diff options
Diffstat (limited to 'users/wpcarro/website/blog/content/english/lets-learn-nix-determinism-vs-reproducibility.md')
| -rw-r--r-- | users/wpcarro/website/blog/content/english/lets-learn-nix-determinism-vs-reproducibility.md | 121 |
1 files changed, 0 insertions, 121 deletions
diff --git a/users/wpcarro/website/blog/content/english/lets-learn-nix-determinism-vs-reproducibility.md b/users/wpcarro/website/blog/content/english/lets-learn-nix-determinism-vs-reproducibility.md deleted file mode 100644 index 2e12a6b06fcc..000000000000 --- a/users/wpcarro/website/blog/content/english/lets-learn-nix-determinism-vs-reproducibility.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -title: "Lets Learn Nix: Reproducibility" -date: 2020-03-17T12:06:47Z -draft: true ---- - -I am dedicating this page to defining and disambiguating some terminology. I -think it is important to use these terms precisely, so it may be worthwhile to -memorize these definitions and ensure that you are clarifying the discourse -rather than muddying it. - -## Terms - -- repeatable build: -- reproducible build: -- deterministic build: -- pure function: -- impure function: -- idempotent function: - -TODO(wpcarro): Consistently and deliberately use reproducible and -deterministic. - -## Repeatable vs. Reproducible - -Is NixOS reproducible? Visit [@grhmc][who-grhmc]'s website, -[r13y.com](https://r13y.com), to find out. - -At the time of this writing, 1519 of 1568 (i.e. 96.9%) of the paths in the -`nixos.iso_minimal.x86_64-linux` installation image are reproducible. - -## What hinders reproducibility? - -Timestamps. - -If package A encodes a timestamp into its build artifact, then we can -demonstrate that package A is *not reproducible* simply by building it at two -different times and doing a byte-for-byte comparison of the build artifacts. - -## Does Nix protect developers against non-determinism - -Yes. But not entirely. How? - -## Deterministic Nix derivation - -```nix -{ pkgs ? import <nixpkgs> {}, ... }: - -with pkgs; - -stdenv.mkDerivation { - name = "reproducible"; - phases = [ "buildPhase" ]; - buildPhase = "echo reproducible >$out"; -} -``` - -## Non-deterministic Nix derivation - -We can introduce some non-determinism into our build using the `date` function. - -```nix -# file: /tmp/test.nix -{ pkgs ? import <nixpkgs> {}, ... }: - -with pkgs; - -stdenv.mkDerivation { - name = "non-reproducible"; - phases = [ "buildPhase" ]; - buildPhase = "date >$out"; -} -``` - -Then run... - -```shell -$ nix-build /tmp/test.nix -$ nix-build /tmp/test.nix --check --keep-failed -``` - -## How do you test reproducibility? - -We can use `cmp` to compare files byte-for-byte. The following comparison should -fail: - -```shell -$ echo foo >/tmp/a -$ echo bar >/tmp/b -$ cmp --silent /tmp/{a,b} -$ echo $? -``` - -And the following comparison should succeed: - -```shell -$ echo hello >/tmp/a -$ echo hello >/tmp/b -$ cmp --silent /tmp/{a,b} -$ echo $? -``` - -## Reproducible vs. deterministic - -Reproducible builds *are* deterministic builds and deterministic build - -## Deterministic, Reproducible, Pure, Idempotent, oh my - -- A pure function has no side-effects. - -- An idempotent function can be executed more than once with the same arguments - without altering the side-effects. - -- A deterministic function ensures that - -## Deterministic vs. Reproducible - -I can check if a build is reproducible using [these tools][wtf-repro-tools]. - -[wtf-repro-tools]: https://reproducible-builds.org/tools/ -[who-grhmc]: https://twitter.com/grhmc |