Hi Nixers, This is what I have achieved so far:
Regular c(++) libs/apps mostly had impurities due to timestamps in static libraries and man pages. Both have been largerly eliminated if you override stdenv = deterministicStdenv for the specific package. Tested with ncurses and geoip. Python packages had troubles with timestamps inside pyc files. I have patched python to put zero timestamps instead if DETERMINISTIC_BUILD env var is set. I have patched 2 pieces of code either of which can be used to compile pyc files. Tested with argparse. I think I saw a package which has nevertheless managed to inject the timestamps, so maybe there's a 3rd way of compiling which also needs patching. Ruby gems had these impurities: * documentation generators (rdoc and ri) left something like a log or cache file with timestamps, the files are now deleted. * the default documentation template contained an item for generation datetime which was removed. * building a gem with native bindings generated a log which is wiped if the build succeeds. Probably should rework this to provide vanilla ruby functionality unless DETERMINISTIC_BUILD is set and maybe unset this var if NIX_DEBUG is set? Perl doesn't seem to have any systematic source of impurities. Ocaml seems to only have troubles due to timestamps in static libs so deterministicStdenv should solve it. Haskell is hopeless: http://hackage.haskell.org/trac/ghc/ticket/4012 Although it's quite possible that we can still figure out the source of ghc entropy and deal with it. Unstripped binaries: may be contaminated by "build-id". Can be avoided either by passing ld --build-id=none param or careful stripping. Needs testing. Luckily this is a very small subset of packages. Next steps: * actually rebuild the whole system using deterministicStdenv * try to make nixos system tarball or minimal iso bit-perfect. _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev