Nixpkgs: Reproducible builds: GZIP timestamps

Created on 29 Apr 2020  路  8Comments  路  Source: NixOS/nixpkgs

As learned in https://github.com/NixOS/nixpkgs/pull/85659 gzip puts timestamps into headers of output files breaking reproducibility of packages. This can be fixed by calling gzip with -n argument.

In this issue, @FRidh suggested the following:

Maybe gzip should have a setup hook that exports GZIP="-n"?

At first sight, this seems like a way to go, but further investigation shows that "This feature will be removed in a future release of gzip." - source: https://www.gnu.org/software/gzip/manual/html_node/Environment.html

Debian wiki does not mention this removal at all: https://wiki.debian.org/ReproducibleBuilds/TimestampsInGzipHeaders

Do we still want to do this?

question reproducible builds
Source
picture prusnak

Most helpful comment

Guess it's time for the alias? Currently getting build logs with a lot of gzip: warning: GZIP environment variable is deprecated; use an alias or script.

picture eadwu on 30 May 2020
👍3

All 8 comments

If they remove it we can always fall-back to an alias I think.

FRidh picture FRidh on 29 Apr 2020

I second that. The Debian manpage also says, they tried adding a similar hook but that

made many maintainers grumpy. sigh
AFAIK Nix maintainers are a cheery folk, so we could give it a try. :)

Archives are a pain for reproducible builds, with cpio the worst I encountered yet.

wamserma picture wamserma on 30 Apr 2020

Guess it's time for the alias? Currently getting build logs with a lot of gzip: warning: GZIP environment variable is deprecated; use an alias or script.

eadwu picture eadwu on 30 May 2020
👍3

Just adding a note here that adding the GZIP env var seemed to break multipath-tools:
https://hydra.nixos.org/build/120914927

Their Makefile.inc file sets the variable GZIP = gzip -9 -c, and then uses it in build rules like (for example):

foo.gz:
        $(GZIP) foo > foo.gz

When setting GZIP via an env var set I presume it then treats the make variable as an env var to modify as well. Consequently we get this error:

gzip -9 -c mpath_persistent_reserve_in.3 > mpath_persistent_reserve_in.3.gz
gzip: -c: option not valid in GZIP environment variable
Try `gzip --help' for more information.

It ends up calling gzip with the GZIP env var set as gzip -9 -c, which is incorrect. I think this would be best fixed by using a script/alias instead.

danielfullmer picture danielfullmer on 1 Jun 2020

Where does such alias belong to? Here?
https://github.com/NixOS/nixpkgs/blob/46fcaf3c8a13f32e2c147fd88f97c4ad2d3b0f27/pkgs/stdenv/native/default.nix#L20-L25

prusnak picture prusnak on 1 Jun 2020

I would expect most uses of gzip to happen in Makefiles/Autotools scripts so alias would not help there. Meson no longer compresses manpages so the problem should not be there.

How frequent is that actually? Maybe it would be best to patch the individual projects (and upstream the changes).

jtojnar picture jtojnar on 2 Jun 2020

So it seems the alias is not really an option: see https://github.com/NixOS/nixpkgs/pull/89368#discussion_r434024462

I am closing this issue because the https://github.com/NixOS/nixpkgs/pull/86493 is in master already.

prusnak picture prusnak on 5 Jun 2020

FTR: Once the setting via an env variable is removed we could create a wrapper.

prusnak picture prusnak on 5 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

edolstra picture edolstra  路  3Comments
spacekitteh picture spacekitteh  路  3Comments
langston-barrett picture langston-barrett  路  3Comments
ob7 picture ob7  路  3Comments
vaibhavsagar picture vaibhavsagar  路  3Comments