diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-02-18T00·01+0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-02-18T00·01+0100 |
commit | 1aa19b24b27c6bbf4d46cdd7f6d06b534dd67c19 (patch) | |
tree | c406737fe705ef010f7efb555c6b319b1c984754 /release.nix | |
parent | 4ec626a286afd4a9596357fc6d36aaf8bc07442a (diff) |
Add a flag ‘--check’ to verify build determinism
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.
Diffstat (limited to 'release.nix')
0 files changed, 0 insertions, 0 deletions