[rb-general] Source code timestamps

Profpatsch mail at profpatsch.de
Tue Dec 6 15:04:47 CET 2016 

On 16-12-05 05:11pm, Eric Myhre wrote:
> > A build process is basically a pure function f from Set of Things
> > to Bytes.
> > Reproducible builds are the art of minimizing the amount of factors
> > that influence the output of build functions.
> 
> To me, "reproducible builds" is the art of getting that pure function in the
> first place (and running it repeated to verify that it is, in fact, pure).

You can verify that the build is pure by comparing the outputs of various
environments, yes. Suddenly you get the possibility of distributed builds.

> On the other hand, I'm less convinced we can take that pure function as a
> given.  Many builds are not pure functions, even with total input capture of
> the complete environment.

They are, if you model them that way. Sources of randomness are just
an other kind of input; you have a randomness seed and a pseudo-RNG.
If there’s a source of complete randomness, you just model it as a
random seed first. Later it may turn out to be an Enum of e.g.
architectures; but maybe that doesn’t matter since the usage of that
has already been removed by that point.

> We have unstable sorts, random map iterations,
> etc in many compilers.

For the system to be deterministic every component has to be
deterministic. IF a component truly needs randomness, it should
be given a seed by the build environment.

That’s one reason why tools like NARs are needed, since the output of
tar not deterministic enough.

> Failing to correctly whitelist all inputs, or discarding some information
> because we hope it shouldn't matter, may lead us to a world of "reproducible
> on my machine" problems.  It's terribly hard to debug why something isn't
> reproducible if we've insisted half the variables are unimportant, only to
> discover we've made a mistake, and simply not tested it because we no longer
> have the descriptive framework to do so!

It’s not about willfully *ignoring* inputs, but about making them
*not usable* by builds, e.g. by setting LC_ALL to C by default,
by building in a changeroot, by taking away network access, system time,
unnecessary file metadata like modification times and the like.

-- 
Proudly written in Mutt with Vim on NixOS.
May take up to five days to read your message. If it’s urgent, call me.

More information about the rb-general mailing list