Re: [Nix-dev] nix.buildCores and determinism
And because the hash does not represent the content, but the intended content, it is very important for the build to be reproducible. This means that the build must be deterministic, and stripped from information such as the host name, time of build and such. Sadly, many parallel builds are not deterministic, and parallelism must be disabled to achieve reproducible builds. If the builds are not reproducible, then there is no way you can confirm that the binary substitute is correct, and you must blindly trust the binary cache and the hydra builds. For more details, see https://reproducible-builds.org/. Regards, Guillaume, aka Layus. Le 13/10/16 à 16:35, Peter Simons a écrit : > Hi Zimbatm, > > > I think there is a misunderstanding, the hash of the package > > derivation depends on the build output. > > the $out hash for a given package is computed over the build command > that generates that store path. Build inputs required for the process > play into that hash because the build script is going to mention their > store paths somewhere (i.e. when setting up $PATH, etc.), but the > *contents* of any of those store paths don't affect the hash. > > Unless, of course, when we're talking about fixed output derivations > like 'fetchurl', but these are somewhat special and suitable mostly for > downloading source code, not so much for building things. > > Best regards, > Peter > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] nix.buildCores and determinism
Hi Zimbatm, > I think there is a misunderstanding, the hash of the package > derivation depends on the build output. the $out hash for a given package is computed over the build command that generates that store path. Build inputs required for the process play into that hash because the build script is going to mention their store paths somewhere (i.e. when setting up $PATH, etc.), but the *contents* of any of those store paths don't affect the hash. Unless, of course, when we're talking about fixed output derivations like 'fetchurl', but these are somewhat special and suitable mostly for downloading source code, not so much for building things. Best regards, Peter ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] nix.buildCores and determinism
I think there is a misunderstanding, the hash of the package derivation depends on the build output. We assume it's always the same which allow us to look it up based on the input hash but it's not always true. For example if the build adds the current time to the build output it will not always be the same. On Tue, 11 Oct 2016, 02:48 Domen Kožar,wrote: > You're running the build system in parallel. For example Makefiles, they > are not pure and thus builds can fail due to race conditions. > We have quite a few disabled for that reason and also that's why you have > to explicitly enable parallel building. > > On Tue, Oct 11, 2016 at 1:56 AM, Ruben Astudillo > wrote: > > On reading `nixos-option nix.buildCores`, it says that this option can > affect the determinism of the build. I don't understand how is important > as the hash of the package depends on the default.nix file, not the > build process. What does it mean to be non-deterministic in this case? > > -- Ruben Astudillo > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] nix.buildCores and determinism
You're running the build system in parallel. For example Makefiles, they are not pure and thus builds can fail due to race conditions. We have quite a few disabled for that reason and also that's why you have to explicitly enable parallel building. On Tue, Oct 11, 2016 at 1:56 AM, Ruben Astudillowrote: > On reading `nixos-option nix.buildCores`, it says that this option can > affect the determinism of the build. I don't understand how is important > as the hash of the package depends on the default.nix file, not the > build process. What does it mean to be non-deterministic in this case? > > -- Ruben Astudillo > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] nix.buildCores and determinism
On reading `nixos-option nix.buildCores`, it says that this option can affect the determinism of the build. I don't understand how is important as the hash of the package depends on the default.nix file, not the build process. What does it mean to be non-deterministic in this case? -- Ruben Astudillo ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev