[RFE] Reproducible builds #25
Labels
kind/feature
A feature request.
Comments
pothos
moved this from 📝 Needs Triage
to 🪵Backlog
in Flatcar tactical, release planning, and roadmap
github-project-automation
bot
moved this to 📝 Needs Triage
in Flatcar tactical, release planning, and roadmap
pothos
added a commit
that referenced
this issue
Sep 18, 2023
The binaries consumed from upstream should have the same checksums already but the resulting squashfs does not because it contains the time stamps of the build. Define the SOURCE_DATE_EPOCH variable which is enough to make mksquashfs reproducible. The user can pass an own value if there is a fixed reference time. For semantics, see https://reproducible-builds.org/docs/source-date-epoch/ Fixes #25
|
Turns out https://reproducible-builds.org/docs/source-date-epoch/ is enough, done in #27 |
pothos
moved this from 🪵Backlog
to ✅ Testing / in Review
in Flatcar tactical, release planning, and roadmap
github-project-automation
bot
moved this from ✅ Testing / in Review
to Implemented
in Flatcar tactical, release planning, and roadmap
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current situation
The binaries consumed from upstream should have the same checksums already but the resulting squashfs does not.
Impact
Local rebuilds and new releases of the same version create new files with different checksums, which is bad for reproducibility and deduplication.
Ideal future situation
For mksquashfs use
-reproducible -all-time 0 -root-time 0 -mkfs-time 0 -noappendor something similar with another a fixed time.The text was updated successfully, but these errors were encountered: