gegl: dev output leaks thread count and build timestamp

[raboof]

Building this package twice does not produce the bit-by-bit identical result each time, making it harder to detect CI breaches. You can read more about this at https://reproducible-builds.org/ .

Fixing bit-by-bit reproducibility also has additional advantages, such as avoiding hard-to-reproduce bugs, making content-addressed storage more effective and reducing rebuilds in such systems.

Steps To Reproduce

nix-build '<nixpkgs>' -A gegl.dev --check --keep-failed

You can use diffoscope to analyze the differences in the output of the two builds.

To view the build log of the build that produced the artifact in the binary cache:

nix-store --read-log $(nix-instantiate '<nixpkgs>' -A gegl)

Additional context

https://reproducible.nixos.org/nixos-iso-gnome-runtime/diff/772365d091bf360014e12d75ccec1356f69d324132a54164d35a6236e3a3efa9-535322532b56cd5259c9a401fdc672857575fe9eb4a8ce8cb7008edf8aeee0c5.html

[YorikSar]

Found upstream issue: https://gitlab.gnome.org/GNOME/gegl/-/issues/337