guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A real-life test of long-term reproducibility

From: zimoun
Subject: Re: A real-life test of long-term reproducibility
Date: Fri, 19 Aug 2022 12:25:01 +0200 
Hi Konrad,

On lun., 08 août 2022 at 10:44, Konrad Hinsen <konrad.hinsen@fastmail.net> 
wrote:

>> Besides, I recently added ‘etc/time-travel-manifest.scm’ and added a
>> corresponding jobset at <https://ci.guix.gnu.org/jobset/time-travel>
>
> Nice! Guix will be certified for time travel!

[...]

>> For best practices, I do have one suggestion.  The Guix package
>> collection is not uniformly reproducible or archived.  The best thing
>> you can do to ensure the long-term prospects of your projects is to
>> actually check how much of the source code is archived and how many of
>> the builds are reproducible.  There is no turn-key solution for this
>
> Yes, that's a good idea, and I have done it for my most recent packages.
> Time will tell if this is enough.

Now, Guix is checking that “guix time-machine” does not break; i.e, be
able to rebuild a previous Guix using inferior.  That’s cool!

However, many things can be out of rail.  This claim about
reproducibility over the time assumes:

 1. compatibility of the Linux kernel
 2. availability of all the source code
 3. compatibility of the hardware

Well, until now, nothing had been reported about #1.  But, we have
examples of issues about #2 and #3.

For instance, about #2, Timothy reported the loss of the source code of
ImageMagick 6.9.9-30 – some time ago, I reported another issue with
another ImageMagick version from 2020
(<https://yhetil.org/guix/87tuebwlrc.fsf@gmail.com>).  Although the
project is making many efforts to archive all the source, the coverage
is not 100%:

    https://ngyro.com/pog-reports/latest/

and only one tiny loss of only one node in the graph of dependencies,
then all the efforts are ruined.

About #3, the new NVMe disks leads to an issue with bootstrapping; as
reported by <https://issues.guix.gnu.org/41264>.  It means that, if the
binary substitutes are lost and I have only a machine with NVMe, then I
cannot rebuild from scratch.


All that said, Guix is the best and most advanced solution on the market
for reproducible time-traveling. :-)  For most of the cases, it is
awesome to just type “guix time-machine” and rebuild a complete
computational environment exactly as it was 2 or 3 years ago.


On lun., 08 août 2022 at 10:49, Konrad Hinsen <konrad.hinsen@fastmail.net> 
wrote:

> Even 1.0.0 isn't obvious:
>
>   $ guix time-machine --commit=version-1.0.0 -- environment guix
>   guix time-machine: error: Git error: unable to parse OID - contains invalid 
> characters
>
> OK, so let's try the commit hash:
>
>   $ guix time-machine --commit=48aa30ce73d45dc5f126f42f01e65f1be4a9b578 -- 
> environment guix
>   Updating channel 'guix' from Git repository at 
> 'https://git.savannah.gnu.org/git/guix.git'...
>   Authenticating channel 'guix', commits 9edb3f6 to 48aa30c (6 new commits)...
>   guix time-machine: error: commit
>   48aa30ce73d45dc5f126f42f01e65f1be4a9b578 is not a descendant of
>   introductory commit 9edb3f66fd807b096b48283debdcddccfea34bad

That’s because version-1.0.0 (48aa30ce73) is a branch and indeed not a
descendant.

--8<---------------cut here---------------start------------->8---
* 746ac457cc Merge branch 'version-1.0.0' 
|\ 
* | c457f109be gnu: php: Update to 7.3.5. 

[...]

* | 1a8984536f gnu: Add sdl2-net. 
| |  * 48aa30ce73 build: Add 'doc/build.scm' to build on-line copies of the 
manual.  (origin/version-1.0.0)
| |  * adf577dcc4 doc: Update htmlxref.cnf. 
| |  * 1a9fc8e228 doc: Warn about missing entries in htmlxref.cnf. 
| |  * 2921b6a611 doc: Adjust cross-references for GNU triplets. 
| |  * 3aa11dfbed doc: Provide the actual URL to the VM image. 
| |  * 542e7fb57f doc: Add note about <https://bugs.gnu.org/35541>. 
| | /  
| |/   
| * 3a3e9f2bb5 guix-install.sh: Update URL. 
| * 9c941364bf vm: Build ISOs and VM images in a UTF-8 environment. 
| * 17acc215bf gnu: guix: Update to 326dcbf. 
| * 326dcbf1b3 gnu: guix: Update to 1.0.0. 
| * 6298c3ffd9 Update NEWS.  (tag: v1.0.0)
--8<---------------cut here---------------end--------------->8---

What you want is tag v1.0.0 (6298c3ffd9).  Otherwise, you need the
option ’--disable-authentication’. 


Cheers,
simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]