bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#49801: Guix time machine provenance/manifest reproducibility issue?

From: Denis 'GNUtoo' Carikli
Subject: bug#49801: Guix time machine provenance/manifest reproducibility issue?
Date: Thu, 2 Sep 2021 00:27:42 +0200 
Hi again.

With and without this patch:
> diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
> index fb8ce50fa7..af1cf77f07 100644
> --- a/guix/scripts/pull.scm
> +++ b/guix/scripts/pull.scm
> @@ -739,7 +739,7 @@ Use '~/.config/guix/channels.scm' instead."))
>               (cons (match ref
>                       (('commit . commit)
>                        (channel (inherit guix)
> -                               (url url) (commit commit) (branch
> #f)))
> +                               (url url) (commit commit)))
>                       (('branch . branch)
>                        (channel (inherit guix)
>                                 (url url) (commit #f) (branch
> branch)))

on top of 95c29d2746943733cbe8df7013854d45bb0df413 ("gnu: electron-cash:
Update to 4.2.5." which is today's master HEAD), I get the same diff
with and without time-machine.

I made and used this Makefile to build two hello tarball in both cases:
> COMMIT ?= 95c29d2746943733cbe8df7013854d45bb0df413
> 
> all: \
>       hello-guix-$(COMMIT).tar.xz \
>       hello-time-machine-$(COMMIT).tar.xz \
> 
> hello-guix-$(COMMIT).tar.xz:
>       install -m 644 \
>               `../pre-inst-env \
>               guix pack \
>               --compression=xz --save-provenance hello` \
>       $@
> 
> hello-time-machine-$(COMMIT).tar.xz:
>       install -m 644 \
>               `../pre-inst-env guix time-machine \
>                       --branch=master \
>                       --commit=$(COMMIT) \
>                       -- \
>                       pack --compression=xz --save-provenance hello` \
>       $@

And once the file named manifest is extracted from both tarballs I get
this diff (with and without your slightly modified patch):
> --- 
> ./hello-guix-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/lw9x5aimyqcq5iazj786fv7q5l3h0syk-profile/manifest
>  1970-01-01 01:00:01.000000000 +0100
> +++ 
> ./hello-time-machine-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/30pf6ppiqpjsjaaiw35kc5lp6dcixpf1-profile/manifest
>  1970-01-01 01:00:01.000000000 +0100
> @@ -12,4 +12,19 @@
>        "/gnu/store/a462kby1q51ndvxdv3b6p0rsixxrgx1h-hello-2.10"
>        (propagated-inputs ())
>        (search-paths ())
> -      (properties)))))
> +      (properties
> +        (provenance
> +          (repository
> +            (version 0)
> +            (url "https://git.savannah.gnu.org/git/guix.git";)
> +            (branch #f)
> +            (commit
> +              "95c29d2746943733cbe8df7013854d45bb0df413")
> +            (name guix)
> +            (introduction
> +              (channel-introduction
> +                (version 0)
> +                (commit
> +                  "9edb3f66fd807b096b48283debdcddccfea34bad")
> +                (signer
> +                  "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 
> 54FA"))))))))))

PS: In the diff at the top there is a slight difference with the patch
    that you suggested: I only removed (branch #f) so I end up with one
    more parenthesis at the end.

Denis.

Attachment: pgpxpm3WAXyi4.pgp
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]