Rust packages are not reproducible

  • Open
  • quality assurance status badge
Details
2 participants
  • Efraim Flashner
  • Ludovic Courtès
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal
L
L
Ludovic Courtès wrote on 11 Aug 2021 23:15
Download
(address . bug-guix@gnu.org)
87czqjk7j6.fsf@inria.fr
Download
Hello!

Rust packages, which are essentially empty, are not bit-reproducible:

Toggle snippet (28 lines)
$ ./pre-inst-env guix challenge rust-rocket-codegen --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org'
/gnu/store/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7 contents differ:
no local build for '/gnu/store/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7'
https://ci.guix.gnu.org/nar/lzip/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7: 0j6zf2afvc49jnp7i6z7yvbxm0bmw8yc65hz3lncgvw5lc6z1bc1
https://bordeaux.guix.gnu.org/nar/lzip/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7: 015kb637b56mqcsg3f6x1qggm2bybiszji2069gb913wxbj6rs7w
differing file:
/share/cargo/registry/rocket_codegen-0.4.7.crate

1 store items were analyzed:
- 0 (0.0%) were identical
- 1 (100.0%) differed
- 0 (0.0%) were inconclusive
ludo@ribbon ~/src/guix$ ./pre-inst-env guix challenge rust-rocket-codegen
/gnu/store/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7 contents differ:
no local build for '/gnu/store/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7'
https://ci.guix.gnu.org/nar/lzip/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7: 0j6zf2afvc49jnp7i6z7yvbxm0bmw8yc65hz3lncgvw5lc6z1bc1
https://bordeaux.guix.gnu.org/nar/lzip/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7: 015kb637b56mqcsg3f6x1qggm2bybiszji2069gb913wxbj6rs7w
differing file:
/share/cargo/registry/rocket_codegen-0.4.7.crate

1 store items were analyzed:
- 0 (0.0%) were identical
- 1 (100.0%) differed
- 0 (0.0%) were inconclusive
$ git log |head -1
commit 973842acbc2d0dc1ab41738a534d4abda6d9efa7

The diffoscope output suggests it’s about timestamps on one file in the
.crate archive:

Toggle snippet (10 lines)
│ │ │ │ --- /tmp/guix-directory.ii5wmv/share/cargo/registry/rocket_codegen-0.4.7.crate
│ │ │ ├── +++ /tmp/guix-directory.uTTKSw/share/cargo/registry/rocket_codegen-0.4.7.crate
│ │ │ │ ├── rocket_codegen-0.4.7.crate-content
│ │ │ │ │ ├── file list
│ │ │ │ │ │ @@ -1,67 +1,67 @@
│ │ │ │ │ │ --rw-r--r-- 0 0 0 1293 2021-07-27 15:22:18.000000 rocket_codegen-0.4.7/Cargo.toml
[…]
│ │ │ │ │ │ +-rw-r--r-- 0 0 0 1293 2021-07-27 22:01:49.000000 rocket_codegen-0.4.7/Cargo.toml

Does that ring a bell?

Thanks,
Ludo’.

