Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using random build-ids #1630

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Stop using random build-ids #1630

wants to merge 1 commit into from
+2 −2

Conversation

bmwiedemann
Copy link
Contributor

Description of the Pull Request (PR):

Stop using random build-ids
to use the default deterministic build-ids instead. This allows for reproducible builds.

This fixes or addresses the following GitHub issues:

Before submitting a PR, make sure you have done the following:

other

This PR was done while working on reproducible builds for openSUSE.

DrDaveD
DrDaveD requested changes Aug 24, 2023
View reviewed changes
Copy link
Contributor

@DrDaveD DrDaveD left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI checks (for example centos7) say *** ERROR: No build ID note found

@DrDaveD
Copy link
Contributor

DrDaveD commented Sep 5, 2023

So how about instead using my idea of a hash?

@bmwiedemann
Copy link
Contributor Author

AFAIK, a hash is the default behaviour of gcc (and possibly go)

@DrDaveD
Copy link
Contributor

DrDaveD commented Sep 5, 2023

It may be the default behavior with gcc but apparently it is not the default behavior with go, because when you remove the -B option there's a No build ID note found error.

cclerget
cclerget reviewed Dec 5, 2023
View reviewed changes
dist/rpm/apptainer.spec.in Outdated
@@ -163,7 +163,7 @@ fi
# GOPROXY=off makes sure we fail instead of making network requests
# the -B ldflags prevent rpm complaints about "No build ID note found"
CGO_ENABLED=0 GOPROXY=off ./build.bash -mod=vendor -tags without_openssl \
-ldflags="-X main.GitVersion=%{gocryptfs_version} -B 0x`head -c20 /dev/urandom|od -An -tx1|tr -d ' \n'`"
Copy link
Contributor

@cclerget cclerget Dec 5, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should look like to achieve this : -ldflags="-X main.GitVersion=%{gocryptfs_version} -buildid="

cclerget
cclerget reviewed Dec 5, 2023
View reviewed changes
mlocal/frags/go_normal_opts.mk
@@ -1,3 +1 @@
# This tells go's link command to add a GNU Build Id, needed for later
# symbol stripping for example as is done by rpmbuild.
GO_LDFLAGS += -ldflags="-B 0x`head -c20 /dev/urandom|od -An -tx1|tr -d ' \n'`"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should look like to achieve this : GO_LDFLAGS += -ldflags="-buildid="

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It did not help. https://github.com/apptainer/apptainer/actions/runs/7100998731/job/19328214255?pr=1630 still fails with *** ERROR: No build ID note found in /home/testuser/rpmbuild/BUILDROOT/apptainer-1.2.5+377.gccb3226-1.el7.x86_64/usr/libexec/apptainer/bin/gocryptfs

@bmwiedemann
Stop using random build-ids
0fd0d92 
to use the default deterministic build-ids instead

Fixes: apptainer#1623

This patch was done while working on reproducible builds for openSUSE.

Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cclerget cclerget cclerget left review comments

@DrDaveD DrDaveD DrDaveD requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

unreproducible builds from go_normal_opts.mk
3 participants
@bmwiedemann @DrDaveD @cclerget