Reproducible builds #546

Open
opened 2 weeks ago by dan · 0 comments
dan commented 2 weeks ago
Owner

https://reproducible-builds.org/

  • use git tag date for build date, also inject into tool chain with rep build env var SOURCE_DATE_EPOCH

    • this will allow builds to deploy to the same folder as they'll all have the same time
  • examine version pinning, will it always get teh same versio or newer with out ask

    • go
    • dart
  • start testing - most basics work

    • libcwtch-go
      • go build ... & sha512sum & make clean & go build ... & sha512sum
    • cwtch-ui
      • flutter build & sha512sum & flutter clean & flutter build & sha512sum
  • strip out folders incuded in go

stage 1

  • using the same pulled docker build containers the builds can be reproduced
    • need scripts to execute the drone build locally using them and export results
    • requires clearly fixed package versions

stage 2

  • reproducable locally (so including striping local build info and scripts with very fixed tool usage)

stage 3

  • how much work to make the docker containers more reproducable, i know there are some like apt update commands in them know that would def block that
https://reproducible-builds.org/ - [ ] use git tag date for build date, also inject into tool chain with rep build env var SOURCE_DATE_EPOCH - this will allow builds to deploy to the same folder as they'll all have the same time - [ ] examine version pinning, will it always get teh same versio or newer with out ask - go - dart - start testing - most basics work - libcwtch-go - [x] go build ... & sha512sum & make clean & go build ... & sha512sum - cwtch-ui - [x] flutter build & sha512sum & flutter clean & flutter build & sha512sum - [ ] strip out folders incuded in go - https://reproducible-builds.org/tools/ ## stage 1 - using the same pulled docker build containers the builds can be reproduced - need scripts to execute the drone build locally using them and export results - requires clearly fixed package versions ## stage 2 - reproducable locally (so including striping local build info and scripts with very fixed tool usage) ## stage 3 - how much work to make the docker containers more reproducable, i know there are some like `apt update` commands in them know that would def block that
dan self-assigned this 2 weeks ago
dan added this to the Cwtch Beta (In Progress) project 2 weeks ago
sarah added the
cwtch-beta-1.10
label 3 days ago
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: cwtch.im/cwtch-ui#546
Loading…
There is no content yet.