Received: (at 49801) by debbugs.gnu.org; 2 Sep 2021 08:10:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 02 04:10:41 2021
Received: from localhost ([127.0.0.1]:39693 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mLho0-0002fa-Tz
for submit <at> debbugs.gnu.org; Thu, 02 Sep 2021 04:10:41 -0400
Received: from mail-qv1-f43.google.com ([209.85.219.43]:43889)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <zimon.toutoune@HIDDEN>) id 1mLhnz-0002fL-4K
for 49801 <at> debbugs.gnu.org; Thu, 02 Sep 2021 04:10:40 -0400
Received: by mail-qv1-f43.google.com with SMTP id z2so635655qvl.10
for <49801 <at> debbugs.gnu.org>; Thu, 02 Sep 2021 01:10:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=riQz2epBdX2CtzxJk5TIDkdYhSQ7sCgufr7tGWGwU1Q=;
b=NE8D7NQ/Nyp/EOL9ahy15owpMKWLvvkDltWE5ZKGbqSsBqxgEK6dpaZhpzu+5FxqtS
5HPo0u+VU64qB7dLO54+wxLbDUkTsCSvKMNU7r2oMsAOmF8KFJ3EmWizdKycebprBbTX
IO7zLEN9STdb2V5201OrDv278flBtzgD8qjBKTYh7r7uqqPpM0DPoJGVJD7JHp3Q7/H/
ZdXGboDsiObGRPg8PviplPH2+Q+zIakahTeYJIdT3f2wPDENeELHXfRbYGfWXvEEE7vi
Pgjl5RY1uB2eCGiigfN7/9fvlCUUxVTR4x4j+z+laU0wSSwBKzNd/ioeGwzQqJ+7Aqw1
hY1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=riQz2epBdX2CtzxJk5TIDkdYhSQ7sCgufr7tGWGwU1Q=;
b=JqAraf/RDqfdE1js7g04KsRiFuxxD9b5fLkJngJq8NquDwP+OMPxXWIiw0fs0rkBp4
GQp4zS0Dj2U1l3pMUTQBwQLhkLlXL0FJudZBfEuucAtfvhR3amOW54ZNlqBfPXVzcAYZ
SwjhT9uNdNWxQLkNfpqgzTj+DrsjS9DBXgFUU1WKonNWcFvTCbV1cMGS9vf4jrd/N9Rb
OLhwIckfspbnWB9Uec8Nkx0Ot3cYl5iZWcDiD45p9WPyL0ntG8MzP0vwTdu/GarQ4FMy
SVT2aCDRlym0/Uaeg8VtQzD2585ZvcqOTQrN5CiXn+leT/xAIUqOtXeyMKREthIE7ddq
agsQ==
X-Gm-Message-State: AOAM532e3zAlG+U3Xix39ahs/ZF09kvwCKbdXOGc5IVZyCBF/5am1OeZ
RvJpom5+kz7zXu8N7lwBuy37iWTUp0no+3+wBM0HYnTZfn8=
X-Google-Smtp-Source: ABdhPJwvqhnyqzHOZ3mG4qOdCHl+t40AO/ZodaLnD7HIg4jPSFce79j9zNzOh3IAz5v04IC6EihD1PEnlBCZ5sZ4bbk=
X-Received: by 2002:a05:6214:1e1:: with SMTP id
c1mr1829915qvu.42.1630570233291;
Thu, 02 Sep 2021 01:10:33 -0700 (PDT)
MIME-Version: 1.0
References: <20210801022142.2117e06e@HIDDEN>
<86k0kkclu3.fsf@HIDDEN> <20210902002742.3866243a@HIDDEN>
In-Reply-To: <20210902002742.3866243a@HIDDEN>
From: zimoun <zimon.toutoune@HIDDEN>
Date: Thu, 2 Sep 2021 10:10:22 +0200
Message-ID: <CAJ3okZ0cU72g479HwbCTcTb1hUURD_W+2aV3z+XTTEf=1KwztQ@HIDDEN>
Subject: Re: bug#49801: Guix time machine provenance/manifest reproducibility
issue?
