Skip to content

guix: Explicitly set umask in build container #21271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 25, 2021
Merged

guix: Explicitly set umask in build container #21271

merged 1 commit into from
Feb 25, 2021

Conversation

dongcarl
Copy link
Contributor

Opened as a separate PR to fix non-reproducibility found through testing here: #21089 (comment)

Many thanks to everyone who helped find this!

@dongcarl dongcarl mentioned this pull request Feb 22, 2021
Closed
15 tasks
@sipa
Copy link
Member

sipa commented Feb 22, 2021

Concept ACK

@dongcarl dongcarl mentioned this pull request Feb 22, 2021
Merged
@dongcarl
Copy link
Contributor Author

Pushed 283fe532329006

  • Rebased on top of master

@fanquake
Copy link
Member

Guix builds at 2329006:

bash-5.1# find output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
a293c595e5b358a2879e69f6d1dfb9d5b7699416ad0fffded8439ad745d4f93d  output/bitcoin-2329006031da-aarch64-linux-gnu-debug.tar.gz
49467f3c850fdb819732fb93f5e8a694016dad13c8050df1fce038e93cfb448b  output/bitcoin-2329006031da-aarch64-linux-gnu.tar.gz
3115eccb4f1c400310b3a9576ae337f0116acf6447fc8bfb3a0893402b5b59cb  output/bitcoin-2329006031da-arm-linux-gnueabihf-debug.tar.gz
6945dfd79b53738f247af215cc85f47c6852ea2b1c07e312441918524cdb09a3  output/bitcoin-2329006031da-arm-linux-gnueabihf.tar.gz
d85b723797cecae07210f9a77946d82b67d379430be7dc6623eb0d4da02e4453  output/bitcoin-2329006031da-osx-unsigned.dmg
b3968e21888a9b3645821a11897ddcec126617bacaeda2b0f73363de6a23bf9b  output/bitcoin-2329006031da-osx-unsigned.tar.gz
057a764c8833ec4f6fe2108d52ae7e4854e2336eab36623252380995724ad749  output/bitcoin-2329006031da-osx64.tar.gz
0288d0841f003313b533bccceda1814e1a4a96ab5b4e0b7cf1af714dbd04730a  output/bitcoin-2329006031da-powerpc64-linux-gnu-debug.tar.gz
877d10f6216753a8a6d7c634b6ed1bd4b84b28c8924bb8bde6b8470b72f4c8d8  output/bitcoin-2329006031da-powerpc64-linux-gnu.tar.gz
df317a252b595cd126a24ff8b8fd4b6046e3c13d17886e223b4cbfd6da661ba7  output/bitcoin-2329006031da-powerpc64le-linux-gnu-debug.tar.gz
51daaf2ade0c9520f36779e2a58c880faf92ab96aef9266d71f5d1ccf9037942  output/bitcoin-2329006031da-powerpc64le-linux-gnu.tar.gz
3d41e4711b09d9f6b547e4dbf3d2b29d3c93c9688fa2f38bff8d2067628321d9  output/bitcoin-2329006031da-riscv64-linux-gnu-debug.tar.gz
591112b7a1c46717db545f9cba6dd56c9a2178ddf9ecff5678da0f9eb598febc  output/bitcoin-2329006031da-riscv64-linux-gnu.tar.gz
38e3b19bba87cb7ce514a7021c4583fd8593b69715c0ef3522298be7b5b3918d  output/bitcoin-2329006031da-win-unsigned.tar.gz
a0cb654c6bf2016aef5f327295f679e87321a673aae7dc3b5a77999516e8f9d4  output/bitcoin-2329006031da-win64-debug.zip
ced9b04eb2637d3dc919593cae2a717dd97527703cb8c266ee97f93c08aedd9b  output/bitcoin-2329006031da-win64-setup-unsigned.exe
28db3a3dfc0d4835f4975638a68e264287d5b18177d0eb0fe42e92513873f12b  output/bitcoin-2329006031da-win64.zip
7c90a6a1b673b5f12bcb19874b13f729f01d25440b4375ec6f232d2d896b5260  output/bitcoin-2329006031da-x86_64-linux-gnu-debug.tar.gz
abb5be274d8f9d48fafb21629a36806af1a992f470d8377bee9d42f5ea370e23  output/bitcoin-2329006031da-x86_64-linux-gnu.tar.gz
6b99d09b8f2e08688ba0483824b9160ad6a3651231fc32ba65f4629e34906c5d  output/src/bitcoin-2329006031da.tar.gz

laanwj
laanwj reviewed Feb 23, 2021
View reviewed changes
contrib/guix/guix-build.sh Outdated
@@ -314,7 +314,7 @@ EOF
${BASE_CACHE:+BASE_CACHE="$BASE_CACHE"} \
DISTSRC="$(DISTSRC_BASE=/distsrc-base && distsrc_for_host "$HOST")" \
OUTDIR=/outdir \
bash -c "cd /bitcoin && bash contrib/guix/libexec/build.sh"
bash -c "cd /bitcoin && umask 0022 && bash contrib/guix/libexec/build.sh"
Copy link
Member

@laanwj laanwj Feb 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the rationale for not moving this into contrib/guix/libexec/build.sh?
(also, is this a temporary workaround until Guix isolates their builds better, or are we stuck with it, in the first case let's add a comment)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the rationale for not moving this into contrib/guix/libexec/build.sh?

None at all! Will move it in.

(also, is this a temporary workaround until Guix isolates their builds better, or are we stuck with it, in the first case let's add a comment)

I think I may have good standing to at least have guix environment --container set the umask value, so I will add a comment in case that patch gets approved.

@dongcarl
guix: Explicitly set umask in build container
d98f459 
A difference in system umask value can cause non-determinism when zip
archives are produced. Set it to a reasonable default.
@dongcarl
Copy link
Contributor Author

Pushed 2329006d98f459

$ find output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
85456d11b6ac569cdd4fa6f14ebcdb3e27f68ecc7d324db9a7446ba0ef180dd6  output/bitcoin-d98f4593cf00-aarch64-linux-gnu-debug.tar.gz
5a16a4f246354d2684fbb73dd2f4c11a9a845f8b623889d8a073c9bc51f46792  output/bitcoin-d98f4593cf00-aarch64-linux-gnu.tar.gz
f9a59fd243433c9d107a21da4a73be2887bf3ddd5216fc5435f3df241ac320e0  output/bitcoin-d98f4593cf00-arm-linux-gnueabihf-debug.tar.gz
4ca30765073ca100d2974d57828210746e52a1e824a3e13c5ae0f33098a99b13  output/bitcoin-d98f4593cf00-arm-linux-gnueabihf.tar.gz
60420a4783a18346a0eef28b75bebebc7bb196767d8a9e8316340412959af718  output/bitcoin-d98f4593cf00-osx-unsigned.dmg
00b6d982ca1f4a6308b81c43c5519b14e58c3d23b075598ca1639a502e63f8c6  output/bitcoin-d98f4593cf00-osx-unsigned.tar.gz
43fc2af0abc05424f4dca60c0ab0951b00ddee4b253e0ecf44b37918d277f0e1  output/bitcoin-d98f4593cf00-osx64.tar.gz
6638a23e61f109a3c50ca824d500998a4b82b0804bfe62c239fe2df558b1e9c4  output/bitcoin-d98f4593cf00-powerpc64-linux-gnu-debug.tar.gz
f4d7ca154310bc4835c0612b2793489272c640c367632a2ea36b326fc64db2a2  output/bitcoin-d98f4593cf00-powerpc64-linux-gnu.tar.gz
ed1efef033ce35acac431d10fc39739a5babadf4049bda1e26ca6df2678c8c43  output/bitcoin-d98f4593cf00-powerpc64le-linux-gnu-debug.tar.gz
9c34ed771f990491ee911a82b9863252676a30582482be6e482fd0dbfaec9bde  output/bitcoin-d98f4593cf00-powerpc64le-linux-gnu.tar.gz
400350afdcf659c0ef11ce9902db5ef0eaae0228f3e6f17b51d3ed29e24e40d6  output/bitcoin-d98f4593cf00-riscv64-linux-gnu-debug.tar.gz
c5e2c126f34ea4fb942cae6017009aeba72e8ded85b298fde0ec4db51e331db9  output/bitcoin-d98f4593cf00-riscv64-linux-gnu.tar.gz
bb706b9f2c0e848cc5cc3d144df3861089fd8ff3df04184c72566601dcfdc67f  output/bitcoin-d98f4593cf00-win-unsigned.tar.gz
f408c16cee7137d613987286eca4ee06ad2f00ccc3c3259a6ab5f05c5cbdab2c  output/bitcoin-d98f4593cf00-win64-debug.zip
a5fd9b567dfa8cdb6983cc67fe6951ca2976b74fad5916382ddf9bca453f6a5f  output/bitcoin-d98f4593cf00-win64-setup-unsigned.exe
4613fbf9865612446f02bb9aa546b0d52c3a5cbf27103509c6495dad1c382fc2  output/bitcoin-d98f4593cf00-win64.zip
475843d96e11587a8e823ca5a812e0d3f8d2dcaf1c50d2014441169098c8ff85  output/bitcoin-d98f4593cf00-x86_64-linux-gnu-debug.tar.gz
0667938f75e041fc3c67f64baf8742679b10a077c722e98a17f36ffaa2495439  output/bitcoin-d98f4593cf00-x86_64-linux-gnu.tar.gz
70d50053f975108a568d2639c1c53eaa1ed878ceec141e0e4b9d11332ddd6664  output/src/bitcoin-d98f4593cf00.tar.gz

