Reproducible builds

Issue #157 open

Mikhail Lopatkin repo owner created an issue 2020-04-06

Try to make builds 100% deterministic and reporducible: i.e. all builds with the same docker image, revision and environment params must be 100% identical.

Comments (6)

Mikhail Lopatkin reporter
- changed status to open
- 2021-10-17T20:13:06+00:00
Mikhail Lopatkin reporter
Use pinned Java 8 image to build the binary

This is Debian build of OpenJDK 8u302-b08 for Linux x64.

Ref #157.

→ <<cset 8a1f05366b28>>
- 2021-10-17T21:44:08+00:00
Mikhail Lopatkin reporter
Common sources of non-determinism are now eliminated. However, it seems that the generated archives are still OS-dependent: the file access rights are different between Windows and Linux builds.
- 2021-10-17T23:54:29+00:00
Mikhail Lopatkin reporter
- changed status to closed
- 2021-10-17T23:54:54+00:00
Mikhail Lopatkin reporter
- changed status to open
File permissions inside the archive are still a thing. For CI the files are world-writable and for local builds they aren't, breaking compatibility.
- 2021-10-18T13:22:51+00:00
Mikhail Lopatkin reporter
Another source of certain non-determinism is the baked-in build number. The build number is tied to the Pipelines' build count. It makes it harder to ensure that Github Actions produce the same binary. The difference isn't even useful to distinguish Github-built vs Bitbucket-built binaries because these numbers may potentially clash (and it will make no sense once we have fully reproducible builds anyway).
- 2021-11-01T11:09:55+00:00
Log in to comment

Assignee: –

Type: task

Priority: major

Status: open

Component: –

Milestone: 0.21

Version: –

Votes: 0

Watchers: 1