Received: (at 75090) by debbugs.gnu.org; 29 Jan 2025 19:02:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jan 29 14:02:20 2025
Received: from localhost ([127.0.0.1]:43064 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tdDKO-0005I9-1C
for submit <at> debbugs.gnu.org; Wed, 29 Jan 2025 14:02:20 -0500
Received: from uggla.sjd.se ([2001:9b1:8633::107]:52956)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <simon@HIDDEN>)
id 1tdDKJ-0005Ho-AM; Wed, 29 Jan 2025 14:02:17 -0500
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed;
d=josefsson.org; s=ed2303; h=MIME-Version:Content-Type:References:In-Reply-To
:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To:Content-Transfer-Encoding
:Content-ID:Content-Description;
bh=TQkh6f53b4QYsjKn0I6wUY+tAXwu2SARcbmQ483hzZs=; t=1738177335; x=1739386935;
b=dizaJWmrAR84GMZz61MiRw4zn76gN/7fmFMBOtMDzL8PHcumRbxydA2iBJ5PKHu8e97QwNOsmUi
UrEpP2OJjAA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=josefsson.org; s=rsa2303; h=MIME-Version:Content-Type:References:
In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender:Reply-To:
Content-Transfer-Encoding:Content-ID:Content-Description;
bh=TQkh6f53b4QYsjKn0I6wUY+tAXwu2SARcbmQ483hzZs=; t=1738177335; x=1739386935;
b=OJzEq9E7WqnW/7tdUNjfpCM3WFwcHKo6m9LGl+WvR/wuIcseu7L0kx014IE9QWoIQoIaycToNRA
y1G81MwlmvO9hagwQ2I7ApultSeYjDfzxwaXHTx3j4ROHADM9b3Qij+/v9mBqGaHz/fxv+9g8qVfK
YNlg2jmZZ7wcg7GukqnF/14lYJsvOrTietynh98GPCSS1uOJlzRqYlkjfOC0FuqoA32M+c/ELsz+f
/WZd+HCbKKxj9klmpPy8HI4yyJkrvWWCg4I4mQisDtJzP+LIgreE3b57Wo64WS+msHSzHrgAB72GR
XabulGkGya7qPMAQGci0JrdNPNdT4knV7THBM0uVDMrV6MQpOJ0/dOe6B8JmXWMfekCORK6FJ5U/V
Fmf/Sf4iKm2H5q+q2rG31pCobJ81DpW8fqn8HgEg1Ekz+h5mc4s5mTsUyXklSFD8/+z45SwoN;
Received: from h-178-174-130-130.a498.priv.bahnhof.se ([178.174.130.130]:59436
helo=kaka.lan) by uggla.sjd.se with esmtpsa (TLS1.3) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <simon@HIDDEN>) id 1tdDKG-0004F2-GP;
Wed, 29 Jan 2025 19:02:12 +0000
Message-ID: <7d999f7dfcfe6c2321e2456f60d43d30715b25f1.camel@HIDDEN>
Subject: Re: [bug#75426] [PATCH] docker: Build tarballs reproducibly.
From: Simon Josefsson <simon@HIDDEN>
To: Ludovic =?ISO-8859-1?Q?Court=E8s?= <ludo@HIDDEN>,
75426 <at> debbugs.gnu.org, 75090 <at> debbugs.gnu.org
Date: Wed, 29 Jan 2025 20:02:08 +0100
In-Reply-To: <87wmejbyla.fsf@HIDDEN>
References: <ab1044307c88a61032be563b73e325eb9cf339ba.1736290435.git.ludo@HIDDEN>
<87wmejbyla.fsf@HIDDEN>
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature"; boundary="=-NOp2ufHIJpR2+0TQJANV"
User-Agent: Evolution 3.44.4-0ubuntu2
MIME-Version: 1.0
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75090
Cc: Tobias Geerinckx-Rice <me@HIDDEN>, Christopher Baines <guix@HIDDEN>,
Josselin Poiret <dev@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>,
Mathieu Othacehe <othacehe@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
--=-NOp2ufHIJpR2+0TQJANV
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi! I suspect something went wrong with this patch, now 'guix pack'
fail and give the error below. Maybe the 'cf' has to come first?
https://gitlab.com/debdistutils/guix/container/-/jobs/8988707317
/Simon
tar: You must specify one of the '-Acdtrux', '--delete' or '--test-
label' options
Try 'tar --help' or 'tar --usage' for more information.
Backtrace:
7 (primitive-load "/gnu/store/hyx3flr5r251fc3x0z0l6r36159?")
In guix/docker.scm:
387:6 6 (build-docker-image "/gnu/store/vwia06dwxrsmf152spa6n2?"
?)
In ice-9/ports.scm:
433:17 5 (call-with-output-file _ _ #:binary _ #:encoding _)
476:4 4 (_ _)
In guix/docker.scm:
277:15 3 (_)
In srfi/srfi-1.scm:
586:17 2 (map1 ("/gnu/store/dn7ya77a3za7jqrihdql0hcxc0i32mmf-?" ?))
In guix/docker.scm:
279:18 1 (_ "/gnu/store/dn7ya77a3za7jqrihdql0hcxc0i32mmf-guix-1.?")
In guix/build/utils.scm:
822:6 0 (invoke "tar" "--mtime=3D@1" "--owner=3D0" "--group=3D0" "--?"
?)
guix/build/utils.scm:822:6: In procedure invoke:
ERROR:
1. &invoke-error:
program: "tar"
arguments: ("--mtime=3D@1" "--owner=3D0" "--group=3D0" "--numeric-
owner" "--sort=3Dname" "--mode=3Dgo+u,go-w" "cf" "layer.tar"
"/gnu/store/dn7ya77a3za7jqrihdql0hcxc0i32mmf-guix-1.4.0-31.121e96d")
exit-status: 2
term-signal: #f
stop-signal: #f
l=C3=B6r 2025-01-25 klockan 00:07 +0100 skrev Ludovic Court=C3=A8s:
> Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:
>=20
> > Fixes <https://issues.guix.gnu.org/75090>.
> >=20
> > * guix/docker.scm (tar): New procedure.
> > (create-empty-tar, build-docker-image): Use it instead of calling
> > =E2=80=98invoke=E2=80=99 directly.
> >=20
> > Reported-by: Simon Josefsson <simon@HIDDEN>
> > Change-Id: Ia899c43ed6a3809ff845de0953e3d38cccf24609
>=20
> Pushed as 646202bf73f90de4f9b7cc66248b8f8e6e381014.
>=20
> Ludo=E2=80=99.
--=-NOp2ufHIJpR2+0TQJANV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
iQNTBAAWCAL7FiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmeaezDCHCYAmDMEXJLO
tBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9fV+QlTmXxo2naObDuGtw58YaxlOu0
JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9zZWZzc29uLm9yZz6IlgQTFggAPgIb
AwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYhBLHSvRN1vst4TPT4xNc89jjFPAa+
BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA+wUa06RD5e5VTCxvSWtPS75Wq2qB
eYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fsFCDIGaEM2Yn6Vb2huzzT1Fw/BLgz
BFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAxI2hIX4HK9bQTpNVei708oNr1Klm8
qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0+MTXPPY4xTwGvgUCZf2IKwUJC3oQ
qgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9RcisI/kdFogUCXJLPgQAKCRBRcisI
/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE8GZHYNuFHmM9FEQS6AD6A4x5aYvo
Y6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4JENc89jjFPAa+GcYA/26YQY05bLtn
XiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9sHSoU8OfTwmTiEnGwLlsV7QJclZg3
YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UBBQEBB0AxlRumDW6nZY7A+VCfek9V
pEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggAJgIbDBYhBLHSvRN1vst4TPT4xNc8
9jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjFPAa+phoA/jrDqIrl/55vUMBhIQv+
TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2cOGxQtSC+TF8PkZMn1TLkJKAjVxr+
xx40AgAKCRBRcisI/kdFon8rAQDjyuNawr7l9rVVvvJF1/v9Ys8YEAguZBykLjXr
AlsSSQEAtr4WUwktnqhpoYgQ5/7RE9jq/sIOWEo1C42H9HzUtAE=
=Bo2J
-----END PGP SIGNATURE-----
--=-NOp2ufHIJpR2+0TQJANV--
bug-guix@HIDDEN:bug#75090; Package guix.
Full text available.
Received: (at 75090-done) by debbugs.gnu.org; 24 Jan 2025 23:07:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 24 18:07:25 2025
Received: from localhost ([127.0.0.1]:47437 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tbSlp-0000mq-HI
for submit <at> debbugs.gnu.org; Fri, 24 Jan 2025 18:07:25 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:39926)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>)
id 1tbSln-0000mY-Q9; Fri, 24 Jan 2025 18:07:24 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1tbSlh-0007SO-5F; Fri, 24 Jan 2025 18:07:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=jEP95HRCFTBdwJyzZrsgv3dH5DByfJrQfcj/Bbca9uw=; b=BI/64vu7h23LBFQKC0yZ
C8KYKThQTtfr0CHQAU+OO8J1+64AdDuXfacCeFSoDMfAThejCyBt/eTNHbfHnDHnUo+a7XoYNvvVF
pf2PKIvXw66DwoiJOAjeDywzxuSQ5Pw3quClSIjRf2LGAmOmBo6HKFi0PdUIgXqbfV6Hev1nhmeUU
HoC1koqLX4/MHUuahgFTETRC6idZf629CR0tWgkY3fJTo0GTRESEMBxHUsjgdj08jmJ0+pd1fgtaG
MwViEJhYLnuNmsaBQgVQmQdfXAl03y53Se78mw4IIie9arRspB89giPe8fP9WKfUg4ftOREFx+eoI
DfIId6MXa6IfgA==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: 75426-done <at> debbugs.gnu.org, 75090-done <at> debbugs.gnu.org
Subject: Re: [bug#75426] [PATCH] docker: Build tarballs reproducibly.
In-Reply-To: <ab1044307c88a61032be563b73e325eb9cf339ba.1736290435.git.ludo@HIDDEN>
("Ludovic =?utf-8?Q?Court=C3=A8s=22's?= message of "Tue, 7 Jan 2025
23:55:33 +0100")
References: <ab1044307c88a61032be563b73e325eb9cf339ba.1736290435.git.ludo@HIDDEN>
Date: Sat, 25 Jan 2025 00:07:13 +0100
Message-ID: <87wmejbyla.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75090-done
Cc: Simon Josefsson <simon@HIDDEN>, Josselin Poiret <dev@HIDDEN>,
Simon Tournier <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
Tobias Geerinckx-Rice <me@HIDDEN>, Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:
> Fixes <https://issues.guix.gnu.org/75090>.
>
> * guix/docker.scm (tar): New procedure.
> (create-empty-tar, build-docker-image): Use it instead of calling
> =E2=80=98invoke=E2=80=99 directly.
>
> Reported-by: Simon Josefsson <simon@HIDDEN>
> Change-Id: Ia899c43ed6a3809ff845de0953e3d38cccf24609
Pushed as 646202bf73f90de4f9b7cc66248b8f8e6e381014.
Ludo=E2=80=99.
Simon Josefsson <simon@HIDDEN>:Ludovic Courtès <ludo@HIDDEN>:Received: (at 75090) by debbugs.gnu.org; 7 Jan 2025 22:58:15 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 07 17:58:15 2025 Received: from localhost ([127.0.0.1]:45088 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tVIWd-000465-9q for submit <at> debbugs.gnu.org; Tue, 07 Jan 2025 17:58:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52970) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tVIWb-00045k-S8 for 75090 <at> debbugs.gnu.org; Tue, 07 Jan 2025 17:58:14 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1tVIWT-0007dg-Fv; Tue, 07 Jan 2025 17:58:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=cj9g9yZzyQu7cJmxcOtNeHihSCwYN+8sU1YygcTxB7U=; b=UnUFuNfSkF3dvcAjP34T OWe+42KQ5plF2Cjnz9gTxyUu/8IcwAYPEK2s/olWoAlIYR/Sswnn9J9kml2Gg2sv2JMZC6/mLS0Za LQjESpHKyk3BB80YmxrGZvmuRaE0f5jRdSCM5uIjH0ZWWJTycNSjKE1Na71v6xyjaFcQ0/yCXv6Hh KoyJyMAa9sa7TYF+2aAYLrP9N0XzyisNH+mzuQqDXbXM0PhbWTq9vdzsQTamrQKyvTUIaXc6gQQi/ URBbZJun3VFIV4Vhvkp7RDJjkf2BY1/21u2mn8ItroW7VJFECUYvjDJVi3NR7AHwvY2HQKAnZbxjD CKOMk0JacAbHTA==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Simon Josefsson <simon@HIDDEN> Subject: Re: bug#75090: Make 'guix pack -f docker' tarballs reproducible? In-Reply-To: <87msgjofih.fsf@HIDDEN> (Simon Josefsson's message of "Wed, 25 Dec 2024 18:10:14 +0100") References: <87msgjofih.fsf@HIDDEN> Date: Tue, 07 Jan 2025 23:57:41 +0100 Message-ID: <87jzb6xme2.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 75090 Cc: 75090 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Simon, Simon Josefsson <simon@HIDDEN> skribis: > I am creating docker archives using: > > guix pack guix bash-minimal coreutils-minimal net-base --save-provenance = -S /bin=3Dbin -S /share=3Dshare -f docker --image-tag=3Dguix --max-layers= =3D8 --verbosity=3D2 > > To my surprise the output was not reproducible between re-runs. > > The reason is because of the timestamp and ownership information in the > outer tarball. The internals are identical and reproducible. See > diffoscope output below. > > I tried to work around it by wrapping either the 'guix pack' or > 'guix-daemon' commands with this environment variable, which I suggest > for inspiration as additional parameters to tar: > > TAR_OPTIONS=3D"--owner=3D0 --group=3D0 --numeric-owner --sort=3Dname --mo= de=3Dgo+u,go-w --mtime=3D@0" > > I would prefer 'guix pack' produced reproducible archives by default. Indeed. I sent a fix based on your suggestion: <https://issues.guix.gnu.org/75426>. Thanks, Ludo=E2=80=99.
bug-guix@HIDDEN:bug#75090; Package guix.
Full text available.Received: (at submit) by debbugs.gnu.org; 25 Dec 2024 17:12:25 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Dec 25 12:12:25 2024 Received: from localhost ([127.0.0.1]:38676 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tQUvp-0006cP-AK for submit <at> debbugs.gnu.org; Wed, 25 Dec 2024 12:12:25 -0500 Received: from lists.gnu.org ([209.51.188.17]:35924) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <simon@HIDDEN>) id 1tQUvm-0006cH-St for submit <at> debbugs.gnu.org; Wed, 25 Dec 2024 12:12:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <simon@HIDDEN>) id 1tQUtg-0006JK-4L for bug-guix@HIDDEN; Wed, 25 Dec 2024 12:10:12 -0500 Received: from uggla.sjd.se ([2001:9b1:8633::107]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <simon@HIDDEN>) id 1tQUtd-0007Kt-3w for bug-guix@HIDDEN; Wed, 25 Dec 2024 12:10:11 -0500 DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description; bh=XIWbmLgyHz+rtnrDspz5FBAwWlhymDmex7FgM4n/aRg=; t=1735146599; x=1736356199; b=EjxHJbS9h0ZNbAgOFy7EbFhPxGLXaTDGxwpilTlIZgUfRRg CXTwuRX0VSuBs3Luhq32aPy7rlAbQr66o/zthBg==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description; bh=XIWbmLgyHz+rtnrDspz5FBAwWlhymDmex7FgM4n/aRg=; t=1735146599; x=1736356199; b=VwP30Da0shMvh3fKzab6i1DJ+aAf/Gp7El3ZwRjxY1RPg0e wPbhQmQ7w5y/JRQCf5lywDtDMhDq0C+58Ksmlk94CGXGrguaigmL6y1LTvXIFxxtKo5guGQTUCK4Z ONKZ5drzNF0TclNXDRalyOhfVpsNLUzD8k2irOTqaAigLdLEj45JNYy8FPXiUXSiFcsRJZOtJiQAX eN+fWwbHSM82xbIIQQxtQOQKvjt+TcILG5tlTiScA7+iTCRUEkhPxnN9318rtgjKLGy/2if/QZwL3 2qN91CMdubNev7BbnSA/WuRKHcIVBB+GcUDzukprNFFPFmkVquWyqThrwCxTNlSC1mNekCSjKHrXD M4DdOC3H8vPh3tnA2XoJAt8PRBc0lG4NrRT3ROR8TWQ9et5L4A94GggpA4+9E+got1LG9OaBPTlLp cPhVSQ7NEv8Mn+KWVoyEpyS1; Received: from h-178-174-130-130.a498.priv.bahnhof.se ([178.174.130.130]:46134 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@HIDDEN>) id 1tQUtR-007X99-O8 for bug-guix@HIDDEN; Wed, 25 Dec 2024 17:09:57 +0000 X-Hashcash: 1:23:241225:bug-guix@HIDDEN::LygcWLijrr5QqAa/:uY1n From: Simon Josefsson <simon@HIDDEN> To: bug-guix@HIDDEN Subject: Make 'guix pack -f docker' tarballs reproducible? OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt Date: Wed, 25 Dec 2024 18:10:14 +0100 Message-ID: <87msgjofih.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Received-SPF: pass client-ip=2001:9b1:8633::107; envelope-from=simon@HIDDEN; helo=uggla.sjd.se X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi I am creating docker archives using: guix pack guix bash-minimal coreutils-minimal net-base --save-provenance -S= /bin=3Dbin -S /share=3Dshare -f docker --image-tag=3Dguix --max-layers=3D8= --verbosity=3D2 To my surprise the output was not reproducible between re-runs. The reason is because of the timestamp and ownership information in the outer tarball. The internals are identical and reproducible. See diffoscope output below. I tried to work around it by wrapping either the 'guix pack' or 'guix-daemon' commands with this environment variable, which I suggest for inspiration as additional parameters to tar: TAR_OPTIONS=3D"--owner=3D0 --group=3D0 --numeric-owner --sort=3Dname --mode= =3Dgo+u,go-w --mtime=3D@0" I would prefer 'guix pack' produced reproducible archives by default. Alternatively, provide a way to allow me as user to specify some parameters for 'guix pack' to make that happen. /Simon jas@kaka:~/src/guix-container$ diffoscope stage1-docker-pack.tar.gz-1 stage= 1-docker-pack.tar.gz-2=20 =2D-- stage1-docker-pack.tar.gz-1 +++ stage1-docker-pack.tar.gz-2 =E2=94=82 --- stage1-docker-pack.tar.gz-1-content =E2=94=9C=E2=94=80=E2=94=80 +++ stage1-docker-pack.tar.gz-2-content =E2=94=82 =E2=94=9C=E2=94=80=E2=94=80 file list =E2=94=82 =E2=94=82 @@ -1,10 +1,10 @@ =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) 42145= 7920 2024-12-25 16:31:15.000000 sha256:e69812bf459ea0fba42d1d6fd518410a4e58= 8ddd4e4c007ddb4dd48c9c04293a/layer.tar =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) 56330= 240 2024-12-25 16:31:16.000000 sha256:45e67bf9fcad2f255f20dc614224b9e4260da= 1b63f2a361c2479e1ed64a9210a/layer.tar =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) 37632= 000 2024-12-25 16:31:16.000000 sha256:a8d1b46be57ba5a41051dedcf2d8d7bb2f13a= 9d58078729a962d04f5178274ba/layer.tar =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) 41523= 200 2024-12-25 16:31:16.000000 sha256:0756f500c123ba4f34cda21e5232932799fd3= 6c15243f7fcb1ef38ff6ec7533d/layer.tar =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) 37806= 080 2024-12-25 16:31:17.000000 sha256:bf18d11d88b81af3f6fb49b7d4b092d479b79= 67ac8dc4980cc381170997c6ccf/layer.tar =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) 17582= 080 2024-12-25 16:31:17.000000 sha256:9263a9904763737f9e8bdf08ca52cede34c2f= a9e99abe7f9ef273111752cb2ca/layer.tar =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) 14776= 3200 2024-12-25 16:31:20.000000 sha256:3d9a70bc298db46d9fdd95badacd3ec5586f= 3965110bb85b748be6bcfc57b171/layer.tar =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) 10= 240 2024-12-25 16:31:14.000000 sha256:3fb6718bc797283e8283fe1b843596ace2e62= db47d5b38d228a64a6bbb7c3564/layer.tar =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) = 736 2024-12-25 16:31:21.000000 manifest.json =E2=94=82 =E2=94=82 --rw-r--r-- 0 nixbld (997) nixbld (999) = 842 2024-12-25 16:31:21.000000 config.json =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) 42145= 7920 2024-12-25 16:41:20.000000 sha256:e69812bf459ea0fba42d1d6fd518410a4e58= 8ddd4e4c007ddb4dd48c9c04293a/layer.tar =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) 56330= 240 2024-12-25 16:41:21.000000 sha256:45e67bf9fcad2f255f20dc614224b9e4260da= 1b63f2a361c2479e1ed64a9210a/layer.tar =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) 37632= 000 2024-12-25 16:41:22.000000 sha256:a8d1b46be57ba5a41051dedcf2d8d7bb2f13a= 9d58078729a962d04f5178274ba/layer.tar =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) 41523= 200 2024-12-25 16:41:22.000000 sha256:0756f500c123ba4f34cda21e5232932799fd3= 6c15243f7fcb1ef38ff6ec7533d/layer.tar =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) 37806= 080 2024-12-25 16:41:22.000000 sha256:bf18d11d88b81af3f6fb49b7d4b092d479b79= 67ac8dc4980cc381170997c6ccf/layer.tar =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) 17582= 080 2024-12-25 16:41:23.000000 sha256:9263a9904763737f9e8bdf08ca52cede34c2f= a9e99abe7f9ef273111752cb2ca/layer.tar =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) 14776= 3200 2024-12-25 16:41:25.000000 sha256:3d9a70bc298db46d9fdd95badacd3ec5586f= 3965110bb85b748be6bcfc57b171/layer.tar =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) 10= 240 2024-12-25 16:41:19.000000 sha256:3fb6718bc797283e8283fe1b843596ace2e62= db47d5b38d228a64a6bbb7c3564/layer.tar =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) = 736 2024-12-25 16:41:26.000000 manifest.json =E2=94=82 =E2=94=82 +-rw-r--r-- 0 nixbld (997) nixbld (999) = 842 2024-12-25 16:41:26.000000 config.json jas@kaka:~/src/guix-container$=20 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCZ2w8dhQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFolS9AP9SiacOwwv/Ljjy5xRtSr7oLC/qTI4N bU55c/QBqV2EcAD/V4CFBFN63O7OFRDIQ100CYhotoRUnF7IQ+Pme7XPnQU= =mjf4 -----END PGP SIGNATURE----- --=-=-=--
Simon Josefsson <simon@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#75090; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.