@laanwj
Copy link
Member

laanwj commented Feb 24, 2021
edited
Loading

ACK d98f459
Will do build.

fanquake
fanquake approved these changes Feb 25, 2021
View reviewed changes
Copy link
Member

@fanquake fanquake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK d98f459 - I'm seeing matching hashes.

bash-5.1# find output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
85456d11b6ac569cdd4fa6f14ebcdb3e27f68ecc7d324db9a7446ba0ef180dd6  output/bitcoin-d98f4593cf00-aarch64-linux-gnu-debug.tar.gz
5a16a4f246354d2684fbb73dd2f4c11a9a845f8b623889d8a073c9bc51f46792  output/bitcoin-d98f4593cf00-aarch64-linux-gnu.tar.gz
f9a59fd243433c9d107a21da4a73be2887bf3ddd5216fc5435f3df241ac320e0  output/bitcoin-d98f4593cf00-arm-linux-gnueabihf-debug.tar.gz
4ca30765073ca100d2974d57828210746e52a1e824a3e13c5ae0f33098a99b13  output/bitcoin-d98f4593cf00-arm-linux-gnueabihf.tar.gz
60420a4783a18346a0eef28b75bebebc7bb196767d8a9e8316340412959af718  output/bitcoin-d98f4593cf00-osx-unsigned.dmg
00b6d982ca1f4a6308b81c43c5519b14e58c3d23b075598ca1639a502e63f8c6  output/bitcoin-d98f4593cf00-osx-unsigned.tar.gz
43fc2af0abc05424f4dca60c0ab0951b00ddee4b253e0ecf44b37918d277f0e1  output/bitcoin-d98f4593cf00-osx64.tar.gz
6638a23e61f109a3c50ca824d500998a4b82b0804bfe62c239fe2df558b1e9c4  output/bitcoin-d98f4593cf00-powerpc64-linux-gnu-debug.tar.gz
f4d7ca154310bc4835c0612b2793489272c640c367632a2ea36b326fc64db2a2  output/bitcoin-d98f4593cf00-powerpc64-linux-gnu.tar.gz
ed1efef033ce35acac431d10fc39739a5babadf4049bda1e26ca6df2678c8c43  output/bitcoin-d98f4593cf00-powerpc64le-linux-gnu-debug.tar.gz
9c34ed771f990491ee911a82b9863252676a30582482be6e482fd0dbfaec9bde  output/bitcoin-d98f4593cf00-powerpc64le-linux-gnu.tar.gz
400350afdcf659c0ef11ce9902db5ef0eaae0228f3e6f17b51d3ed29e24e40d6  output/bitcoin-d98f4593cf00-riscv64-linux-gnu-debug.tar.gz
c5e2c126f34ea4fb942cae6017009aeba72e8ded85b298fde0ec4db51e331db9  output/bitcoin-d98f4593cf00-riscv64-linux-gnu.tar.gz
bb706b9f2c0e848cc5cc3d144df3861089fd8ff3df04184c72566601dcfdc67f  output/bitcoin-d98f4593cf00-win-unsigned.tar.gz
f408c16cee7137d613987286eca4ee06ad2f00ccc3c3259a6ab5f05c5cbdab2c  output/bitcoin-d98f4593cf00-win64-debug.zip
a5fd9b567dfa8cdb6983cc67fe6951ca2976b74fad5916382ddf9bca453f6a5f  output/bitcoin-d98f4593cf00-win64-setup-unsigned.exe
4613fbf9865612446f02bb9aa546b0d52c3a5cbf27103509c6495dad1c382fc2  output/bitcoin-d98f4593cf00-win64.zip
475843d96e11587a8e823ca5a812e0d3f8d2dcaf1c50d2014441169098c8ff85  output/bitcoin-d98f4593cf00-x86_64-linux-gnu-debug.tar.gz
0667938f75e041fc3c67f64baf8742679b10a077c722e98a17f36ffaa2495439  output/bitcoin-d98f4593cf00-x86_64-linux-gnu.tar.gz
70d50053f975108a568d2639c1c53eaa1ed878ceec141e0e4b9d11332ddd6664  output/src/bitcoin-d98f4593cf00.tar.gz

