diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-11-05 09:32:31 +0100 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-11-05 09:32:31 +0100 |
| commit | 480416cc0d7e508b652c516af8d7342e3b1e59e3 (patch) | |
| tree | d64d990b0d7cc1f80dca687b48563bc71628b55e /nixpkgs/.github | |
| parent | 05f40ff2bfe9c68198664c38d65816f677ac7ed4 (diff) | |
| parent | fa804edfb7869c9fb230e174182a8a1a7e512c40 (diff) | |
| download | nixlib-480416cc0d7e508b652c516af8d7342e3b1e59e3.tar nixlib-480416cc0d7e508b652c516af8d7342e3b1e59e3.tar.gz nixlib-480416cc0d7e508b652c516af8d7342e3b1e59e3.tar.bz2 nixlib-480416cc0d7e508b652c516af8d7342e3b1e59e3.tar.lz nixlib-480416cc0d7e508b652c516af8d7342e3b1e59e3.tar.xz nixlib-480416cc0d7e508b652c516af8d7342e3b1e59e3.tar.zst nixlib-480416cc0d7e508b652c516af8d7342e3b1e59e3.zip | |
Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs into HEAD
Conflicts: nixpkgs/pkgs/servers/pr-tracker/default.nix
Diffstat (limited to 'nixpkgs/.github')
| -rw-r--r-- | nixpkgs/.github/CODEOWNERS | 2 | ||||
| -rw-r--r-- | nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md | 72 | ||||
| -rw-r--r-- | nixpkgs/.github/workflows/backport.yml | 2 |
3 files changed, 67 insertions, 9 deletions
diff --git a/nixpkgs/.github/CODEOWNERS b/nixpkgs/.github/CODEOWNERS index a206164d6685..f8278d1cbe48 100644 --- a/nixpkgs/.github/CODEOWNERS +++ b/nixpkgs/.github/CODEOWNERS @@ -48,6 +48,8 @@ /pkgs/build-support/setup-hooks/auto-patchelf.sh @layus /pkgs/build-support/setup-hooks/auto-patchelf.py @layus /pkgs/pkgs-lib @infinisil +## Format generators/serializers +/pkgs/pkgs-lib/formats/libconfig @ckiee # pkgs/by-name /pkgs/test/nixpkgs-check-by-name @infinisil diff --git a/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md b/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md index 13988026f8d7..8046e809a214 100644 --- a/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md +++ b/nixpkgs/.github/ISSUE_TEMPLATE/unreproducible_package.md @@ -7,25 +7,81 @@ assignees: '' --- -Building this package twice does not produce the bit-by-bit identical result each time, making it harder to detect CI breaches. You can read more about this at https://reproducible-builds.org/ . +<!-- +Hello dear reporter, -Fixing bit-by-bit reproducibility also has additional advantages, such as avoiding hard-to-reproduce bugs, making content-addressed storage more effective and reducing rebuilds in such systems. +Thank you for bringing attention to this issue. Your insights are valuable to +us, and we appreciate the time you took to document the problem. + +I wanted to kindly point out that in this issue template, it would be beneficial +to replace the placeholder `<package>` with the actual, canonical name of the +package you're reporting the issue for. Doing so will provide better context and +facilitate quicker troubleshooting for anyone who reads this issue in the +future. + +Best regards +--> + +Building this package multiple times does not yield bit-by-bit identical +results, complicating the detection of Continuous Integration (CI) breaches. For +more information on this issue, visit +[reproducible-builds.org](https://reproducible-builds.org/). + +Fixing bit-by-bit reproducibility also has additional advantages, such as +avoiding hard-to-reproduce bugs, making content-addressed storage more effective +and reducing rebuilds in such systems. ### Steps To Reproduce +In the following steps, replace `<package>` with the canonical name of the +package. + +#### 1. Build the package + +This step will build the package. Specific arguments are passed to the command +to keep the build artifacts so we can compare them in case of differences. + +Execute the following command: + ``` -nix-build '<nixpkgs>' -A ... && nix-build '<nixpkgs>' -A ... --check --keep-failed +nix-build '<nixpkgs>' -A <package> && nix-build '<nixpkgs>' -A <package> --check --keep-failed ``` -If this command completes successfully, no differences where found. However, when it ends in `error: derivation '<X>' may not be deterministic: output '<Y>' differs from '<Z>'`, you can use `diffoscope <Y> <Z>` to analyze the differences in the output of the two builds. +Or using the new command line style: + +``` +nix build nixpkgs#<package> && nix build nixpkgs#<package> --rebuild --keep-failed +``` + +#### 2. Compare the build artifacts + +If the previous command completes successfully, no differences were found and +there's nothing to do, builds are reproducible. +If it terminates with the error message `error: derivation '<X>' may not be +deterministic: output '<Y>' differs from '<Z>'`, use `diffoscope` to investigate +the discrepancies between the two build outputs. You may need to add the +`--exclude-directory-metadata recursive` option to ignore files and directories +metadata (*e.g. timestamp*) differences. + +``` +nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive <Y> <Z> +``` + +#### 3. Examine the build log + +To examine the build log, use: + +``` +nix-store --read-log $(nix-instantiate '<nixpkgs>' -A <package>) +``` -To view the build log of the build that produced the artifact in the binary cache: +Or with the new command line style: ``` -nix-store --read-log $(nix-instantiate '<nixpkgs>' -A ...) +nix log $(nix path-info --derivation nixpkgs#<package>) ``` ### Additional context -(please share the relevant fragment of the diffoscope output here, -and any additional analysis you may have done) +(please share the relevant fragment of the diffoscope output here, and any +additional analysis you may have done) diff --git a/nixpkgs/.github/workflows/backport.yml b/nixpkgs/.github/workflows/backport.yml index d174203238c8..50562bd9310b 100644 --- a/nixpkgs/.github/workflows/backport.yml +++ b/nixpkgs/.github/workflows/backport.yml @@ -24,7 +24,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs - uses: korthout/backport-action@v1.3.1 + uses: korthout/backport-action@v2.0.0 with: # Config README: https://github.com/korthout/backport-action#backport-action copy_labels_pattern: 'severity:\ssecurity' |