colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4177297b14
nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md
Silvan Mosberger 7ae0729ae5 Encourage +1's for prioritisation 
Adds a small text to each issue and the PR template to encourage people to use
👍's for issues they're also interested in. See
https://github.com/NixOS/nix.dev/issues/359 for more information

Co-Authored-By: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-11-21 07:00:18 +01:00

2.9 KiB
Raw Blame History

name about title labels assignees
Unreproducible package A package that does not produce a bit-by-bit reproducible result each time it is built
0.kind: enhancement
6.topic: reproducible builds

Building this package multiple times does not yield bit-by-bit identical results, complicating the detection of Continuous Integration (CI) breaches. For more information on this issue, visit reproducible-builds.org.

Fixing bit-by-bit reproducibility also has additional advantages, such as avoiding hard-to-reproduce bugs, making content-addressed storage more effective and reducing rebuilds in such systems.

Steps To Reproduce

In the following steps, replace <package> with the canonical name of the package.

1. Build the package

This step will build the package. Specific arguments are passed to the command to keep the build artifacts so we can compare them in case of differences.

Execute the following command:

nix-build '<nixpkgs>' -A <package> && nix-build '<nixpkgs>' -A <package> --check --keep-failed

Or using the new command line style:

nix build nixpkgs#<package> && nix build nixpkgs#<package> --rebuild --keep-failed

2. Compare the build artifacts

If the previous command completes successfully, no differences were found and there's nothing to do, builds are reproducible. If it terminates with the error message error: derivation '<X>' may not be deterministic: output '<Y>' differs from '<Z>', use diffoscope to investigate the discrepancies between the two build outputs. You may need to add the --exclude-directory-metadata recursive option to ignore files and directories metadata (e.g. timestamp) differences.

nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z>

3. Examine the build log

To examine the build log, use:

nix-store --read-log $(nix-instantiate '<nixpkgs>' -A <package>)

Or with the new command line style:

nix log $(nix path-info --derivation nixpkgs#<package>)

Additional context

(please share the relevant fragment of the diffoscope output here, and any additional analysis you may have done)

Priorities

Add a 👍 reaction to issues you find important.