Add script to generate reproducibility index file #860
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tiziano88
force-pushed
the
tzn_repro_index
branch
5 times, most recently
from
59e5aee to
aff745a
Compare
Also add a cloud build step to build the Rust oak_loader binary. Unfortunately, the artifacts are not actually reproducibly buildable right now, so we cannot enforce this yet, but I'm checking in the generated file that I get on my machine, which seems to differ between my machine and GCP. When we figure out the source of the discrepancy, then we can enforce that the hashes are actually checked in when changes are made to the source. Ref project-oak#861
tiziano88
force-pushed
the
tzn_repro_index
branch
from
aff745a to
e7db323
Compare
ipetr0v
approved these changes
Apr 17, 2020
| @@ -0,0 +1,10 @@ | |||
| 61fdf25b4e2b4171a579dd9e4716b24348fb3f9f90ad936f9c91046618c93ed5 ./target/wasm32-unknown-unknown/release/abitest_0_frontend.wasm | |||
There was a problem hiding this comment.
Should it be in a separate artifact directory?
There was a problem hiding this comment.
- we don't have an
artifactfolder (yet) - if we had one, its contents would not be checked in, but this file should still be checked in
so I would leave this here for now, but happy to restructure things more generally at some point
| readonly REPRODUCIBLE_ARTIFACTS=( | ||
| ./target/wasm32-unknown-unknown/release/*.wasm | ||
| ./bazel-clang-bin/oak/server/loader/oak_runner | ||
| ./target/debug/oak_loader |
There was a problem hiding this comment.
Maybe it's better to use release than debug ?
There was a problem hiding this comment.
AFAICT that's not what is built / used by the other scripts?
Line 50 in 55a93d7
We should probably switch that to --release, at which point we can change this list too.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Also add a cloud build step to build the Rust oak_loader binary.
Unfortunately, the artifacts are not actually reproducibly buildable
right now, so we cannot enforce this yet, but I'm checking in the
generated file that I get on my machine, which seems to differ between
my machine and GCP.
When we figure out the source of the discrepancy, then we can enforce
that the hashes are actually checked in when changes are made to the
source.
Ref #861