| 17 May 2023 |
 delroth | and every .ko.gz mismatches + System.map mismatch + bzImage mismatch | 15:12:26 |
| delroth | so might be the same BTF issue we've been having | 15:12:34 |
| delroth | anyway, the answer is that yes, there is a reproducible builds project with a dozen linux distros on it, but no, that doesn't mean the kernel builds reproducibly, in fact nobody seems to be able to at this point, and especially not "by default" :( | 15:15:54 |
| delroth | I suspect that Nix sandboxed might do the trick, the build-id diff in the VDSO should be entirely attributable to filename differences, and that shouldn't happen when sandboxed | 15:16:29 |
| delroth | (now, is it a good thing that we "hide" these sources of reproducibility with Nix? maybe, maybe not :) ) | 15:16:58 |
| delroth | * (now, is it a good thing that we "hide" these sources of unreproducibility with Nix? maybe, maybe not :) ) | 15:17:04 |
 @rnhmjoj:maxwell.ydns.eu | In reply to @delroth:delroth.net
anyway, the answer is that yes, there is a reproducible builds project with a dozen linux distros on it, but no, that doesn't mean the kernel builds reproducibly, in fact nobody seems to be able to at this point, and especially not "by default" :( but when NixOS briefly became 100% reproducible some time ago, was the kenrle included? | 15:18:25 |
| @rnhmjoj:maxwell.ydns.eu | * but when NixOS briefly became 100% reproducible some time ago, was the kernel included? | 15:18:37 |
 raitobezarius | necessarily I believe | 15:19:04 |
| @rnhmjoj:maxwell.ydns.eu | so, the kernel devs messed up? | 15:20:51 |
 raboof | In reply to @rnhmjoj:maxwell.ydns.eu
but when NixOS briefly became 100% reproducible some time ago, was the kernel included? yes, the kernel has been reproducible for a while (I think since https://github.com/NixOS/nixpkgs/pull/107625), the nondeterminism introduced by BTF was a recent thing | 15:22:24 |
| delroth | "recent" | 15:22:55 |
| raitobezarius | enabled recently | 15:23:27 |
| raboof | In reply to @rnhmjoj:maxwell.ydns.eu
so, the kernel devs messed up? I guess so - I'm not sure they aim for 'reproducible by default', though 'possibly reproducible' does seem to be a goal (https://docs.kernel.org/kbuild/reproducible-builds.html) | 15:24:55 |
| delroth | and https://docs.kernel.org/kbuild/reproducible-builds.html#absolute-filenames does imply it's a bug on their side, since they don't forward these flags when building the VDSO ELF | 15:31:31 |
| delroth | from the build log on my system: "'/build/tmp.x93KqkyjEg/.config' -> '/nix/store/cviv21h0qwd1pd0a7mhin7hadhwk4r9x-linux-config-6.1.28'" so yeah, was unsandboxed... | 15:41:44 |
| delroth | oh actually maybe not, I don't know where that temp path comes from, might be in the derivation | 15:43:23 |
| delroth | "export buildRoot=$(mktemp -d)" in manual-config.nix -- if somehow the buildRoot leaks into the VDSO ELF (and not just the sourceRoot, which would be expected) then that would be a randomized path anyway even when sandboxed | 15:45:41 |
| delroth | and that would explain why I'm not seeing that build-id difference when diffing guix's NARs, they might not have that randomized out-of-tree build output path in their derivations | 15:46:49 |
| delroth | (I expect that sourceRoot is fixed for them as it is for Nix, but not completely sure of that) | 15:47:16 |
| delroth | https://github.com/NixOS/nixpkgs/commit/d75cff2ee3bb6d91c818d43d1ba7603bb6dacd59 | 16:09:14 |
| delroth | I'll send a PR to make it a fixed path, in the meantime I also remembered that my sandbox troubles only impacted uid mapping not chrooting, so I'm now fairly convinced that it's a regression from that commit adding randomness | 16:10:53 |
| delroth | If someone wants to test and/or snipe this feel free, won't be available for the next 6h | 16:11:23 |
| 19 May 2023 |
|  @jackleightcap:matrix.org joined the room. | 18:40:13 |
| 20 May 2023 |
| delroth | iso minimal (runtime) run on latest staging: https://delroth.net/report-iso_minimal/ | 03:18:24 |
| delroth | linux is finally fixed, down to just python | 03:18:31 |
 baloo | what's about the unchecked paths? | 05:10:18 |
| baloo | about python: https://github.com/python/cpython/issues/92132 | 05:12:20 |
| delroth | I'm not sure why that systemd path is marked as unchecked but I don't think I've seen any repro issues in the past with it, so probably just a random issue with my build | 05:33:56 |
| delroth | and yeah, I'm doing a build now with python 3.11 as default to confirm | 05:34:18 |
