[bug#57304] Fix mm-common reproduciblility issues

Message ID	874jy7k4p2.fsf@contorta
State	Accepted
Headers	show Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Subject: [bug#57304] Fix mm-common reproduciblility issues Resent-From: Vagrant Cascadian <vagrant@reproducible-builds.org> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 20 Aug 2022 02:52:02 +0000 Resent-Message-ID: <handler.57304.B.166096391823828@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org sender: vagrant@aikidev.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 4DF6C1ABC5 for <guix-patches@gnu.org>; Fri, 19 Aug 2022 19:51:42 -0700 (PDT) From: Vagrant Cascadian <vagrant@reproducible-builds.org> Date: Fri, 19 Aug 2022 19:51:37 -0700 Message-ID: <874jy7k4p2.fsf@contorta> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=173.255.214.101; envelope-from=vagrant@reproducible-builds.org; helo=cascadia.aikidev.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-getmail-retrieved-from-mailbox: Patches
Series	[bug#57304] Fix mm-common reproduciblility issues \| expand [bug#57304] Fix mm-common reproduciblility issues

Message ID

874jy7k4p2.fsf@contorta

State

Accepted

Headers

Subject: [bug#57304] Fix mm-common reproduciblility issues
Resent-From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 20 Aug 2022 02:52:02 +0000
Resent-Message-ID: <handler.57304.B.166096391823828@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
To: 57304@debbugs.gnu.org
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 19 Aug 2022 19:51:37 -0700
Message-ID: <874jy7k4p2.fsf@contorta>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=173.255.214.101;
 envelope-from=vagrant@reproducible-builds.org; helo=cascadia.aikidev.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-getmail-retrieved-from-mailbox: Patches

Series

[bug#57304] Fix mm-common reproduciblility issues | expand

Checks

Context	Check	Description
cbaines/comparison	success	View comparision
cbaines/git-branch	success	View Git branch
cbaines/applying patch	success	View Laminar job
cbaines/issue	success	View issue

Context

Check

Description

cbaines/comparison

success

View comparision

cbaines/git-branch

success

View Git branch

cbaines/applying patch

success

View Laminar job

cbaines/issue

success

View issue

Commit Message

Vagrant Cascadian Aug. 20, 2022, 2:51 a.m. UTC

The userid used during the build is embedded in a shipped tarball in the
mm-common package. Some abbreviated diffoscope output from guix
challenge against builds from ci.guix.gnu.org and bordeax.guix.gnu.org:

│ │ │ │   --- /tmp/guix-directory.rKX8CR/share/doc/mm-common/skeletonmm.tar.xz
│ │ │ ├── +++ /tmp/guix-directory.rlW2tI/share/doc/mm-common/skeletonmm.tar.xz
│ │ │ │ ├── skeletonmm.tar
│ │ │ │ │ ├── file list
│ │ │ │ │ │ @@ -1,36 +1,36 @@
│ │ │ │ │ │ +-rw-r--r--   0 nixbld     (996) nixbld   (30000)       60 2021-05-20 08:57:07.009229 skeletonmm/.gitignore
│ │ │ │ │ │ +-rw-r--r--   0 nixbld     (996) nixbld   (30000)       59 2021-05-20 08:57:07.009229 skeletonmm/AUTHORS
│ │ │ │ │ │ +-rw-r--r--   0 nixbld     (996) nixbld   (30000)    26527 2021-05-20 08:57:07.009229 skeletonmm/COPYING
...
│ │ │ │ │ │ --rw-r--r--   0 nixbld     (995) nixbld   (30000)       60 2021-05-20 08:57:07.009229 skeletonmm/.gitignore
│ │ │ │ │ │ --rw-r--r--   0 nixbld     (995) nixbld   (30000)       59 2021-05-20 08:57:07.009229 skeletonmm/AUTHORS
│ │ │ │ │ │ --rw-r--r--   0 nixbld     (995) nixbld   (30000)    26527 2021-05-20 08:57:07.009229 skeletonmm/COPYING


The attached patch fixes this by setting the user, group, uid and gid
consistently.

  $ guix refresh --list-dependent mm-common
  Building the following 1138 packages would ensure 2236 dependent
  packages are rebuilt: ...

Looks like it will have to wait for core-updates at least...

live well,
  vagrant

Comments

Ludovic Courtès Aug. 30, 2022, 8:34 p.m. UTC | #1

Hi,

Vagrant Cascadian <vagrant@reproducible-builds.org> skribis:

> The userid used during the build is embedded in a shipped tarball in the
> mm-common package. Some abbreviated diffoscope output from guix
> challenge against builds from ci.guix.gnu.org and bordeax.guix.gnu.org:

Good catch.

> The attached patch fixes this by setting the user, group, uid and gid
> consistently.
>
>   $ guix refresh --list-dependent mm-common
>   Building the following 1138 packages would ensure 2236 dependent
>   packages are rebuilt: ...
>
> Looks like it will have to wait for core-updates at least...

Yeah, let’s apply it on ‘core-updates’.

> From 4b359c9bbc918e6dcf1cab1141a9651d6d7bf271 Mon Sep 17 00:00:00 2001
> From: Vagrant Cascadian <vagrant@reproducible-builds.org>
> Date: Fri, 19 Aug 2022 19:32:08 -0700
> Subject: [PATCH] gnu: mm-common: Build reproducibly.
>
> * gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch:
>   New file.
> * gnu/local.mk (dist_patch_DATA): Add patch.
> * gnu/packages/gnome.scm (mm-common)[source]: Add patch.

[...]

> +  %D%/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch \

I’d suggest a shorter name to appease ‘tar’, say
‘mm-common-reproducible-tarball.patch’.

Otherwise LGTM, thanks!

Ludo’.

Vagrant Cascadian Aug. 31, 2022, 12:46 a.m. UTC | #2

On 2022-08-30, Ludovic Courtès wrote:
> Vagrant Cascadian <vagrant@reproducible-builds.org> skribis:
>> The userid used during the build is embedded in a shipped tarball in the
>> mm-common package. Some abbreviated diffoscope output from guix
>> challenge against builds from ci.guix.gnu.org and bordeax.guix.gnu.org:
>
> Good catch.
>
>> The attached patch fixes this by setting the user, group, uid and gid
>> consistently.
>>
>>   $ guix refresh --list-dependent mm-common
>>   Building the following 1138 packages would ensure 2236 dependent
>>   packages are rebuilt: ...
>>
>> Looks like it will have to wait for core-updates at least...
>
> Yeah, let’s apply it on ‘core-updates’.
>
>> From 4b359c9bbc918e6dcf1cab1141a9651d6d7bf271 Mon Sep 17 00:00:00 2001
>> From: Vagrant Cascadian <vagrant@reproducible-builds.org>
>> Date: Fri, 19 Aug 2022 19:32:08 -0700
>> Subject: [PATCH] gnu: mm-common: Build reproducibly.
>>
>> * gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch:
>>   New file.
>> * gnu/local.mk (dist_patch_DATA): Add patch.
>> * gnu/packages/gnome.scm (mm-common)[source]: Add patch.
>
> [...]
>
>> +  %D%/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch \
>
> I’d suggest a shorter name to appease ‘tar’, say
> ‘mm-common-reproducible-tarball.patch’.

I do not think tar is too worried about that anymore since the updated
tar format, but it is easier on human eyes, so I'll go along with it. :)

Pushed 5ce7178eb8375716625de14f59e227fdd9b8d9f0 to core-updates!


live well,
  vagrant

From 4b359c9bbc918e6dcf1cab1141a9651d6d7bf271 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Fri, 19 Aug 2022 19:32:08 -0700
Subject: [PATCH] gnu: mm-common: Build reproducibly.

* gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch:
  New file.
* gnu/local.mk (dist_patch_DATA): Add patch.
* gnu/packages/gnome.scm (mm-common)[source]: Add patch.
---
 gnu/local.mk                                  |  1 +
 gnu/packages/gnome.scm                        |  5 ++-
 ...consistent-user-and-group-in-tarball.patch | 40 +++++++++++++++++++
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 4e4ad908ce..20d322e27f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1516,6 +1516,7 @@  dist_patch_DATA =						\
   %D%/packages/patches/mit-krb5-hurd.patch			\
   %D%/packages/patches/mixxx-link-qtscriptbytearray-qtscript.patch	\
   %D%/packages/patches/mixxx-system-googletest-benchmark.patch	\
+  %D%/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch \
   %D%/packages/patches/mpc123-initialize-ao.patch		\
   %D%/packages/patches/mpg321-CVE-2019-14247.patch		\
   %D%/packages/patches/mpg321-gcc-10.patch			\
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index ae46e55c51..790881b9d8 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -1143,7 +1143,10 @@  (define-public mm-common
                                   "mm-common-" version ".tar.xz"))
               (sha256
                (base32
-                "1x8yvjy0yg17qyhmqws8xh2k8dvzrhpwqz7j1cfwzalrb1i9c5g8"))))
+                "1x8yvjy0yg17qyhmqws8xh2k8dvzrhpwqz7j1cfwzalrb1i9c5g8"))
+              (patches
+               (search-patches
+                "mm-common-consistent-user-and-group-in-tarball.patch"))))
     (build-system meson-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch b/gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch
new file mode 100644
index 0000000000..f0890aaf57
--- /dev/null
+++ b/gnu/packages/patches/mm-common-consistent-user-and-group-in-tarball.patch
@@ -0,0 +1,40 @@ 
+From 024c121c844a4ec920133eb3f7e6b6ee8044c0b6 Mon Sep 17 00:00:00 2001
+From: Vagrant Cascadian <vagrant@reproducible-builds.org>
+Date: Sat, 12 Dec 2020 04:05:56 +0000
+Original-Patch: https://bugs.debian.org/977177
+Subject: [PATCH] Set uid, username, gid, and group name on files in
+ generated tarball.
+
+The user and group may otherwise vary between builds on different systems.
+
+---
+ util/meson_aux/skeletonmm-tarball.py | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/util/meson_aux/skeletonmm-tarball.py b/util/meson_aux/skeletonmm-tarball.py
+index db9e650..89049b6 100755
+--- a/util/meson_aux/skeletonmm-tarball.py
++++ b/util/meson_aux/skeletonmm-tarball.py
+@@ -39,10 +39,18 @@ elif output_file.endswith('.gz'):
+ else:
+   mode = 'w'
+ 
++def reproducible(tarinfo):
++  # Set consistent user and group on files in the tar archive
++  tarinfo.uid = 0
++  tarinfo.uname = 'root'
++  tarinfo.gid = 0
++  tarinfo.gname = 'root'
++  return tarinfo
++
+ with tarfile.open(output_file, mode=mode) as tar_file:
+   os.chdir(source_dir) # Input filenames are relative to source_dir.
+   for file in sys.argv[3:]:
+-    tar_file.add(file)
++    tar_file.add(file, filter=reproducible)
+ # Errors raise exceptions. If an exception is raised, Meson+ninja will notice
+ # that the command failed, despite exit(0).
+ sys.exit(0)
+-- 
+2.29.2
+
-- 
2.35.1