!LemuOOvbWqRXodtSsw:nixos.org

NixOS Reproducible Builds

482 Members
Report: https://reproducible.nixos.org Project progress: https://github.com/orgs/NixOS/projects/30109 Servers

Load older messages


SenderMessageTime
29 Nov 2024
@raboof:matrix.orgraboofinteresting, it reproduces for me. could you diffoscope it and file an issue (https://github.com/NixOS/nixpkgs/issues/new?assignees=&labels=0.kind%3A+enhancement%2C6.topic%3A+reproducible+builds&projects=&template=unreproducible_package.md&title=)?15:45:33
@p14:matrix.orgp14How do I diffoscope it; how do I get my hands on the installed paths? I just did --keep-failed but from what I see this keeps the build directory but not the install directory?15:46:40
@p14:matrix.orgp14If I diff the rsync binary in the build directory against the installed one, they seem quite different, and the build directory's one hasn't been stripped15:47:19
@raboof:matrix.orgraboof the --keep-failed should keep something like /nix/store/x850848v3xl4wxjqzc3q9jp7j6fbkh27-rsync-3.3.0.check or so and tell you about it 15:49:28
@raboof:matrix.orgraboof file $(nix-build '<nixpkgs>' -A rsync)/bin/rsync is also not stripped for me 15:49:55
@p14:matrix.orgp14 OK, nix build --rebuild is different from nix-build --check; the latter reports that as you say. 15:50:54
@p14:matrix.orgp14It's just the rsync binary which is differing, and it's differing in various virtual addresses leading to quite a large binary diff.15:53:45
@raboof:matrix.orgraboofok, so nothing obvious in the 'readable' parts of the diffoscope output?15:55:16
@raboof:matrix.orgraboofsometimes 'strings' produces some hint?15:55:56
@p14:matrix.orgp14Filed https://github.com/NixOS/nixpkgs/issues/360152 -- apologies I didn't see the link was to an issue template15:59:25
@raboof:matrix.orgraboofthanks! nothing jumps out at me at first glance either16:02:47
@raboof:matrix.orgraboofback to the original topic, though: I'm surprised specifying a -frandom-seed does seem to cause content-adressed rebuilds, but at the same time leaving it unspecified does not cause reproducibility issues. worth an experiment, though, of course.16:43:20
@raboof:matrix.orgraboof * back to the original topic: I'm surprised specifying a -frandom-seed does seem to cause content-adressed rebuilds, but at the same time leaving it unspecified does not cause reproducibility issues. worth an experiment, though, of course.16:43:32
@atemu12:matrix.orgatemu12It depends on how you define the random seed i.g. If you used $out to deduce it, that'd obviously cause CA rebuilds16:51:52
@raboof:matrix.orgraboofwhat is it set to when you leave it unspecified?16:52:17
@atemu12:matrix.orgatemu12It's random IIRC16:54:02
@raboof:matrix.orgraboofthen wouldn't that just-as-obviously cause reproducibility issues?16:54:23
@atemu12:matrix.orgatemu12Sure would16:55:08
@p14:matrix.orgp14It depends how or whether it is used, right? Clang for example doesn’t use it16:55:13
@atemu12:matrix.orgatemu12I fixed that in the kernel once16:55:19
@p14:matrix.orgp14I am unclear how it is used in gcc, is there information about that somewhere? At least for some standard builds of some software, removing it improves reproducibility by removing the outpath from affecting the build.16:56:57
@raboof:matrix.orgraboofhttps://reproducible-builds.org/docs/randomness/ mentions "Link-Time Optimizations" may have to do with it. if we figure out what exactly is going on it'd be good to add that to that page.17:00:04
@p14:matrix.orgp14Yeah, I think it is used in LTO somehow; is LTO used in nixpkgs? If not it could be a noop. And even if it was, it would be good to use a different value for it which does not depend on outpath.17:01:22
@raboof:matrix.orgraboofif it'd be a noop then setting it to the output shouldn't hurt, though17:01:48
@raboof:matrix.orgraboof * if it'd be a noop then setting it to the output path shouldn't hurt, though17:02:01
@raboof:matrix.orgraboofbut I agree it doesn't seem like a great choice17:02:26
@rick:matrix.ciphernetics.nlMindaviIt is at least used to generate the build-id, when separateDebugInfo is set you see that it differs17:09:36
@rick:matrix.ciphernetics.nlMindaviWhen the input path is different and the output is expected to be the same, e.g. when setting an unused environment variable17:10:36
@p14:matrix.orgp14
In reply to @raboof:matrix.org
if it'd be a noop then setting it to the output path shouldn't hurt, though

Except that it breaks CA derivations because if something varies on the input then the outPath varies, which means now you are varying the compiler args, which results in changes to the bits in the output (e.g because compiler args go into the binaries or the build id) where otherwise you would have bitwise identical outputs.

So downstream packages then need to be rebuilt where otherwise they could have used the previous CA output.

17:14:45
@raboof:matrix.orgraboofaah, so the theory would be that the args are hashed into the output somewhere before being 'interpreted' - yeah I suppose that could be.17:19:18

Show newer messages


Back to Room ListRoom Version: 6