Re: [PATCH] Help Ruby packages be reproducible

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Help Ruby packages be reproducible

From:	Ben Woodcroft
Subject:	Re: [PATCH] Help Ruby packages be reproducible
Date:	Sun, 3 Jan 2016 01:02:02 +1000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0



On 02/01/16 01:10, Ludovic Courtès wrote:

Ricardo Wurmus <address@hidden> skribis:

Ben Woodcroft <address@hidden> writes:

On 31/12/15 03:26, Ludovic Courtès wrote:

Ben Woodcroft <address@hidden> skribis:

On 29/12/15 15:46, Ben Woodcroft wrote:

Unfortunately none of these builds are reproducible because rubygems
in Guix generally aren't. For one, this is because .gem files are
archives whose contents are timestamped.

I should clarify. What I meant was the cache .gem files

/gnu/store/ib83mg5zsyr5x2w0m3i1f84gdvdbp5x9-ruby-ascii85-1.0.2/lib/ruby/gems/2.2.0/cache$
tar tvf Ascii85-1.0.2.gem |head
-r--r--r-- wheel/wheel     703 2015-12-27 22:44 metadata.gz
-r--r--r-- wheel/wheel    7436 2015-12-27 22:44 data.tar.gz
-r--r--r-- wheel/wheel     268 2015-12-27 22:44 checksums.yaml.gz

We should arrange so that gems are created with a fixed timestamp and
UID/GID, and a well-defined file ordering, as with:

    address@hidden --sort=name --owner=root:0 --group=root:0

We also need to make sure gzip is always run with -n/--no-name.  That
way, the gz files above will not include an additional timestamp.

  From what I can see in
<git://git.debian.org/git/reproducible/notes.git>, this is not addressed
yet in other distros.

Ludo are you suggesting we should abandon the deletion approach?

Ah no, I hadn’t read the proposal when I replied.  Sorry for the
confusion!

I think you are right as usual. Better in attached?

It looks good to me, thank you.

So I guess you (Ricardo?) can push it now.

Ben, do you confirm that the ruby-* packages you tested are indeed
bit-reproducible after this change, using --rounds=2 or so?

I do confirm this. Well, I used build then check so that dependenciesweren't checked, but same thing.

I noticed that ruby-lumberjack, a dependency of ruby-guard, now fails tobuild (and fails before this patch and outside guix). This is because itfails to pass tests in early January.. not a source of non-determinism Iwas looking for, but thanks for writing tests into that package - pickedup the easily fixed bug.

https://github.com/bdurand/lumberjack/pull/26

Thanks for pushing the patch.
ben

lumberjack.log
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] Help Ruby packages be reproducible, Ludovic Courtès, 2016/01/01
- Re: [PATCH] Help Ruby packages be reproducible, Ben Woodcroft <=
  - Re: [PATCH] Help Ruby packages be reproducible, Ricardo Wurmus, 2016/01/06
    - Re: [PATCH] Help Ruby packages be reproducible, Ludovic Courtès, 2016/01/07
    - Re: [PATCH] Help Ruby packages be reproducible, Thompson, David, 2016/01/08
  - Re: [PATCH] Help Ruby packages be reproducible, Ludovic Courtès, 2016/01/07
    - Re: [PATCH] Help Ruby packages be reproducible, Ben Woodcroft, 2016/01/08
    - Re: [PATCH] Help Ruby packages be reproducible, Ludovic Courtès, 2016/01/08

Prev by Date: [PATCH] emacs: Display supported systems in "Package Info".
Next by Date: Re: The art of guessing a packaged downgrade version of a package
Previous by thread: Re: [PATCH] Help Ruby packages be reproducible
Next by thread: Re: [PATCH] Help Ruby packages be reproducible
Index(es):
- Date
- Thread