[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#49801: Guix time machine provenance/manifest reproducibility issue?
From: |
Denis 'GNUtoo' Carikli |
Subject: |
bug#49801: Guix time machine provenance/manifest reproducibility issue? |
Date: |
Thu, 2 Sep 2021 00:27:42 +0200 |
Hi again.
With and without this patch:
> diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
> index fb8ce50fa7..af1cf77f07 100644
> --- a/guix/scripts/pull.scm
> +++ b/guix/scripts/pull.scm
> @@ -739,7 +739,7 @@ Use '~/.config/guix/channels.scm' instead."))
> (cons (match ref
> (('commit . commit)
> (channel (inherit guix)
> - (url url) (commit commit) (branch
> #f)))
> + (url url) (commit commit)))
> (('branch . branch)
> (channel (inherit guix)
> (url url) (commit #f) (branch
> branch)))
on top of 95c29d2746943733cbe8df7013854d45bb0df413 ("gnu: electron-cash:
Update to 4.2.5." which is today's master HEAD), I get the same diff
with and without time-machine.
I made and used this Makefile to build two hello tarball in both cases:
> COMMIT ?= 95c29d2746943733cbe8df7013854d45bb0df413
>
> all: \
> hello-guix-$(COMMIT).tar.xz \
> hello-time-machine-$(COMMIT).tar.xz \
>
> hello-guix-$(COMMIT).tar.xz:
> install -m 644 \
> `../pre-inst-env \
> guix pack \
> --compression=xz --save-provenance hello` \
> $@
>
> hello-time-machine-$(COMMIT).tar.xz:
> install -m 644 \
> `../pre-inst-env guix time-machine \
> --branch=master \
> --commit=$(COMMIT) \
> -- \
> pack --compression=xz --save-provenance hello` \
> $@
And once the file named manifest is extracted from both tarballs I get
this diff (with and without your slightly modified patch):
> ---
> ./hello-guix-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/lw9x5aimyqcq5iazj786fv7q5l3h0syk-profile/manifest
> 1970-01-01 01:00:01.000000000 +0100
> +++
> ./hello-time-machine-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/30pf6ppiqpjsjaaiw35kc5lp6dcixpf1-profile/manifest
> 1970-01-01 01:00:01.000000000 +0100
> @@ -12,4 +12,19 @@
> "/gnu/store/a462kby1q51ndvxdv3b6p0rsixxrgx1h-hello-2.10"
> (propagated-inputs ())
> (search-paths ())
> - (properties)))))
> + (properties
> + (provenance
> + (repository
> + (version 0)
> + (url "https://git.savannah.gnu.org/git/guix.git")
> + (branch #f)
> + (commit
> + "95c29d2746943733cbe8df7013854d45bb0df413")
> + (name guix)
> + (introduction
> + (channel-introduction
> + (version 0)
> + (commit
> + "9edb3f66fd807b096b48283debdcddccfea34bad")
> + (signer
> + "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))))))
PS: In the diff at the top there is a slight difference with the patch
that you suggested: I only removed (branch #f) so I end up with one
more parenthesis at the end.
Denis.
pgpxpm3WAXyi4.pgp
Description: OpenPGP digital signature
- bug#49801: Guix time machine provenance/manifest reproducibility issue?,
Denis 'GNUtoo' Carikli <=