[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Deterministic builds for Qubes OS -- the shortcut?
From:       HW42 <hw42 () ipsumj ! de>
Date:       2015-12-27 22:54:06
Message-ID: 56806C0E.4050004 () ipsumj ! de
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Manuel Amador (Rudd-O):
> On 12/25/2015 11:03 AM, HW42 wrote:
> > 
> > 
> > I don't think NixOS makes reproducible build much easier. They have the
> > same problem with timestamps, etc. as any distro. 
> 
> They actually do not.  Their build and package tools explicitly tackle
> this problem.

They also have the problem with timestamps etc. On the one hand one of
the NixOS developers said so in a personal conversation. You can also
convince your self. For example download the last build [0] of
erlang-18.0 and grep the package:

bzcat c0dyawpsa80ja2w91fcjkz075whw0rmx-erlang-18.0 | strings | grep -a '^%% script \
generated'

You see that the build time is included.

[0]: https://hydra.nixos.org/job/nixos/release-15.09/nixpkgs.erlang.x86_64-linux

> > 
> > You also need to consider other things when choosing an OS. For example
> > the last time when I checked NixOS (for another problem, and ca. 1.5
> > years ago so might be no longer correct) it had problems with timely
> > security updates.
> 
> I'm using the latest NixOS.  They seem to have updated fine.  I'd like
> to see more evidence of this particular point, though.
> 
> > 
> > The only point where I think NixOS (and Guix [1] even more) has
> > significant advantages in regards to reproducible builds is automatic
> > complete boostraping of the whole distro.
> 
> This is a huge time saver.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWgGwOAAoJEOSsySeKZGgW6+gP/2KHSQgEikLVmXuWmFdY98w9
cMOlyaNpGY2qVT0g2frm2x3umzxxU47rmtM7a7WlBIa8fQa0DqE3575/Pzl8A3+Y
T7mJPoYsNrahQ10HQbu8V5HnN1obrnQ7YEJxr8ex+hPxJ7vI4UD0yTDnX28BReb/
pYS1Ay7qYSEURbKHCkIY6Mh7kvK/i992MuQ1eKEUclQm0Cmd3vcsizIxx+Bw/zt4
WANWcHqq92BbYr2dk6B2V4tW8U2t8CWlKsOOjHxhtlO1zhZ/eoIWsov8FyK8upuH
DwCEu6bN67FPH/BkZyDpGCFR+iE3FwjXbwhOir/Ho/DYqFOyF8VB1FQy1fevZYkf
xh7ZEZiGS0oc5j6MgnYd8UjDcHJDrOnz3DPpw+uObZFf1Znv2aTMc7EN9eh59LGp
vKqrHYFDH5aP8Pucu8cYeGVgOn9WzvOKrmh5b0tJO6Xjk8lRAJQSCZ86wyxc47l9
wEnhQcXU0Bebul12qEIq2JxptqAoN+Mn1NtcOS1ojCemsNGkueZTOVQN2gARkd+b
DJn1QZehLBHafn9wjvhvg9/LaHNMN2jam8xdPLjjpGS2RboT+RVZl1TimTkJCIEJ
HPrJJJtotlzTkKVFEcBYgeTaiRMN0+S2/KMfw7ELj6UqKu/RtfiruefN5PJLgsNy
lIoZkMV4jobhYviEFTw0
=yvdf
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/56806C0E.4050004%40ipsumj.de. For more \
options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]