@fanquake fanquake merged commit 56f06a9 into bitcoin:master Feb 25, 2021
@DrahtBot
Copy link
Contributor

Guix builds

File commit c263c3d
(master)		 commit dda4ecb
(master and this pull)
*-aarch64-linux-gnu-debug.tar.gz f70493c5704d6edd... cbb12995bd920503...
*-aarch64-linux-gnu.tar.gz 2e2078290084bf4a... 8a56293e9649cd03...
*-arm-linux-gnueabihf-debug.tar.gz aa58ae15ed23e2dd... 61ec33201a110d0a...
*-arm-linux-gnueabihf.tar.gz d84cb6002bdf9630... 8e8c9c98f334033d...
*-osx-unsigned.dmg 15a9d0887a08363a... 801796a43dc2df7f...
*-osx-unsigned.tar.gz 11407e6335944da9... a24840b3763ee956...
*-osx64.tar.gz e50ac7e302d3e146... 809fd44e61aa44e5...
*-powerpc64-linux-gnu-debug.tar.gz f354ceeb911fc12a... 8b1ff7e1b84a2a21...
*-powerpc64-linux-gnu.tar.gz c51b5dcac01b08a5... ecd31b3784391925...
*-powerpc64le-linux-gnu-debug.tar.gz f481a004f8be01a5... 7463d2b538881f48...
*-powerpc64le-linux-gnu.tar.gz bfa3d432d2fd1c3a... df81e9ffeb9a6ef6...
*-riscv64-linux-gnu-debug.tar.gz b68485350917cb71... 6422e035490ff7b7...
*-riscv64-linux-gnu.tar.gz 654fa174d372c41c... c0d809ea3ab93dac...
*-win-unsigned.tar.gz 462e0fb4e0b6fce0... 0425af2a00c74580...
*-win64-debug.zip d034f61b738f2a7d... 6ceff7c92883ad0b...
*-win64-setup-unsigned.exe 1723f242fc4ba7e2... 0f81d8bd93af9f98...
*-win64.zip 20b8721864cc2800... 31145b5dc306ec2a...
*-x86_64-linux-gnu-debug.tar.gz b0a08fe448036636... 653d8f53831d1bbe...
*-x86_64-linux-gnu.tar.gz ad323f3642d34a88... 3a261ad85ad99f6f...
*.tar.gz db23011c10e3d6b3... 8e687985e8473cf1...
guix_build.log c034b83840e96f19... 6a38f1cb3593c233...
guix_build.log.diff 97dc72b3507359fa...

sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Feb 25, 2021
@fanquake
Merge bitcoin#21271: guix: Explicitly set umask in build container
cace0de 
d98f459 guix: Explicitly set umask in build container (Carl Dong)

Pull request description:

  Opened as a separate PR to fix non-reproducibility found through testing here: bitcoin#21089 (comment)

  Many thanks to everyone who helped find this!

ACKs for top commit:
  laanwj:
    ACK d98f459
  fanquake:
    ACK d98f459 - I'm seeing matching hashes.

