Build provenance improvements

[edolstra]

Motivation

• Always record build provenance for built paths, since it contains useful info (such as the build host) even if we don't know where the .drv file came from.

• Add a system field to the build provenance. This makes it possible to see what system type a store path is built for. This information previously wasn't readily available from the Nix database or binary cache. Note: this field is mandatory so it's a breaking change.

Context

Summary by CodeRabbit

• New Features
  • Build provenance now tracks and displays the target system for builds, showing the platform in text output (e.g., "for x86_64-linux") and including it in JSON representations for enhanced build reproducibility visibility.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds system tracking to the BuildProvenance data structure by introducing a new "system" field. The change updates the BuildProvenance constructor signature, JSON serialization/deserialization logic, and all construction sites to include the platform information, while gating the construction behind the Provenance experimental feature flag.

Changes

Cohort / File(s)	Summary
BuildProvenance definition src/libstore/include/nix/store/provenance.hh	Added new system data member of type std::string to BuildProvenance class and updated constructor signature to accept this parameter.
JSON serialization src/libstore/provenance.cc	Updated BuildProvenance::to_json() to emit the system field in JSON output and updated constructor call in Provenance::Register to deserialize system from JSON input.
BuildProvenance construction src/libstore/unix/build/derivation-builder.cc	Updated BuildProvenance construction in DerivationBuilderImpl::registerOutputs() to pass drv.platform as the system parameter and gated construction behind experimentalFeatureSettings.isEnabled(Xp::Provenance).
Display formatting src/nix/provenance.cc	Modified output formatting to include system information in the provenance display, appending "for %s" with the system value.
Documentation and tests src/nix/provenance-show.md, tests/functional/flakes/provenance.sh	Updated example documentation and test expectations to include the new "system" field in provenance JSON and reflect system-specific display output.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Record builder host name in build provenance #341: Also modifies BuildProvenance constructor signature and JSON field handling for the same data structure.
• Add subcommand 'nix provenance show' #340: Related provenance registration changes that interact with the BuildProvenance construction sites being modified.

Suggested reviewers

• cole-h

Poem

🐰 A platform tale now stored with care,
Each build remembers its system pair,
From x86 to ARM, the provenance knows,
Where each derivation builds and flows!

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Build provenance improvements' is vague and generic, failing to convey specific details about the changes such as adding a system field or making provenance recording mandatory.	Consider a more specific title like 'Add system field to BuildProvenance' or 'Always record build provenance with system information' to better communicate the main changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch build-provenance

---

No actionable comments were generated in the recent review. 🎉

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 Deployed on https://698b9ce233c276b6dff23cdd--determinate-nix.netlify.app