To: "Denis 'GNUtoo' Carikli" <GNUtoo@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 49801
Cc: 49801 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Denis,
Thanks for the investigation and the attempt.
Well, I miss if it works or not...
On Thu, 2 Sept 2021 at 00:27, Denis 'GNUtoo' Carikli
<GNUtoo@HIDDEN> wrote:
> With and without this patch:
> > diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
> > index fb8ce50fa7..af1cf77f07 100644
> > --- a/guix/scripts/pull.scm
> > +++ b/guix/scripts/pull.scm
> > @@ -739,7 +739,7 @@ Use '~/.config/guix/channels.scm' instead."))
> > (cons (match ref
> > (('commit . commit)
> > (channel (inherit guix)
> > - (url url) (commit commit) (branch
> > #f)))
> > + (url url) (commit commit)))
> > (('branch . branch)
> > (channel (inherit guix)
> > (url url) (commit #f) (branch
> > branch)))
>
> on top of 95c29d2746943733cbe8df7013854d45bb0df413 ("gnu: electron-cash:
> Update to 4.2.5." which is today's master HEAD), I get the same diff
> with and without time-machine.
...here I understand the patch fixes the issue...
> I made and used this Makefile to build two hello tarball in both cases:
> > COMMIT ?= 95c29d2746943733cbe8df7013854d45bb0df413
> >
> > all: \
> > hello-guix-$(COMMIT).tar.xz \
> > hello-time-machine-$(COMMIT).tar.xz \
> >
> > hello-guix-$(COMMIT).tar.xz:
> > install -m 644 \
> > `../pre-inst-env \
> > guix pack \
> > --compression=xz --save-provenance hello` \
> > $@
> >
> > hello-time-machine-$(COMMIT).tar.xz:
> > install -m 644 \
> > `../pre-inst-env guix time-machine \
> > --branch=master \
> > --commit=$(COMMIT) \
> > -- \
> > pack --compression=xz --save-provenance hello` \
> > $@
>
> And once the file named manifest is extracted from both tarballs I get
> this diff (with and without your slightly modified patch):
> > --- ./hello-guix-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/lw9x5aimyqcq5iazj786fv7q5l3h0syk-profile/manifest 1970-01-01 01:00:01.000000000 +0100
> > +++ ./hello-time-machine-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/30pf6ppiqpjsjaaiw35kc5lp6dcixpf1-profile/manifest 1970-01-01 01:00:01.000000000 +0100
> > @@ -12,4 +12,19 @@
> > "/gnu/store/a462kby1q51ndvxdv3b6p0rsixxrgx1h-hello-2.10"
> > (propagated-inputs ())
> > (search-paths ())
> > - (properties)))))
> > + (properties
> > + (provenance
> > + (repository
> > + (version 0)
> > + (url "https://git.savannah.gnu.org/git/guix.git")
> > + (branch #f)
> > + (commit
> > + "95c29d2746943733cbe8df7013854d45bb0df413")
> > + (name guix)
> > + (introduction
> > + (channel-introduction
> > + (version 0)
> > + (commit
> > + "9edb3f66fd807b096b48283debdcddccfea34bad")
> > + (signer
> > + "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))))))))))
...but then here I see it does not fix it.
However, because you run "./pre-inst-env guix pack --save-provenance",
it seems expected that the 'properties' is empty. From my
understanding, '(find guix-channels? channels)' does not return the
'guix' channel because it is the current Git checkout. It is not the
case with "guix time-machine" because it creates an inferior using the
'guix' channel.
Moreover, if you want to try the patch, you need to run:
./pre-inst-env guix pull -p /tmp/new
./tmp/new/bin/guix describe # return commit 12345
./tmp/new/bin/guix pack --save-provenance
./tmp/new/bin/guix time-machine --commit=12345 -- pack --save-provenance
and be careful with the '--localstatedir' and '--sysconfdir' variables
at './configure' time.
Well, from my point of view, the Guix way would be:
guix describe -f channels > channels.scm
guix pack --save-provenance
then later or elsewehere
guix time-machine -C channels.scm -- pack --save-provenance
Although, it will not fix the bug you are exposing. :-)
WDYT?
Last, I have not carefully checked and maybe I am wrong, the both
options "--commit=1234 --branch=master" are exclusive I guess; i.e.,
the argument 'master' passed to '--branch' is not used in this case,
IIUC.
Cheers,
simon
bug-guix@HIDDEN:bug#49801; Package guix.
Full text available.
Received: (at 49801) by debbugs.gnu.org; 1 Sep 2021 22:27:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 01 18:27:55 2021
Received: from localhost ([127.0.0.1]:39146 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mLYi3-0004s2-Dx
for submit <at> debbugs.gnu.org; Wed, 01 Sep 2021 18:27:55 -0400
Received: from cyberdimension.org ([80.67.179.20]:55060
helo=gnutoo.cyberdimension.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <GNUtoo@HIDDEN>) id 1mLYhm-0004rb-DA
for 49801 <at> debbugs.gnu.org; Wed, 01 Sep 2021 18:27:53 -0400
Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1])
by cyberdimension.org (OpenSMTPD) with ESMTP id f2b00a1b;
Wed, 1 Sep 2021 22:25:01 +0000 (UTC)
Received: from primarylaptop.localdomain (localhost.localdomain [::1])
by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id 62995a74;
Wed, 1 Sep 2021 22:25:01 +0000 (UTC)
Date: Thu, 2 Sep 2021 00:27:42 +0200
From: Denis 'GNUtoo' Carikli <GNUtoo@HIDDEN>
To: zimoun <zimon.toutoune@HIDDEN>
Subject: Re: bug#49801: Guix time machine provenance/manifest
reproducibility issue?
Message-ID: <20210902002742.3866243a@HIDDEN>
In-Reply-To: <86k0kkclu3.fsf@HIDDEN>
References: <20210801022142.2117e06e@HIDDEN>
<86k0kkclu3.fsf@HIDDEN>
X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.30; i686-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Sig_/yabHHEsMg/J2mRTQYDRWouB";
protocol="application/pgp-signature"; micalg=pgp-sha256
X-Spam-Score: 1.7 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi again. With and without this patch: > diff --git
a/guix/scripts/pull.scm
b/guix/scripts/pull.scm > index fb8ce50fa7..af1cf77f07 100644 > ---
a/guix/scripts/pull.scm
> +++ b/guix/scripts/pull.scm > @@ -739,7 [...]
Content analysis details: (1.7 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.3 FORGED_SPF_HELO No description available.
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
X-Debbugs-Envelope-To: 49801
Cc: 49801 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--Sig_/yabHHEsMg/J2mRTQYDRWouB
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Hi again.
With and without this patch:
> diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
> index fb8ce50fa7..af1cf77f07 100644
> --- a/guix/scripts/pull.scm
> +++ b/guix/scripts/pull.scm
> @@ -739,7 +739,7 @@ Use '~/.config/guix/channels.scm' instead."))
> (cons (match ref
> (('commit . commit)
> (channel (inherit guix)
> - (url url) (commit commit) (branch
> #f)))
> + (url url) (commit commit)))
> (('branch . branch)
> (channel (inherit guix)
> (url url) (commit #f) (branch
> branch)))
on top of 95c29d2746943733cbe8df7013854d45bb0df413 ("gnu: electron-cash:
Update to 4.2.5." which is today's master HEAD), I get the same diff
with and without time-machine.
I made and used this Makefile to build two hello tarball in both cases:
> COMMIT ?=3D 95c29d2746943733cbe8df7013854d45bb0df413
>=20
> all: \
> hello-guix-$(COMMIT).tar.xz \
> hello-time-machine-$(COMMIT).tar.xz \
>=20
> hello-guix-$(COMMIT).tar.xz:
> install -m 644 \
> `../pre-inst-env \
> guix pack \
> --compression=3Dxz --save-provenance hello` \
> $@
>=20
> hello-time-machine-$(COMMIT).tar.xz:
> install -m 644 \
> `../pre-inst-env guix time-machine \
> --branch=3Dmaster \
> --commit=3D$(COMMIT) \
> -- \
> pack --compression=3Dxz --save-provenance hello` \
> $@
And once the file named manifest is extracted from both tarballs I get
this diff (with and without your slightly modified patch):
> --- ./hello-guix-95c29d2746943733cbe8df7013854d45bb0df413/gnu/store/lw9x5=
aimyqcq5iazj786fv7q5l3h0syk-profile/manifest 1970-01-01 01:00:01.000000000 =
+0100
> +++ ./hello-time-machine-95c29d2746943733cbe8df7013854d45bb0df413/gnu/sto=
re/30pf6ppiqpjsjaaiw35kc5lp6dcixpf1-profile/manifest 1970-01-01 01:00:01.00=
0000000 +0100
> @@ -12,4 +12,19 @@
> "/gnu/store/a462kby1q51ndvxdv3b6p0rsixxrgx1h-hello-2.10"
> (propagated-inputs ())
> (search-paths ())
> - (properties)))))
> + (properties
> + (provenance
> + (repository
> + (version 0)
> + (url "https://git.savannah.gnu.org/git/guix.git")
> + (branch #f)
> + (commit
> + "95c29d2746943733cbe8df7013854d45bb0df413")
> + (name guix)
> + (introduction
> + (channel-introduction
> + (version 0)
> + (commit
> + "9edb3f66fd807b096b48283debdcddccfea34bad")
> + (signer
> + "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))=
))))))))
PS: In the diff at the top there is a slight difference with the patch
that you suggested: I only removed (branch #f) so I end up with one
more parenthesis at the end.
Denis.
--Sig_/yabHHEsMg/J2mRTQYDRWouB
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmEv/l4ACgkQX138wUF3
4mMJmg/+LuukAtqLrGf4ZCsD92u7KuO54P2lhEHSeP9ccaa/a+lPZeSxxz0MV5+s
Awbk5nOg5MQAVXdtogjKtJZzpHxDm9HevgvESLpajNmn39iS36wx1UDwEg1bkx17
2JdIITKc4B2kdEQh7BbEYzaARu2+TKaEnCHS5Ks5+Oo2qbdz9B62t9hsME2Hs2yj
t1zNShN4hgJXdz9C9ETaeMAmLmPukExQ0CFCdZZBUqGFVr6RRjjWZlPu/6OFOGHQ
zED9xaaE10uUHvBO71xnSCnA6ZSkbhQwSAta6TeBsvQ+NMyfKItY3HsQaO4sdDoh
q2BSZ/ZA3hVV0jjp7tPRsXsD4cL1llzsDSxwsMWtKQa3qbrGn+PrT3tH1zVrDmbS
Jsgwnm4qLWeZ3dKtpyvqDEYtslwaeswtDZedkZiLJinuJI4+XgejYlU6xR9nclL1
40+SPYA1qVXkkeUODvEkwsfOcBGjGKzRGsEbiSTZwlz9BvqqFIL3XcpJ7P1thpNU
kcsd4PsQY39gOwgVspZ4xgYBOQWbD/OoQ1oCShMqsCNB8vhA51kX9xn1v24+co4n
vaNUdRtfY4MIBz0OsYoaoS3ghX4AdtTUSr5zb2yGu/n6DmB5BXEuWocuMGroi6gJ
pxF38KeUrSCFB+pKSA5yvjddGT5Mmvd5j661QmgSje1GRxL/hsc=
=F9JC
-----END PGP SIGNATURE-----
--Sig_/yabHHEsMg/J2mRTQYDRWouB--
bug-guix@HIDDEN:bug#49801; Package guix.
Full text available.
Received: (at 49801) by debbugs.gnu.org; 17 Aug 2021 17:48:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Aug 17 13:48:55 2021
Received: from localhost ([127.0.0.1]:54062 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1mG3Cp-0005lT-Jo
for submit <at> debbugs.gnu.org; Tue, 17 Aug 2021 13:48:55 -0400
Received: from mail-wr1-f50.google.com ([209.85.221.50]:33479)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <zimon.toutoune@HIDDEN>) id 1mG3Cm-0005lD-FV
for 49801 <at> debbugs.gnu.org; Tue, 17 Aug 2021 13:48:54 -0400
Received: by mail-wr1-f50.google.com with SMTP id r7so29953877wrs.0
for <49801 <at> debbugs.gnu.org>; Tue, 17 Aug 2021 10:48:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:subject:in-reply-to:references:date:message-id:mime-version
:content-transfer-encoding;
bh=SUsxeU7yh4xleNJMQWn1LKiaAKWKzsqSFZvzQIhxv1k=;
b=Di+SfGYAm2gHtBC77kbyqzVUskoE0TVXBY7hKCDtA4NGdb6+BQV/aHu1MCKnREGKot
4Hg/3J7OTx7KL8gpGAlTJTBR4ash7rGhLUicW15bmzxk5ohPLVd3mytHKwm+hda0g8Jh
3nG/2GbiSNIfS/dqnKdqgR57uNB+4rWsQvIY1G/1+egyrMlgmec8YSSldliE7W0WrmEX
4XpAkDAoQIx/xEkaoErBRwNdiMcoQlItQouNR8hIJPqc+uXCSTbZ/oebE6eA4LVGw0Ws
sH5KtHaubzYQlThegV9w8JYr1nNS1nl0x1anM82wvrDSJJYd05Hsm2s6BB9WLBeksCRD
lLHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:subject:in-reply-to:references:date
:message-id:mime-version:content-transfer-encoding;
bh=SUsxeU7yh4xleNJMQWn1LKiaAKWKzsqSFZvzQIhxv1k=;
b=sUsWpN1yAUQsW9KTV1KrbgU1FPqc7HvAjiLbgRUQwZAf1+VkFSxPj+OJNy9o/bWHE9
1j9O4IZj/Ev6AcvbvaZiG5xuh4/lotVTgpewlhEk/UTErVpl8MmIyOfxjpkY84MUeLiR
Qa5Ue4yNPxkq/6+W+bpI3gxb3XEbWj3c3N+GFv8E/qMItgsnn8GsyNR6Uz5HfG8kiHRc
SzC29FvDIoMLIN2cSgATYo7X1n7YjruB5XyiJ4hliMMGVkhjS6dzPm8A3z7DgyI4jGvV
m+muTBGcfnUJDWR7vXdgRLaaoxNJSrwcAYgRPxbxSKDmtCKEzA4whm5pK1dcJC4phfFK
rWxA==
X-Gm-Message-State: AOAM533a+8fNcAiN8rh3nL8/0e0XEkwgPDfecTRb6YHgFbRzRmFXZ4mT
Dub1Pj2DUYfeGxurbrlHiTkjPrdRF4w=
X-Google-Smtp-Source: ABdhPJxm1whIkNK6CpXNlAWIbC5NX2vt/nrCw3jkrOFkxFE8XJJFrPqvANX36KcPa+ZhOIKO5+Mr+g==
X-Received: by 2002:a05:6000:12c1:: with SMTP id
l1mr5799060wrx.293.1629222526476;
Tue, 17 Aug 2021 10:48:46 -0700 (PDT)
Received: from lili (roam-nat-fw-prg-194-254-61-43.net.univ-paris-diderot.fr.
