gcc10: build is not deterministic

[raboof]

Describe the bug

Building gcc twice does not necessarily result in the exact same binary. This makes auditing harder. For more information see https://reproducible-builds.org .

This is a particularly interesting case because gcc-10.2.0 is part of the build closure of nixos.iso_minimal, which we use as a milestone (https://r13y.com, https://arnout.engelen.eu/nixos-r13y/report/)

[raboof]

To reproduce:

export GCC10WRAPPED=$(nix-instantiate '<nixpkgs>' -A gcc10)
export GCC10=/$(nix-store -q --tree $GCC10WRAPPED | grep gcc-10.2.0.drv | cut -d "/" -f 2- | grep "\.\.\." | sort | uniq | cut -d " " -f 1)
nix-build $GCC10 --check --keep-failed

[raboof]

When I run that twice on my machine, however, it produces the same output each time - so perhaps some characteristic of the build machine leaking through?

[baloo]

#445 introduced the "profiledCompiler" flag for gcc.
This enabled the profiledbootstrap stage described here: https://gcc.gnu.org/install/build.html#Building-with-profile-feedback

#445 last comments are quite explicit about determinism vs performance.

[baloo]

Used two machines:

• AMD Ryzen 7 2700
  kernel 5.10.15
  hostname vic
• Intel(R) Core(TM) i5-7200U
  kernel 5.8.8
  hostname khany

With this applied:

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index bef22c21e98..3b1d569c16e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -9870,7 +9870,7 @@ in
     inherit noSysDirs;

     # PGO seems to speed up compilation by gcc by ~10%, see #445 discussion
-    profiledCompiler = with stdenv; (!isDarwin && (isi686 || isx86_64));
+    profiledCompiler = with stdenv; (!isDarwin && (isi686 || isx86_64) && false);

     enableLTO = !stdenv.isi686;

Ran the build on both.

--check works (on the ryzen machine):

$ nix-build /nix/store/s38g8pp7fwfca25h1r44sx9vzgi0pjr9-gcc-10.2.0.drv --check --keep-failed
$ echo $?
0

After building on two different machines, got twice the same result:

[baloo@vic:~]$ nix-store --export /nix/store/4ivj91llaggp50pf19wwifjy4xzcpjr1-gcc-10.2.0 | md5sum -
ae2f324fc62893aa954741e75cb27051  -
[baloo@khany:~]$ nix-store --export /nix/store/4ivj91llaggp50pf19wwifjy4xzcpjr1-gcc-10.2.0 | md5sum -
ae2f324fc62893aa954741e75cb27051  -

Admittedly, the patch is blunt and need to be refined, but could it just be the profiledbootstrap?

[tomberek]

[tom@tom:~/nixpkgs]$ nix-store --export /nix/store/4ivj91llaggp50pf19wwifjy4xzcpjr1-gcc-10.2.0 | md5sum -
ae2f324fc62893aa954741e75cb27051  -

yay?

[raboof]

ack on a Dell XPS15 (on 29a15e2 plus that change):

nix-store --export /nix/store/4ivj91llaggp50pf19wwifjy4xzcpjr1-gcc-10.2.0 | md5sum -
ae2f324fc62893aa954741e75cb27051  -

[stale]

I marked this as stale due to inactivity. → More info

[raboof]

#112928 has since been merged