I have couple of questions regarding reproducibility by calling build tools manually under
nix develop vs. using derivations.
I can use my system tools (IDE, git etc.) together with the specified packages in flake.nix.
I have been manually calling
cmake', scons` etc. inside this nix environment.
Since the compilation steps/binaries are not specified as outputs/derivations to flake.nix I assume the final binaries are not reproducible, right?
- Can they become reproducible if
ignore-environment is passed?
If the build operations specified as a derivation then can I assume it is %100 reproducible?
cmake', scons` etc.
OK, after doing some experiments I can say that it is definitely not reproducible. But, I can’t create a counter example when I pass
Hence, I still think if I pass it and project compiles it is a reproducible build. I am getting the same binaries for fairly complex project which use C++, CUDA and python.
operations specified as a derivation … is %100 reproducible?
I can’t create a counter example for this one too. So, I will keep assuming it is also true.
A counter example is accessing local files in other directories that are not tracked when compiling manually. So, it is not reproducible.
nix’ point of view, no build happened, as
nix doesn’t see what you do in the dev shell, be it with or without
--ignore-environment. Doing nothing is reproducible, by, well, doing nothing.
Jokes aside, to know whether the build is reproducible, we need to first know what kind of reproducibility you are after, and what exactly you did since the last build, as the content of your folder is already subject to changes, even if its just keeping artifacts from previous builds.
So your inputs already changed, and your build will do different things (not reproducible) but lead to the same outcome (assuming you simply kept the artifacts from last build, and the build system is smart).
Though there play a lot of things into this, like what tools are you using to build, does something in the build do random things, like checking current time, randomize some “serial number” into the build, etc…
And even when build through nix, we have not yet achieved true bit-by-bit reproducibility for everything. There are still more than enough builds that create random time stamped files, random strings in the artifact, etc.
Nix is a framework that helps you to achieve reproducibility, but it can by no way guarantee it, even though it tries to forbid some commonly known pitfalls.