PS: I noticed this via
with help from Chris. Fixing this could noticeably improve our
stats. :-)
E
E
Efraim Flashner wrote on 12 Aug 2021 08:44
Download
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 50015@debbugs.gnu.org)
YRTDOLDQK3bAV6gK@3900XT
Download
On Wed, Aug 11, 2021 at 11:15:09PM +0200, Ludovic Courtès wrote:
Toggle quote (58 lines)
> Hello!
>
> Rust packages, which are essentially empty, are not bit-reproducible:
>
> --8<---------------cut here---------------start------------->8---
> $ ./pre-inst-env guix challenge rust-rocket-codegen --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org'
> /gnu/store/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7 contents differ:
> no local build for '/gnu/store/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7'
> https://ci.guix.gnu.org/nar/lzip/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7: 0j6zf2afvc49jnp7i6z7yvbxm0bmw8yc65hz3lncgvw5lc6z1bc1
> https://bordeaux.guix.gnu.org/nar/lzip/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7: 015kb637b56mqcsg3f6x1qggm2bybiszji2069gb913wxbj6rs7w
> differing file:
> /share/cargo/registry/rocket_codegen-0.4.7.crate
>
> 1 store items were analyzed:
> - 0 (0.0%) were identical
> - 1 (100.0%) differed
> - 0 (0.0%) were inconclusive
> ludo@ribbon ~/src/guix$ ./pre-inst-env guix challenge rust-rocket-codegen
> /gnu/store/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7 contents differ:
> no local build for '/gnu/store/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7'
> https://ci.guix.gnu.org/nar/lzip/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7: 0j6zf2afvc49jnp7i6z7yvbxm0bmw8yc65hz3lncgvw5lc6z1bc1
> https://bordeaux.guix.gnu.org/nar/lzip/09hlac18bwl1kcnhdig7z1v2j8ly1czw-rust-rocket-codegen-0.4.7: 015kb637b56mqcsg3f6x1qggm2bybiszji2069gb913wxbj6rs7w
> differing file:
> /share/cargo/registry/rocket_codegen-0.4.7.crate
>
> 1 store items were analyzed:
> - 0 (0.0%) were identical
> - 1 (100.0%) differed
> - 0 (0.0%) were inconclusive
> $ git log |head -1
> commit 973842acbc2d0dc1ab41738a534d4abda6d9efa7
> --8<---------------cut here---------------end--------------->8---
>
> The diffoscope output suggests it’s about timestamps on one file in the
> .crate archive:
>
> --8<---------------cut here---------------start------------->8---
> │ │ │ │ --- /tmp/guix-directory.ii5wmv/share/cargo/registry/rocket_codegen-0.4.7.crate
> │ │ │ ├── +++ /tmp/guix-directory.uTTKSw/share/cargo/registry/rocket_codegen-0.4.7.crate
> │ │ │ │ ├── rocket_codegen-0.4.7.crate-content
> │ │ │ │ │ ├── file list
> │ │ │ │ │ │ @@ -1,67 +1,67 @@
> │ │ │ │ │ │ --rw-r--r-- 0 0 0 1293 2021-07-27 15:22:18.000000 rocket_codegen-0.4.7/Cargo.toml
> […]
> │ │ │ │ │ │ +-rw-r--r-- 0 0 0 1293 2021-07-27 22:01:49.000000 rocket_codegen-0.4.7/Cargo.toml
> --8<---------------cut here---------------end--------------->8---
>
> Does that ring a bell?
>
> Thanks,
> Ludo’.
>
> PS: I noticed this via
> <http://data.guix.gnu.org/revision/973842acbc2d0dc1ab41738a534d4abda6d9efa7/package-reproducibility>
> with help from Chris. Fixing this could noticeably improve our
> stats. :-)
>

I tried patching this a couple of ways, but it looks like the best
option is going to be a 'patch-and-repack phase after 'install. the
.crate file is really a gzip tarball, and I suspect that each time we
run 'cargo <something>' the timestamp gets updated.

--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
Download
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmEUwzUACgkQQarn3Mo9
g1F7tg//XiLuiL/dxqljwP8i+PI3QjmDZ2FruKBxs24MIp/WVYjcqiSpggcR0U47
kSLmz2WLIJ+MxlTU6WPgI3xVaD2niBSBpYBaPJHLG6dzBNEJk4jwr5MZFIFEz2nS
8XaRlz7g5A/vKW6ozpRbkovpeHILSBa925TOl5XcQFFF/7PtZXk0P7Qo++PzyBJg
/RWSu40spYzDKkQkgNX8nlOpp7gCY8jPLHusJI+fWjjIP6b6eHiVHeyb4MowWFn5
BY/nFGC3Th0BfCEzmsDNoepbjNXAq6Bqc6l2xI76nK80a+bXDtAbTZ9ZovyG36Ad
obetyqpb6gqdZKsGxVD8l/J/GILwLoRJMM8t5h+n3ygugcflmUErkODp7xn8X4b6
1XpMOweq2+D8mynU70krufhqmrhBm2iWSyDymMpja3lU5g/Yl7ZssrEMoQSTaah4
JeWo523wxhN4lQ2+IAk10pSMtYv9gDbwd68nzUM2yQaJLF6skoaymIbtKG0TNLLX
+YwvE6zqliYfa8GjA2vH6aKcofYTESHTGSa+f5Zdyr5690IYMi/MA/YU11Q+cG7C
+CcEDgRmMZxXFLn+v51c7YNitGP4E7CeZJzYzdvzHefe0quL42YbbbkAPym0lISG
9KAyG8V6kAgUYw8CuZ12h+guIsPCEDg6E44LhTknid5f8Tbqd6g=
=Mkwl
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 12 Aug 2021 10:06
Download
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 50015@debbugs.gnu.org)
874kbvhysf.fsf@gnu.org
Download
Hello!

Efraim Flashner <efraim@flashner.co.il> skribis:

Toggle quote (5 lines)
> I tried patching this a couple of ways, but it looks like the best
> option is going to be a 'patch-and-repack phase after 'install. the
> .crate file is really a gzip tarball, and I suspect that each time we
> run 'cargo <something>' the timestamp gets updated.

So that ‘Cargo.toml’ file is not something taken from the build tree?
In that case we could reset the timestamp before the tarball is
created. But otherwise yeah, patch’n’repack.

Ludo’.
?