Tree-SHA512: ea339c3902f2f4dea32e8ef5cc675a1df0679530881260ae999aaaf7339d5b12c46e01e58677cbb079f33e573ad105e2b443a835f3e944ef8e943a25f83027f1
@laanwj
Copy link
Member

laanwj commented Feb 25, 2021

Same output as @fanquake and @dongcarl

85456d11b6ac569cdd4fa6f14ebcdb3e27f68ecc7d324db9a7446ba0ef180dd6  output/bitcoin-d98f4593cf00-aarch64-linux-gnu-debug.tar.gz
5a16a4f246354d2684fbb73dd2f4c11a9a845f8b623889d8a073c9bc51f46792  output/bitcoin-d98f4593cf00-aarch64-linux-gnu.tar.gz
f9a59fd243433c9d107a21da4a73be2887bf3ddd5216fc5435f3df241ac320e0  output/bitcoin-d98f4593cf00-arm-linux-gnueabihf-debug.tar.gz
4ca30765073ca100d2974d57828210746e52a1e824a3e13c5ae0f33098a99b13  output/bitcoin-d98f4593cf00-arm-linux-gnueabihf.tar.gz
60420a4783a18346a0eef28b75bebebc7bb196767d8a9e8316340412959af718  output/bitcoin-d98f4593cf00-osx-unsigned.dmg
00b6d982ca1f4a6308b81c43c5519b14e58c3d23b075598ca1639a502e63f8c6  output/bitcoin-d98f4593cf00-osx-unsigned.tar.gz
43fc2af0abc05424f4dca60c0ab0951b00ddee4b253e0ecf44b37918d277f0e1  output/bitcoin-d98f4593cf00-osx64.tar.gz
6638a23e61f109a3c50ca824d500998a4b82b0804bfe62c239fe2df558b1e9c4  output/bitcoin-d98f4593cf00-powerpc64-linux-gnu-debug.tar.gz
f4d7ca154310bc4835c0612b2793489272c640c367632a2ea36b326fc64db2a2  output/bitcoin-d98f4593cf00-powerpc64-linux-gnu.tar.gz
ed1efef033ce35acac431d10fc39739a5babadf4049bda1e26ca6df2678c8c43  output/bitcoin-d98f4593cf00-powerpc64le-linux-gnu-debug.tar.gz
9c34ed771f990491ee911a82b9863252676a30582482be6e482fd0dbfaec9bde  output/bitcoin-d98f4593cf00-powerpc64le-linux-gnu.tar.gz
400350afdcf659c0ef11ce9902db5ef0eaae0228f3e6f17b51d3ed29e24e40d6  output/bitcoin-d98f4593cf00-riscv64-linux-gnu-debug.tar.gz
c5e2c126f34ea4fb942cae6017009aeba72e8ded85b298fde0ec4db51e331db9  output/bitcoin-d98f4593cf00-riscv64-linux-gnu.tar.gz
bb706b9f2c0e848cc5cc3d144df3861089fd8ff3df04184c72566601dcfdc67f  output/bitcoin-d98f4593cf00-win-unsigned.tar.gz
f408c16cee7137d613987286eca4ee06ad2f00ccc3c3259a6ab5f05c5cbdab2c  output/bitcoin-d98f4593cf00-win64-debug.zip
a5fd9b567dfa8cdb6983cc67fe6951ca2976b74fad5916382ddf9bca453f6a5f  output/bitcoin-d98f4593cf00-win64-setup-unsigned.exe
4613fbf9865612446f02bb9aa546b0d52c3a5cbf27103509c6495dad1c382fc2  output/bitcoin-d98f4593cf00-win64.zip
475843d96e11587a8e823ca5a812e0d3f8d2dcaf1c50d2014441169098c8ff85  output/bitcoin-d98f4593cf00-x86_64-linux-gnu-debug.tar.gz
0667938f75e041fc3c67f64baf8742679b10a077c722e98a17f36ffaa2495439  output/bitcoin-d98f4593cf00-x86_64-linux-gnu.tar.gz
70d50053f975108a568d2639c1c53eaa1ed878ceec141e0e4b9d11332ddd6664  output/src/bitcoin-d98f4593cf00.tar.gz

@bitcoin bitcoin locked as resolved and limited conversation to collaborators Aug 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@laanwj laanwj laanwj left review comments

@fanquake fanquake fanquake approved these changes

Assignees
No one assigned
Labels
Scripts and tools
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dongcarl @sipa @fanquake @laanwj @DrahtBot @maflcko