diff --git a/.github/ISSUE_TEMPLATE/10_unreproducible_package.yml b/.github/ISSUE_TEMPLATE/10_unreproducible_package.yml new file mode 100644 index 0000000000000..4c22b9eb33c78 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/10_unreproducible_package.yml @@ -0,0 +1,172 @@ +name: "Unreproducible Package" +description: "Report a package that does not produce a bit-by-bit reproducible result each time it is built." +title: "Unreproducible Package: PACKAGENAME" +labels: ["0.kind: enhancement", "6.topic: reproducible builds"] +body: + - type: "markdown" + attributes: + value: | +

+ + + + + NixOS logo + + +

+ + Welcome to Nixpkgs. Please replace the **`Unreproducible Package: PACKAGENAME`** template above with the correct package name (As seen in the [NixOS Package Search](https://search.nixos.org/packages)). + + > [!NOTE] + > This form is for reporting unreproducible packages. For more information, see the [Reproducible Builds Status](https://reproducible.nixos.org/) page. + > To report a package that fails to build entirely, please use the "Build Failure" form instead. + + --- + - type: "dropdown" + id: "version" + attributes: + label: "Nixpkgs Version" + description: | + What version of Nixpkgs are you using? + + > [!IMPORTANT] + > If you are using an older or stable version, please update to the latest **unstable** version and check if the package is still unreproducible before continuing this report. + options: + - "Please select a version." + - "- Unstable (25.05)" + - "- Stable (24.11)" + - "- Previous Stable (24.05)" + default: 0 + validations: + required: true + - type: "textarea" + id: "introduction" + attributes: + label: "Introduction" + description: | + This is a generic introduction to build reproducibility. + Please replace **PACKAGENAME** below with the canonical package name of the package, as you have done for the title above. + value: | + Building **PACKAGENAME** multiple times does not yield bit-by-bit identical + results, complicating the detection of Continuous Integration (CI) breaches. For + more information on this issue, visit [reproducible-builds.org](https://reproducible-builds.org/). + + Fixing bit-by-bit reproducibility also has additional advantages, such as + avoiding hard-to-reproduce bugs, making content-addressed storage more effective + and reducing rebuilds in such systems. + validations: + required: true + - type: "textarea" + id: "how-to-reproduce" + attributes: + label: "Steps to reproduce" + description: | + This is a step-by-step instruction set meant for maintainers to debug the package that is failing to reproduce. You should also follow it to gather the `diffoscope` logs that will be needed below. + Please replace **PACKAGENAME** below with the canonical package name of the package, as you have done for the introduction and the title above. + value: | + ### 1. Build the package + + This step will build the package. Specific arguments are passed to the command + to keep the build artifacts so we can compare them in case of differences. + + Execute the following command: + + ``` + nix-build '' -A PACKAGENAME && nix-build '' -A PACKAGENAME --check --keep-failed + ``` + + Or using the new command line style: + + ``` + nix build nixpkgs#PACKAGENAME && nix build nixpkgs#PACKAGENAME --rebuild --keep-failed + ``` + + ### 2. Compare the build artifacts + + If the previous command completes successfully, no differences were found and + there's nothing to do, builds are reproducible. + If it terminates with the error message `error: derivation '' may not be + deterministic: output '' differs from ''`, use `diffoscope` to investigate + the discrepancies between the two build outputs. You may need to add the + `--exclude-directory-metadata recursive` option to ignore files and directories + metadata (*e.g. timestamp*) differences. + + ``` + nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive + ``` + + ### 3. Examine the build log + + To examine the build log, use: + + ``` + nix-store --read-log $(nix-instantiate '' -A PACKAGENAME) + ``` + + Or with the new command line style: + + ``` + nix log $(nix path-info --derivation nixpkgs#PACKAGENAME) + ``` + validations: + required: true + - type: "textarea" + id: "logs" + attributes: + label: "Diffoscope log" + description: | + Please copy and paste the relevant `diffoscope` log output, gathered from the steps above. + This will be automatically formatted into a `diff`, so no need for backticks. + render: "diff" + validations: + required: true + - type: "textarea" + id: "additional-context" + attributes: + label: "Additional context" + description: "Add any other context about the problem here." + validations: + required: false + - type: "textarea" + id: "maintainers" + attributes: + label: "Notify maintainers" + description: | + Please mention the people who are in the **Maintainers** list of the offending package. This is done by by searching for the package on the [NixOS Package Search](https://search.nixos.org/packages) and mentioning the people listed under **Maintainers** by prefixing their GitHub usernames with an '@' character. Please add the mentions above the `---` characters in the template below. + value: | + + --- + + **Note for maintainers:** Please tag this issue in your pull request description. (i.e. `Resolves #ISSUE`.) + validations: + required: false + - type: "checkboxes" + id: "sanity-check" + attributes: + label: "I assert that this issue is relevant for Nixpkgs" + options: + - label: "I assert that this is not a [duplicate of any known issue](https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aissue+label%3A%226.topic%3A+reproducible+builds%22)." + required: true + - label: "I assert that I have read the [NixOS Code of Conduct](https://github.com/NixOS/.github/blob/master/CODE_OF_CONDUCT.md) and agree to abide by it." + required: true + - type: "markdown" + attributes: + value: | + # Thank you for helping improve Nixpkgs! + + --- + - type: "textarea" + id: "prioritisation" + attributes: + label: "Is this issue important to you?" + description: | + **Please do not modify this text area!** + + This template helps Nixpkgs developers know which issues should be prioritised by allowing users to vote with a :+1: reaction. + This is not a guarantee that highly-requested issues will be fixed first, but it helps us to figure out what's important to users. Please react on other users' issues if you find them important. + value: | + Add a :+1: [reaction] to [issues you find important]. + + [reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ + [issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc diff --git a/.github/ISSUE_TEMPLATE/unreproducible_package.md b/.github/ISSUE_TEMPLATE/unreproducible_package.md deleted file mode 100644 index 83b672be31b33..0000000000000 --- a/.github/ISSUE_TEMPLATE/unreproducible_package.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -name: Unreproducible package -about: A package that does not produce a bit-by-bit reproducible result each time it is built -title: '' -labels: [ '0.kind: enhancement', '6.topic: reproducible builds' ] -assignees: '' - ---- - - - -Building this package multiple times does not yield bit-by-bit identical -results, complicating the detection of Continuous Integration (CI) breaches. For -more information on this issue, visit -[reproducible-builds.org](https://reproducible-builds.org/). - -Fixing bit-by-bit reproducibility also has additional advantages, such as -avoiding hard-to-reproduce bugs, making content-addressed storage more effective -and reducing rebuilds in such systems. - -## Steps To Reproduce - -In the following steps, replace `` with the canonical name of the -package. - -### 1. Build the package - -This step will build the package. Specific arguments are passed to the command -to keep the build artifacts so we can compare them in case of differences. - -Execute the following command: - -``` -nix-build '' -A && nix-build '' -A --check --keep-failed -``` - -Or using the new command line style: - -``` -nix build nixpkgs# && nix build nixpkgs# --rebuild --keep-failed -``` - -### 2. Compare the build artifacts - -If the previous command completes successfully, no differences were found and -there's nothing to do, builds are reproducible. -If it terminates with the error message `error: derivation '' may not be -deterministic: output '' differs from ''`, use `diffoscope` to investigate -the discrepancies between the two build outputs. You may need to add the -`--exclude-directory-metadata recursive` option to ignore files and directories -metadata (*e.g. timestamp*) differences. - -``` -nix run nixpkgs#diffoscopeMinimal -- --exclude-directory-metadata recursive -``` - -### 3. Examine the build log - -To examine the build log, use: - -``` -nix-store --read-log $(nix-instantiate '' -A ) -``` - -Or with the new command line style: - -``` -nix log $(nix path-info --derivation nixpkgs#) -``` - -## Additional context - -(please share the relevant fragment of the diffoscope output here, and any additional analysis you may have done) - -## Notify maintainers - - - ---- - -Note for maintainers: Please tag this issue in your PR. - ---- - -Add a :+1: [reaction] to [issues you find important]. - -[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ -[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc