[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: unexpected reproducibility of reproducible blog post?
From: |
Ludovic Courtès |
Subject: |
Re: unexpected reproducibility of reproducible blog post? |
Date: |
Tue, 05 May 2020 12:06:22 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi,
Konrad Hinsen <address@hidden> skribis:
> I looked a bit at grafts. The documentation at
>
> https://guix.gnu.org/manual/en/html_node/Security-Updates.html
>
> isn't very explicit about the reproducibility of grafts. In particular,
> it doesn't say if a package containing patched binaries retains its
> original hash, or receives a new unique one. With a unique hash, grafts
> would just be a tweak in the build system, and no less reproducible than
> standard builds. It looks like I have to dive into the source code to
> find out!
Grafts are normal derivations, and they’re deterministic: it’s just
about replacing a set of strings by another set of strings.
On the implementation, see also
<https://guix.gnu.org/blog/2016/timely-delivery-of-security-updates/>.
I’m also preparing a post of the recent (pre-1.1.0) changes in that
area.
Ludo’.