[Git][reproducible-builds/reproducible-presentations][master] 2024-07-11: Reproducible Builds in Guix: flesh out a bit more.

Vagrant Cascadian (@vagrant) gitlab at salsa.debian.org
Mon Jul 8 04:43:18 UTC 2024



Vagrant Cascadian pushed to branch master at Reproducible Builds / reproducible-presentations


Commits:
9e3e96c7 by Vagrant Cascadian at 2024-07-07T21:42:25-07:00
2024-07-11: Reproducible Builds in Guix: flesh out a bit more.

- - - - -


1 changed file:

- 2024-07-11-Reproducible-Builds-in-Guix/explore


Changes:

=====================================
2024-07-11-Reproducible-Builds-in-Guix/explore
=====================================
@@ -1,28 +1,95 @@
 # search for packages reproducibility in other distros
 https://ismypackagereproducibleyet.org/?pkg=PACKAGE
 
+# initial setup
+export EDITOR=emacs # many commands default to editor
+exec fish # such a nice shell
+
+# show what version of guix we are using
+guix describe
+cd src/guix
+git log COMMIT
+
+# show how many packages diffoscope can potentially use
+guix shell --pure diffoscope -- diffoscope --list-missing
+# to get diffoscope with almost all the features supported in guix
+guix shell diffoscope $(guix shell --pure diffoscope  -- diffoscope --list-missing | awk -F packages: '/Guix/{print $2}' | tr -d , | tr ' ' '\n' | sed -e '/^$/d') python-argcomplete python-androguard python-defusedxml python-jsondiff perl
+
+# example non-deterministic package embedding timestamps
+cd src/notveryreproducible # https://salsa.debian.org/reproducible-builds/notveryreproducible.git
+cat guix.scm
+guix build -f guix.scm
+guix build -f guix.scm --check
+# grafts! eesh.
+guix build -f guix.scm --check --no-grafts
+# but we need something to compare ... so ...
+guix build -f guix.scm --check --no-grafts --keep-failed
+diffoscope /gnu/store/...notveryreproducible/ /gnu/store/...notveryreproducible-check/
+# timestamps!
+# We are in a git checkout, so ... let us make a wild guess
+git grep date
+
 # embeds kernel version
-guix challenge --verbose --diff=diffoscope readymedia
+guix challenge --verbose readymedia | tee readymedia.challenge.txt
+guix challenge --verbose --diff=diffoscope readymedia | tee readymedia.diffoscope.txt
+guix build --source readymedia
+# yay, it is in /gnu/store probably downloaded via
+cd $(guix build --source readymedia)
+grep -E -C5 -r Sever: ...
+grep -E -C5 -r OS_VERSION ...
+grep -E -C5 -r someotherthing ...
+# aha... it is in configure
+export EDITOR=emacs
+guix edit readymedia
+# and there are already configure arguments passed let us add another
+cd src/guix-workspace
+./pre-inst-env guix edit readymedia
+# add the configure flag
+./pre-inst-env guix build readymedia
+./pre-inst-env guix build --no-grafts --check
+# but... can we be sure ... we are running the same kernel!
+strings /gnu/store/...readymedia.../sbin/minidlnad | grep Sever:
+# alternately, could build on another machine...
+# intentionally injecting randomness to verify package ... e.g.
+# ./configure --with-os-version=RANDOMNUMBER
+# Or... https://guix.gnu.org/manual/devel/en/html_node/Virtualization-Services.html#Virtual-Build-Machines
 
 # embeds kernel version "compiled on: linux X.Y.Z-gnu"
-guix challenge --verbose --diff=diffoscope cfunge
+guix challenge --verbose --diff=diffoscope cfunge | tee cfunge.diffoscope.txt
+guix build --check --no-grafts --keep-failed
+diffoscope /gnu/store/...cfunge.../ /gnu/store/...cfunge...-check/ | tee cfunge.diffoscope.txt
+EDITOR=emacs guix edit cfunge
+# cmake has numerous variables ... let us hunt for them
+grep -E -C5 'CMAKE.*SYSTEM'
+# CFUN_COMPILED_ON ...
 
-# timestamp in .pyc
+# timestamp in .pyc, possibly fixed in newer versions of python
 guix challenge --verbose --diff=diffoscope phockup
 
+# https://issues.guix.gnu.org/30108 https://issues.guix.gnu.org/40316
+guix challenge --verbose --diff=diffoscope nss
+
 # sort order in python .pyc due to use of frozenset
-guix challenge --verbose didjvu
+guix challenge --verbose --diff=diffoscope didjvu
 
 # sort ordering in python .pyc frozensets
 guix challenge --verbose --diff=diffoscope mercurial
 
-# https://issues.guix.gnu.org/30108 https://issues.guix.gnu.org/40316
-guix challenge --verbose --diff=diffoscope nss
+# recap
+guix build PACKAGE
+guix build --no-grafts --check --keep-failed PACKAGE
+diffoscope /gnu/store/...PACKAGE.../ /gnu/store/...PACKAGE...-check/
 
-# intentionally injecting randomness to verify package ... e.g.
-./configure --with-os-version=RANDOMNUMBER
+guix challenge --verbose PACKAGE
+guix challenge --verbose --diff=diffoscope PACKAGE
 
-guix build --no-grafts --check --keep-failed PACKAGE
+guix edit PACKAGE # confusingly, needs to be in ./pre-inst-env to actually edit
+
+guix build --source PACKAGE
+grep -E -r SOMETHING
 
-guix build --rounds=2
+# figure out ways to inject non-determinism to when you know the thing
+# is the same (e.g. same kernel)
 
+# can be useful in some cases
+guix build --rounds=10 --no-grafts PACKAGE



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/9e3e96c79c3325ea476e2ecc51ac963908cf2a8a

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/9e3e96c79c3325ea476e2ecc51ac963908cf2a8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20240708/8c4fced3/attachment.htm>


More information about the rb-commits mailing list