[rb-general] Source code timestamps

Ludovic Courtès ludo at gnu.org
Tue Dec 6 15:26:34 CET 2016


Eric Myhre <hash at exultant.us> skribis:

> To me, "reproducible builds" is the art of getting that pure function
> in the first place (and running it repeated to verify that it is, in
> fact, pure).  Halting the definition there makes it simple,
> actionable, and leaves little room for errors in interpretation.
> Using the formal concept of a pure function to describe builds
> resonates strongly with me, and I like that description: Builds
> *should be* pure functions.
> On the other hand, I'm less convinced we can take that pure function
> as a given.

The approach that Nix and Guix take is to (1) fully capture build
environments, and (2) to set up fully isolated build environments such
that, by construction, we get close to the model of a pure function.

The isolated build environment is a container (chroot, separate
namespaces, no networking) that only contains the declared inputs of the
build process.

Of course it does not perfectly model a pure build function because some
details leak: the kernel behavior, details about the CPU, the current
time, sources of randomness, and a few other things.

In practice, the main problem we chase is… guess what… timestamps!  :-)


More information about the rb-general mailing list