[194.254.61.43])
by smtp.gmail.com with ESMTPSA id f17sm2584897wmq.17.2021.08.17.10.48.45
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 17 Aug 2021 10:48:46 -0700 (PDT)
From: zimoun <zimon.toutoune@HIDDEN>
To: Denis 'GNUtoo' Carikli <GNUtoo@HIDDEN>, 49801 <at> debbugs.gnu.org
Subject: Re: bug#49801: Guix time machine provenance/manifest
reproducibility issue?
In-Reply-To: <20210801022142.2117e06e@HIDDEN>
References: <20210801022142.2117e06e@HIDDEN>
Date: Tue, 17 Aug 2021 14:11:32 +0200
Message-ID: <86k0kkclu3.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi, Thanks for the report. On Sun, 01 Aug 2021 at 02:21,
Denis 'GNUtoo' Carikli wrote:
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (zimon.toutoune[at]gmail.com)
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.221.50 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [209.85.221.50 listed in list.dnswl.org]
X-Debbugs-Envelope-To: 49801
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.1 (/)
Hi,
Thanks for the report.
On Sun, 01 Aug 2021 at 02:21, Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension=
.org> wrote:
> Diffing the two provenance files gives that:
>> +++
>> bfxvk59q0m034iyq5zkk841zkisayyjl-tarball-pack/gnu/store/216jiimdyw7zyx8s=
9b3fz67aw69ydkvw-profile/manifest
>> 1970-01-01 01:00:01.000000000 +0100 @@ -15,9 +15,10 @@ (repository
>> (version 0)
>> (url "https://git.savannah.gnu.org/git/guix.git")
>> - (branch "master")
>> + (branch #f)
>> (commit
>> "f9bd4621dd92a9415276706b476b9bd2973411fa")
>> + (name guix)
>> (introduction
>> (channel-introduction
>> (version 0)
Well, I think it comes from =E2=80=99channel-list=E2=80=99 in the =E2=80=99=
time-machine=E2=80=99.
Specifically, it reads in guix/scripts/pull.scm:
--8<---------------cut here---------------start------------->8---
(channel (inherit guix)
(url url) (commit commit) (branch #f)))
--8<---------------cut here---------------end--------------->8---
other said, the name of the branch is =E2=80=9Clost=E2=80=9D. Hum, I do no=
t know if
this is done on purpose or not. Maybe this change
--8<---------------cut here---------------start------------->8---
(cons (match ref
(('commit . commit)
(channel (inherit guix)
(url url) (commit commit))
(('branch . branch)
(channel (inherit guix)
(url url) (commit #f) (branch branch)))
(#f
(channel (inherit guix) (url url))))
(remove guix-channel? channels))
--8<---------------cut here---------------end--------------->8---
is enough. But, I do not know what would happens for:
guix pull --commit=3D<hash>
where <hash> is not a commit from the branch master.
All the best,
simon
bug-guix@HIDDEN:bug#49801; Package guix.
Full text available.
Received: (at submit) by debbugs.gnu.org; 1 Aug 2021 00:21:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jul 31 20:21:20 2021
Received: from localhost ([127.0.0.1]:35180 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1m9zEG-00083r-0E
for submit <at> debbugs.gnu.org; Sat, 31 Jul 2021 20:21:20 -0400
Received: from lists.gnu.org ([209.51.188.17]:52426)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <GNUtoo@HIDDEN>) id 1m9zED-00083j-Vo
for submit <at> debbugs.gnu.org; Sat, 31 Jul 2021 20:21:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:52306)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <GNUtoo@HIDDEN>)
id 1m9zED-00041r-Na
for bug-guix@HIDDEN; Sat, 31 Jul 2021 20:21:17 -0400
Received: from cyberdimension.org ([80.67.179.20]:60726
helo=gnutoo.cyberdimension.org)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256)
(Exim 4.90_1) (envelope-from <GNUtoo@HIDDEN>)
id 1m9zEB-0002sy-0E
for bug-guix@HIDDEN; Sat, 31 Jul 2021 20:21:17 -0400
Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1])
by cyberdimension.org (OpenSMTPD) with ESMTP id 95098ca9
for <bug-guix@HIDDEN>; Sun, 1 Aug 2021 00:15:05 +0000 (UTC)
Received: from primarylaptop.localdomain (localhost.localdomain [::1])
by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id 03c7cbbc
for <bug-guix@HIDDEN>; Sun, 1 Aug 2021 00:15:05 +0000 (UTC)
Date: Sun, 1 Aug 2021 02:21:42 +0200
From: Denis 'GNUtoo' Carikli <GNUtoo@HIDDEN>
To: bug-guix@HIDDEN
Subject: Guix time machine provenance/manifest reproducibility issue?
