Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use docker environment to build the actors reproducibly #1606

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Use docker environment to build the actors reproducibly #1606

wants to merge 13 commits into from

Conversation

Stebalien
Copy link
Member

Third attempt at fixing #171. All work on this PR was done by @lemmih in #634 and @ianconsolata in #865.

This isn't perfect (see #171 (comment)) but it does make it possible for end-users to reproduce the bundles built in CI as long as they have an x86 machine.

fixes #171

@Stebalien Stebalien requested a review from rvagg January 22, 2025 21:06
@Stebalien
Copy link
Member Author

We should get someone with a mac to reproduce this, then merge it before it gets out of date again. I've made a few changes:

  1. It pulls an image with a specific hash.
  2. I've changed how the rust binaries are installed so they layer better (only need to be updated when we change rust versions).
  3. I've removed the apt-get update etc. for better reproducibility.
  4. I'm checking out a clean copy of the repo (from the host OS, not from GitHub) instead of simply copying the repo.

@Stebalien
Make a clean checkout of the repo
2e0f0e4 
This means it isn't possible to reproducibly build a dirty repo but...
nobody wants to do that anyways. It does mean that the reproducible
build won't be affected by other files in the tree.
@Stebalien Stebalien force-pushed the id/reproducible-build branch from b4d3f3a to 2e0f0e4 Compare January 22, 2025 21:10
rvagg
rvagg reviewed Jan 23, 2025
View reviewed changes
Dockerfile Show resolved Hide resolved
@rvagg
Copy link
Member

rvagg commented Jan 23, 2025

I have opinions! See #1607

I've tested that it runs on a mac but only on an arm machine so can't get the same output, I do have an x86 mac in the house but it's a bit of an annoyance to get it set up for this, and those are going extinct now anyway.

I'm getting this when built using my branch, I think it should be the same as this one so here it is:

$ sha256sum output/builtin-actors.car 
df4957e13f356d9307bb86e345f6a4674ec671c85c5a26ffb995e8828819243e  output/builtin-actors.car

@Stebalien
Copy link
Member Author

I'm getting the same value.

In terms of macos, maybe we should just add --arch amd64 to the run commandline? Or --platform linux/amd64?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rvagg rvagg rvagg left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
FilOz
Status: 📌 Triage
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Reproducable Build
4 participants
@Stebalien @rvagg @lemmih @ianconsolata