| 19 Aug 2021 |
 nrdxp | well there is also just nix build --rebuild flag, I just didn't know if we were already doing this en masse somewhere | 18:33:31 |
 baloo | the r13y builders kind of do that. | 18:33:57 |
| baloo | they list the references of the iso_minimal recursively, and rebuilds each derivation and compare with what's made available on the mirrors/cache | 18:34:45 |
| baloo | https://github.com/grahamc/r13y.com/blob/master/src/eval/mod.rs | 18:35:39 |
| baloo | * they list the requisites of the iso_minimal recursively, and rebuilds each derivation and compare with what's made available on the mirrors/cache | 18:36:05 |
 tomberek | it's not well exposed and the HTML is wrong, but iso_gnome is also built (my latest build of that is here: https://tomberek.info/r13y.com/) | 18:37:04 |
| baloo | it fails to build because of lack of disk space | 18:37:57 |
| tomberek | i ran it on my own buildkite builder with more space, yay! It'd be good to fix graham's | 18:38:54 |
| baloo | (on r13y, otherwise it would be shown) | 18:39:00 |
| tomberek | old version here: https://r13y.com/iso_gnome/index.html | 18:39:20 |
| nrdxp | does r13y have any parameters to modify a derivation if it is not reproducible, to try and make it so? | 18:41:18 |
| baloo | it only builds from nixpkgs master afaik | 18:42:14 |
| baloo | but I usually can reproduce (haha) the non-reproducible builds on my desktop | 18:42:33 |
| tomberek | no. it just reports it | 18:42:38 |
| nrdxp | so I guess I would have to make something that takes this list, and then runs each build with datefudge to see if it helps any of them. If it fixes a substantial amount of them, then we will have more information on whether such an endeavor would be worth it. | 18:48:45 |
| nrdxp | oh but this only tracks the iso, which is already mostly reproducible 🤔 | 18:50:43 |
| 20 Aug 2021 |
| nrdxp | I still agree with andi that package builders should do a more excellent job of making sure time doesn't matter for the final result. However, I "feel" somehow that a world where time is immutable fits better into the world of pure nix 🤔 | 01:02:42 |
| baloo | for what it's worth, datefudge works as an ld preload, I don't expect all that much support in nix environment | 03:26:08 |
| baloo | moreover, I don't think that covers anything that does system call directly (golang for example). | 03:26:58 |
| baloo | can't we use the new time namespace for that or an ebpf based syscall hook? to just return 0. is that in the linux-vdso.so? | 03:31:31 |
| baloo | Those system calls will likewise not be visible to
seccomp(2) filters. | 03:35:29 |
| baloo | one could bump the auxiliary vector to pass an empty one. | 03:36:27 |
| baloo | :D | 03:36:31 |
| baloo | prctl(PR_SET_MM, PR_SET_MM_AUXV, ...) | 03:54:28 |
| baloo | this is cursed | 04:01:50 |
| baloo | we could throw a linux module that would hook on finalize_exec, and provide a custom vdso for our hierarchy | 15:57:20 |
| baloo | or something | 15:57:22 |
| baloo | hooking a syscall is ~easy hook a https://gist.github.com/baloo/d1394dacb4049fc76ee935f686eaca5c#file-nosync-c-L67-L75 | 16:00:32 |
| baloo | * hooking a syscall is ~easy https://gist.github.com/baloo/d1394dacb4049fc76ee935f686eaca5c#file-nosync-c-L67-L75 | 16:00:44 |
| baloo | not sure about hooking a symbol | 16:00:50 |