Message-ID: <20210801022142.2117e06e@HIDDEN>
X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.29; i686-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Sig_/gE7tLVvzRu9gzfBCYEJsg9g";
protocol="application/pgp-signature"; micalg=pgp-sha256
Received-SPF: pass client-ip=80.67.179.20;
envelope-from=GNUtoo@HIDDEN; helo=gnutoo.cyberdimension.org
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)
--Sig_/gE7tLVvzRu9gzfBCYEJsg9g
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Hi,
I've been trying to reproduce a tarball
(sz1lkq3ryr5iv6amy6f3d2pziks27g28-tarball-pack.tar.xz) that I generated
with guix pack on guix master the 28 January 2021.
To build it, in January, I used the following commands:
> guix pull
> guix pack \
> --compression=3Dxz \
> --save-provenance \
> -RR \
> --symlink=3D/usr/local/bin/repo=3Dbin/repo \
> --symlink=3D/usr/local/bin/repo-env.sh=3Detc/profile \
> git-repo le-certs nss-certs git python-certifi
That tarball is publicly available in the Replicant ftp server[1].
The extracted provenance file (named manifest) has the following
content:
> ;; This file was automatically generated and is for internal use only.
> ;; It cannot be passed to the '--manifest' option.
>=20
> (manifest
> (version 3)
> (packages
> (("git-repo"
> "2.4.1"
> "out"
> "/gnu/store/d4frkcdq15a7gyfjdggwg44ryi46fa2d-git-repo-2.4.1R"
> (propagated-inputs ())
> (search-paths ())
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))) ("le-certs"
> "0"
> "out"
> "/gnu/store/x004p4hnyy0ickg2f5msvrpszhy9hzpl-le-certs-0R"
> (propagated-inputs ())
> (search-paths ())
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))) ("nss-certs"
> "3.57"
> "out"
> "/gnu/store/shc8qpw1y2k7q668rx4gl6aff0wp1n6v-nss-certs-3.57R"
> (propagated-inputs ())
> (search-paths ())
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))) ("git"
> "2.30.0"
> "out"
> "/gnu/store/378nlw54nxy991jcilnnbrxasnfvv9wl-git-2.30.0R"
> (propagated-inputs ())
> (search-paths
> (("GIT_SSL_CAINFO"
> ("etc/ssl/certs/ca-certificates.crt")
> #f
> regular
> #f)
> ("GIT_EXEC_PATH"
> ("libexec/git-core")
> #f
> directory
> #f)))
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))) ("python-certifi"
> "2020.11.8"
> "out"
> "/gnu/store/hmp6ab9kw1z3hjns9h1fm3afsq4g6j7x-python-certifi-2020.11=
.8R"
> (propagated-inputs ())
> (search-paths ())
> (properties
> (provenance
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> (branch "master")
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> (introduction
> (channel-introduction
> (version 0)
> (commit
> "9edb3f66fd807b096b48283debdcddccfea34bad")
> (signer
> "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A
> 54FA"))))))))))
So I tried to reproduce it with the following command:
> guix time-machine \
> --commit=3Df9bd4621dd92a9415276706b476b9bd2973411fa -- \
> pack \
> --compression=3Dxz \
> --save-provenance \
> -RR \
> --symlink=3D/usr/local/bin/repo=3Dbin/repo \
> --symlink=3D/usr/local/bin/repo-env.sh=3Detc/profile \
> git-repo le-certs nss-certs git python-certifi
But the new tarball filename was different.
vivien in #guix helped me a lot by trying to build that tarball too and
me and viven have the same filename with guix-time-machine:
bfxvk59q0m034iyq5zkk841zkisayyjl-tarball-pack.tar.xz
We then managed to get to the root cause of the difference.
All the binaries were the sames. All the differences comes from the
fact that the provenance file (named 'manifest') is different.
That difference then produces a different profile name and also affects
/usr/bin as that references the profile.
Diffing the two provenance files gives that:
> +++
> bfxvk59q0m034iyq5zkk841zkisayyjl-tarball-pack/gnu/store/216jiimdyw7zyx8s9=
b3fz67aw69ydkvw-profile/manifest
> 1970-01-01 01:00:01.000000000 +0100 @@ -15,9 +15,10 @@ (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
> (version 0)
> @@ -36,9 +37,10 @@
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
> (version 0)
> @@ -57,9 +59,10 @@
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
> (version 0)
> @@ -88,9 +91,10 @@
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
> (version 0)
> @@ -109,9 +113,10 @@
> (repository
> (version 0)
> (url "https://git.savannah.gnu.org/git/guix.git")
> - (branch "master")
> + (branch #f)
> (commit
> "f9bd4621dd92a9415276706b476b9bd2973411fa")
> + (name guix)
> (introduction
> (channel-introduction
I've tried to add --branch=3Dmaster to guix time-machine and used guix
gc -D to remove the older tarball as it didn't rebuild it even with
--rounds=3D2, and at the end I still got the exact same
bfxvk59q0m034iyq5zkk841zkisayyjl-tarball-pack.tar.xz tarball (I've
compared both with cmp).
Am I doing something wrong, or is there an issue that needs to be fixed
somehow?
References:
-----------
[1]https://ftp.osuosl.org/pub/replicant/build-tools/repo/28-01-2021/
Denis.
--Sig_/gE7tLVvzRu9gzfBCYEJsg9g
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmEF6RYACgkQX138wUF3
4mM2EQ/9E8rYCDFZX04cSyV7wAhdUk3vQZoOpxDfP9vgfmOnP+UjrGH5lOmMRp34
t8gHMxrdnE5r5K9PNc7fL5ovcxz0CJqXbHEAzMYvtfdmiETbRIckv3dDtmyXpEyd
r3QtDyrzjT8zYXYiNlqrKij2x3aq4mxPaUX3m9sO4QYxJDZ7J4LkMsYUSrgyiQsa
i6qzT6Ly1k/bDFQm0SjXuJydqcbYNsRJQ3XFYxap98bqf3e9iIZmAwBtfV/NYZSk
QJ2yniEifkMWzBqJScrOgI3fQKV8ZOIgUKKL7PdyTvzKgNxWe5gFi7rCSg/Yr+M4
fSoGQCTxSjSWdPfhhxBM34rjnJQppItH3sVK+SlGDxLxhrv2gN+lhIJ5gklAMWr4
Ho5+gVh2b891I7ZebsZLn+JQw6lGT00q/vFvD0dQ4YHjG2fJ5mXJ2taigaknxFDO
TDcwu7s6CxWl/eeEh98Bzf/AbqQXWVhik+wlP4XI1QJcR5bDsEU7TdFbtCyYfRTV
V/fcfPYk7UGYiYYkUgUEwUD7CGXd0PdP6CowPM62Pi0UKKN3uDpRnKE8L1alBuJ5
LcnS0due1PMsnd+3oOZUTvI37nY0H/HqMeJ6kt8gx1U+DL8TVSaarxTHbDumOqTf
s9besxFsjinFEGfHCIfMgOaJBnUNcvY4uuZMAw7zUCWW19ByISw=
=cJWB
-----END PGP SIGNATURE-----
--Sig_/gE7tLVvzRu9gzfBCYEJsg9g--
Denis 'GNUtoo' Carikli <GNUtoo@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#49801; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.