| 4 Oct 2021 |
 tomberek | Julio Castilla: dockerTools perhaps. Or if you want a plain directory to shove into a docker container you could nix copy --to /some/path --no-check-sigs some-installable | 16:50:07 |
| 6 Oct 2021 |
|  kamadorueda joined the room. | 03:11:30 |
|  Rosario Pulella changed their display name from rosariopulella to Rosuavio. | 10:38:44 |
| Rosario Pulella changed their display name from Rosuavio to Rosario Pulella. | 10:45:06 |
 ryantm | I'd appreciate someone with more experience with reproducibility looking at https://github.com/NixOS/nixpkgs/pull/140378#issuecomment-936383685 To me, it looks like we need to be stripping out the details about the HEAD ref pointing to master here. | 14:51:36 |
 andi- | Thats that stupid GitHub feature where they'll replace the file contents in archives retrieved via their API? | 14:53:54 |
 Alyssa Ross | ryantm: it's because of export-subst in .gitattributes | 14:54:01 |
| Alyssa Ross | using fetchgit instead might help? | 14:54:07 |
| Alyssa Ross | (remember to add a comment if so so it doesn't get converted back to fetchFromGitHub in the occasional treewides) | 14:54:40 |
| ryantm | Ahh, https://github.com/jbarlow83/OCRmyPDF/blob/master/.gitattributes | 14:55:05 |
| andi- | I think we've had that in the past. Not sure what the outcome was back then. | 14:55:20 |
| tomberek | i'm surprised it has not been more prevelant | 14:56:28 |
| andi- | #nixos-security.weechatlog
29923:2020-04-05 02:16:29 {^_^} immerrr/lua-mode#165 (by Infinisil, 3 hours ago, open): Don't use non-deterministic %d with git's export-subst
43001:2020-12-15 23:32:30 qyliss See "export-subst" in gitattributes(5)
| 14:56:56 |
| ryantm | Alyssa Ross: Alternatively we could try to convince upstream to remove that line? | 14:58:54 |
| Alyssa Ross | yeah of course, but presumably they added it for a reason | 14:59:20 |
| Alyssa Ross | ryantm: would using the PyPI tarball be an option? | 15:00:17 |
| ryantm | Possibly, I don't really know, I'm not the maintainer of this. | 15:01:02 |
| Alyssa Ross | that's probably what I'd do, if possible | 15:01:33 |
| tomberek | or there's a way to tell git to not do that | 15:01:49 |
| Alyssa Ross | tomberek: well no, because it happens at tarball generation time, and github generates the tarballs | 15:02:18 |
| Alyssa Ross | that's why doing fetchgit ourselves would fix it | 15:02:22 |
| tomberek | this would be one of those cases for non-deterministic derivations,,, fetch impurely, clean up the impurity, then FOD to bring it back into the pure world. https://github.com/FRidh/nix/commit/9fc59606bac1f6f3e6e6d7a9f02b58a7df5762ed | 15:03:57 |
| Alyssa Ross | oh actually we probably can do that with what we have | 15:04:37 |
| Alyssa Ross | we can already do that in a single derivation | 15:05:00 |
| Alyssa Ross | ryantm: can we just delete that file in fetchFromGitHub's postFetch? | 15:05:01 |
 j-k | adding the wasm evaluation feature to open-policy-agent breaks reproducability. I have no idea what I'm looking at here: | 16:11:17 |
| j-k | 
Download image.png | 16:11:21 |
| j-k | Looks like this article might help actually https://blog.filippo.io/reproducing-go-binaries-byte-by-byte/ | 16:12:41 |
|  dotlambda joined the room. | 16:20:21 |
| dotlambda | In reply to @qyliss:fairydust.space
ryantm: can we just delete that file in fetchFromGitHub's postFetch? I think we should, but do you mean for this package only or for fetchFromGithub in general? | 16:24:51 |
