@Profpatsch , @lewo, @edolstra and me went to the summit this week. It was a lot of fun. We met with people from all sorts of distros; Debian, OpenSuse, Arch Linux, Alpine, and obviously Guix. Members of IPFS, QubeOS, Ocaml and Microsoft(?) were also present. We were ~50+ people total.
Some highlights from my side:
Everyone intuitively knows why reproducible builds are important but it’s actually quite hard to explain why. I still don’t have an answer that is easy to explain.
The Guix team is working on bootstrapping GCC from a few bytes of binary, to a minimal scheme interpreter, TCC, an old version of GCC -> until the latest GCC. And happy to share their results with other distros. @edolstra was taking a look at it.
Did you know that
nix-build has a
--check flat? It builds the derivations twice and tells you if the output differs. And Hydra also supports that feature but it’s undocumented.
Ruby gems that contain C extensions are not bit-reproducible as they contain logs. @lewo was looking into this.
The only thing I implemented in the end had nothing to do with reproducible builds. Inspired by Guix, Nix will have nicer hash mismatch messages in the next release: https://github.com/NixOS/nix/commit/5e6fa9092fb5be722f3568c687524416bc746423
Please add anything I forgot or didn’t pay attention to