[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A real-life test of long-term reproducibility
From: |
zimoun |
Subject: |
Re: A real-life test of long-term reproducibility |
Date: |
Fri, 19 Aug 2022 12:25:01 +0200 |
Hi Konrad,
On lun., 08 août 2022 at 10:44, Konrad Hinsen <konrad.hinsen@fastmail.net>
wrote:
>> Besides, I recently added ‘etc/time-travel-manifest.scm’ and added a
>> corresponding jobset at <https://ci.guix.gnu.org/jobset/time-travel>
>
> Nice! Guix will be certified for time travel!
[...]
>> For best practices, I do have one suggestion. The Guix package
>> collection is not uniformly reproducible or archived. The best thing
>> you can do to ensure the long-term prospects of your projects is to
>> actually check how much of the source code is archived and how many of
>> the builds are reproducible. There is no turn-key solution for this
>
> Yes, that's a good idea, and I have done it for my most recent packages.
> Time will tell if this is enough.
Now, Guix is checking that “guix time-machine” does not break; i.e, be
able to rebuild a previous Guix using inferior. That’s cool!
However, many things can be out of rail. This claim about
reproducibility over the time assumes:
1. compatibility of the Linux kernel
2. availability of all the source code
3. compatibility of the hardware
Well, until now, nothing had been reported about #1. But, we have
examples of issues about #2 and #3.
For instance, about #2, Timothy reported the loss of the source code of
ImageMagick 6.9.9-30 – some time ago, I reported another issue with
another ImageMagick version from 2020
(<https://yhetil.org/guix/87tuebwlrc.fsf@gmail.com>). Although the
project is making many efforts to archive all the source, the coverage
is not 100%:
https://ngyro.com/pog-reports/latest/
and only one tiny loss of only one node in the graph of dependencies,
then all the efforts are ruined.
About #3, the new NVMe disks leads to an issue with bootstrapping; as
reported by <https://issues.guix.gnu.org/41264>. It means that, if the
binary substitutes are lost and I have only a machine with NVMe, then I
cannot rebuild from scratch.
All that said, Guix is the best and most advanced solution on the market
for reproducible time-traveling. :-) For most of the cases, it is
awesome to just type “guix time-machine” and rebuild a complete
computational environment exactly as it was 2 or 3 years ago.
On lun., 08 août 2022 at 10:49, Konrad Hinsen <konrad.hinsen@fastmail.net>
wrote:
> Even 1.0.0 isn't obvious:
>
> $ guix time-machine --commit=version-1.0.0 -- environment guix
> guix time-machine: error: Git error: unable to parse OID - contains invalid
> characters
>
> OK, so let's try the commit hash:
>
> $ guix time-machine --commit=48aa30ce73d45dc5f126f42f01e65f1be4a9b578 --
> environment guix
> Updating channel 'guix' from Git repository at
> 'https://git.savannah.gnu.org/git/guix.git'...
> Authenticating channel 'guix', commits 9edb3f6 to 48aa30c (6 new commits)...
> guix time-machine: error: commit
> 48aa30ce73d45dc5f126f42f01e65f1be4a9b578 is not a descendant of
> introductory commit 9edb3f66fd807b096b48283debdcddccfea34bad
That’s because version-1.0.0 (48aa30ce73) is a branch and indeed not a
descendant.
--8<---------------cut here---------------start------------->8---
* 746ac457cc Merge branch 'version-1.0.0'
|\
* | c457f109be gnu: php: Update to 7.3.5.
[...]
* | 1a8984536f gnu: Add sdl2-net.
| | * 48aa30ce73 build: Add 'doc/build.scm' to build on-line copies of the
manual. (origin/version-1.0.0)
| | * adf577dcc4 doc: Update htmlxref.cnf.
| | * 1a9fc8e228 doc: Warn about missing entries in htmlxref.cnf.
| | * 2921b6a611 doc: Adjust cross-references for GNU triplets.
| | * 3aa11dfbed doc: Provide the actual URL to the VM image.
| | * 542e7fb57f doc: Add note about <https://bugs.gnu.org/35541>.
| | /
| |/
| * 3a3e9f2bb5 guix-install.sh: Update URL.
| * 9c941364bf vm: Build ISOs and VM images in a UTF-8 environment.
| * 17acc215bf gnu: guix: Update to 326dcbf.
| * 326dcbf1b3 gnu: guix: Update to 1.0.0.
| * 6298c3ffd9 Update NEWS. (tag: v1.0.0)
--8<---------------cut here---------------end--------------->8---
What you want is tag v1.0.0 (6298c3ffd9). Otherwise, you need the
option ’--disable-authentication’.
Cheers,
simon