New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop using random build-ids #1630
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CI checks (for example centos7) say *** ERROR: No build ID note found
So how about instead using my idea of a hash? |
AFAIK, a hash is the default behaviour of gcc (and possibly go) |
It may be the default behavior with gcc but apparently it is not the default behavior with go, because when you remove the |
dist/rpm/apptainer.spec.in
Outdated
@@ -163,7 +163,7 @@ fi | |||
# GOPROXY=off makes sure we fail instead of making network requests | |||
# the -B ldflags prevent rpm complaints about "No build ID note found" | |||
CGO_ENABLED=0 GOPROXY=off ./build.bash -mod=vendor -tags without_openssl \ | |||
-ldflags="-X main.GitVersion=%{gocryptfs_version} -B 0x`head -c20 /dev/urandom|od -An -tx1|tr -d ' \n'`" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should look like to achieve this : -ldflags="-X main.GitVersion=%{gocryptfs_version} -buildid="
@@ -1,3 +1 @@ | |||
# This tells go's link command to add a GNU Build Id, needed for later | |||
# symbol stripping for example as is done by rpmbuild. | |||
GO_LDFLAGS += -ldflags="-B 0x`head -c20 /dev/urandom|od -An -tx1|tr -d ' \n'`" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should look like to achieve this : GO_LDFLAGS += -ldflags="-buildid="
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It did not help. https://github.com/apptainer/apptainer/actions/runs/7100998731/job/19328214255?pr=1630 still fails with *** ERROR: No build ID note found in /home/testuser/rpmbuild/BUILDROOT/apptainer-1.2.5+377.gccb3226-1.el7.x86_64/usr/libexec/apptainer/bin/gocryptfs
cd4f5e7
to
d7e1635
Compare
to use the default deterministic build-ids instead Fixes: apptainer#1623 This patch was done while working on reproducible builds for openSUSE. Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
Description of the Pull Request (PR):
Stop using random build-ids
to use the default deterministic build-ids instead. This allows for reproducible builds.
This fixes or addresses the following GitHub issues:
go_normal_opts.mk
#1623Before submitting a PR, make sure you have done the following:
make check
and tested this PR locally with amake test
, andmake testall
if possible (see CONTRIBUTING.md).other
This PR was done while working on reproducible builds for openSUSE.