
could be that when it's sandboxed properly the kernel actually builds reproducibly then... I forgot about this issue, and now I'm annoyed that it's still a problem and that I've possibly wasted several hours because of it again so I'm going to go do something else for a while shouldn't it be reproducible by default? it's very surprising that there's a "reprodicible builds" project with a dozen linux distos on it, but not the kernel itself | 15:02:56 |
| delroth | of the two Linux distros that have CI on the Reproducible Builds infra, 0/2 have a reproducible Linux kernel | 15:05:22 |
| @rnhmjoj:maxwell.ydns.eu | In reply to @delroth:delroth.net
(it took 20min of 100% CPU time for diffoscope to generate this diff) https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/linux.html
looks like this CI machine wasn't as fast as yours | 15:10:32 |
| delroth | checking GUIX now, they don't have diffoscope outputs on their CI but they have NARs I can extract... | 15:11:31 |
| delroth | and every .ko.gz mismatches + System.map mismatch + bzImage mismatch | 15:12:26 |
| delroth | so might be the same BTF issue we've been having | 15:12:34 |
| delroth | anyway, the answer is that yes, there is a reproducible builds project with a dozen linux distros on it, but no, that doesn't mean the kernel builds reproducibly, in fact nobody seems to be able to at this point, and especially not "by default" :( | 15:15:54 |
| delroth | I suspect that Nix sandboxed might do the trick, the build-id diff in the VDSO should be entirely attributable to filename differences, and that shouldn't happen when sandboxed | 15:16:29 |
| delroth | (now, is it a good thing that we "hide" these sources of reproducibility with Nix? maybe, maybe not :) ) | 15:16:58 |
| delroth | * (now, is it a good thing that we "hide" these sources of unreproducibility with Nix? maybe, maybe not :) ) | 15:17:04 |
| @rnhmjoj:maxwell.ydns.eu | In reply to @delroth:delroth.net
anyway, the answer is that yes, there is a reproducible builds project with a dozen linux distros on it, but no, that doesn't mean the kernel builds reproducibly, in fact nobody seems to be able to at this point, and especially not "by default" :( but when NixOS briefly became 100% reproducible some time ago, was the kenrle included? | 15:18:25 |
| @rnhmjoj:maxwell.ydns.eu | * but when NixOS briefly became 100% reproducible some time ago, was the kernel included? | 15:18:37 |
| raitobezarius | necessarily I believe | 15:19:04 |
| @rnhmjoj:maxwell.ydns.eu | so, the kernel devs messed up? | 15:20:51 |
 raboof | In reply to @rnhmjoj:maxwell.ydns.eu
but when NixOS briefly became 100% reproducible some time ago, was the kernel included? yes, the kernel has been reproducible for a while (I think since https://github.com/NixOS/nixpkgs/pull/107625), the nondeterminism introduced by BTF was a recent thing | 15:22:24 |
| delroth | "recent" | 15:22:55 |
| raitobezarius | enabled recently | 15:23:27 |
| raboof | In reply to @rnhmjoj:maxwell.ydns.eu
so, the kernel devs messed up? I guess so - I'm not sure they aim for 'reproducible by default', though 'possibly reproducible' does seem to be a goal (https://docs.kernel.org/kbuild/reproducible-builds.html) | 15:24:55 |
| delroth | and https://docs.kernel.org/kbuild/reproducible-builds.html#absolute-filenames does imply it's a bug on their side, since they don't forward these flags when building the VDSO ELF | 15:31:31 |
| delroth | from the build log on my system: "'/build/tmp.x93KqkyjEg/.config' -> '/nix/store/cviv21h0qwd1pd0a7mhin7hadhwk4r9x-linux-config-6.1.28'" so yeah, was unsandboxed... | 15:41:44 |
