From d8ae5dc8134f7f181d9ece8e68aa2ea1b55cbb44 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Tue, 18 Jan 2022 16:19:55 +0100 Subject: [PATCH 1/4] discount: use deterministic mangling `discount` offers a randomized string mangling function which results in non-deterministic output. This commit disables the randomized mangling in favor of a deterministic approach. `discount` has builtin support for this through the `--debian-glitch` configuration flag. --- pkgs/tools/text/discount/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/tools/text/discount/default.nix b/pkgs/tools/text/discount/default.nix index 805876bd21e2..7f08629da3a6 100644 --- a/pkgs/tools/text/discount/default.nix +++ b/pkgs/tools/text/discount/default.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation rec { "--pkg-config" "--shared" "--with-fenced-code" + # Use deterministic mangling + "--debian-glitch" ]; enableParallelBuilding = true; From 57fd0ad582bc15ca007106853f579824ca9ffb31 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Tue, 18 Jan 2022 16:24:31 +0100 Subject: [PATCH 2/4] discount: fix `install_name` on Darwin --- pkgs/tools/text/discount/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/tools/text/discount/default.nix b/pkgs/tools/text/discount/default.nix index 7f08629da3a6..dd03bcfa6a35 100644 --- a/pkgs/tools/text/discount/default.nix +++ b/pkgs/tools/text/discount/default.nix @@ -33,6 +33,10 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; doCheck = true; + postFixup = lib.optionalString stdenv.isDarwin '' + install_name_tool -id $out/lib/libmarkdown.dylib $out/lib/libmarkdown.dylib + ''; + meta = with lib; { description = "Implementation of Markdown markup language in C"; homepage = "http://www.pell.portland.or.us/~orc/Code/discount/"; From c859908cd68d842b6204d9fe6521e911f57e565e Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Tue, 18 Jan 2022 16:27:04 +0100 Subject: [PATCH 3/4] rubyPackages.rdiscount: use lib from `pkgs.discount` --- .../ruby-modules/gem-config/default.nix | 13 ++++++++++++- .../rdiscount-use-nixpkgs-libmarkdown.patch | 14 ++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/ruby-modules/gem-config/rdiscount-use-nixpkgs-libmarkdown.patch diff --git a/pkgs/development/ruby-modules/gem-config/default.nix b/pkgs/development/ruby-modules/gem-config/default.nix index 64b9d9ca4c22..a3d787ad8e9f 100644 --- a/pkgs/development/ruby-modules/gem-config/default.nix +++ b/pkgs/development/ruby-modules/gem-config/default.nix @@ -26,7 +26,7 @@ , file, libvirt, glib, vips, taglib, libopus, linux-pam, libidn, protobuf, fribidi, harfbuzz , bison, flex, pango, python3, patchelf, binutils, freetds, wrapGAppsHook, atk , bundler, libsass, libexif, libselinux, libsepol, shared-mime-info, libthai, libdatrie -, CoreServices, DarwinTools, cctools, libtool +, CoreServices, DarwinTools, cctools, libtool, discount }@args: let @@ -135,6 +135,17 @@ in hardeningDisable = [ "format" ]; }; + rdiscount = attrs: { + # Use discount from nixpkgs instead of vendored version + dontBuild = false; + buildInputs = [ discount ]; + patches = [ + # Adapted from Debian: + # https://sources.debian.org/data/main/r/ruby-rdiscount/2.1.8-1/debian/patches/01_use-system-libmarkdown.patch + ./rdiscount-use-nixpkgs-libmarkdown.patch + ]; + }; + ethon = attrs: { dontBuild = false; postPatch = '' diff --git a/pkgs/development/ruby-modules/gem-config/rdiscount-use-nixpkgs-libmarkdown.patch b/pkgs/development/ruby-modules/gem-config/rdiscount-use-nixpkgs-libmarkdown.patch new file mode 100644 index 000000000000..3539b80ae374 --- /dev/null +++ b/pkgs/development/ruby-modules/gem-config/rdiscount-use-nixpkgs-libmarkdown.patch @@ -0,0 +1,14 @@ +diff --git a/ext/extconf.rb b/ext/extconf.rb +index 30764cb..b87ac2b 100644 +--- a/ext/extconf.rb ++++ b/ext/extconf.rb +@@ -46,4 +46,9 @@ if /mswin/.match RbConfig::CONFIG['host_os'] + $defs.push("-Dinline=__inline") + end + ++$srcs = %w[ ++ rdiscount.c ++] ++have_library('markdown') ++ + create_makefile('rdiscount') From 4351cfa35c8ddc484289858e07625b9ddb1733a8 Mon Sep 17 00:00:00 2001 From: Vincent Haupert Date: Tue, 18 Jan 2022 16:30:21 +0100 Subject: [PATCH 4/4] ronn: add test for HTML reproducibility --- pkgs/development/tools/ronn/default.nix | 4 ++- .../tools/ronn/test-reproducible-html.nix | 30 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/tools/ronn/test-reproducible-html.nix diff --git a/pkgs/development/tools/ronn/default.nix b/pkgs/development/tools/ronn/default.nix index 3569638b2183..4d06db77a692 100644 --- a/pkgs/development/tools/ronn/default.nix +++ b/pkgs/development/tools/ronn/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, bundlerEnv, bundlerUpdateScript, makeWrapper, groff }: +{ stdenv, lib, bundlerEnv, bundlerUpdateScript, makeWrapper, groff, callPackage }: stdenv.mkDerivation rec { pname = "ronn"; @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { passthru.updateScript = bundlerUpdateScript "ronn"; + passthru.tests.reproducible-html-manpage = callPackage ./test-reproducible-html.nix { }; + meta = with lib; { description = "markdown-based tool for building manpages"; homepage = "https://rtomayko.github.io/ronn/"; diff --git a/pkgs/development/tools/ronn/test-reproducible-html.nix b/pkgs/development/tools/ronn/test-reproducible-html.nix new file mode 100644 index 000000000000..6bc9d6cdbf9f --- /dev/null +++ b/pkgs/development/tools/ronn/test-reproducible-html.nix @@ -0,0 +1,30 @@ +{ runCommand +, diffutils +, ronn +}: +runCommand "ronn-test-reproducible-html" { } '' + set -euo pipefail + + cat > aprog.1.ronn << EOF + aprog + ===== + + ## AUTHORS + + Vincent Haupert + EOF + + # We have to repeat the manpage generation a few times to be confident + # it is in fact reproducible. + for i in {1..20}; do + ${ronn}/bin/ronn --html --pipe aprog.1.ronn > aprog.1.html-1 + ${ronn}/bin/ronn --html --pipe aprog.1.ronn > aprog.1.html-2 + + ${diffutils}/bin/diff -q aprog.1.html-1 aprog.1.html-2 \ + || (printf 'The HTML manpage is not reproducible (round %d)' "$i" && exit 1) + done + + echo 'The HTML manpage appears reproducible' + + mkdir $out +''