Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reproducible artifacts #3942

Closed
smira opened this issue Jul 15, 2021 · 6 comments
Closed

reproducible artifacts #3942

smira opened this issue Jul 15, 2021 · 6 comments
Milestone
v1.0

Comments

@smira
Copy link
Member

smira commented Jul 15, 2021

Feature Request

We need to make sure that all Talos artifacts in _out/ are reproducible.

Our initramfs-<arch>.xz is already reproducible, so we need to fix other artifacts to be reproducible as well.

Description

kernel should be fine as it gets copied directly from the image.

Disk/VM images might need some work to make sure they are reproducible: checking/resetting timestamps, making sure that order of the files in the archive is consistent.

End goal is to make sure that:

  1. Build all artifacts.
  2. Capture sha256 sums of the file in _out/.
  3. Clear _out, drop buildkit caches.
  4. Rebuild all artifacts.
  5. Capture sha256 again, it should match checksumes from step 2.
@smira smira added this to the v0.12 milestone Jul 15, 2021
@AlekSi AlekSi self-assigned this Jul 28, 2021
@smira smira modified the milestones: v0.12, v0.13 Aug 30, 2021
@smira
Copy link
Member Author

smira commented Sep 16, 2021

current status:

  • vmlinuz-*, initramfs-*, talosctl-* are reproducible
  • installer and talos images are reproducible
  • *.iso images are reproducible
  • disk images of various kinds are not reproducible as they contain xfs filesystems which in turn contain creation time and that depends on the host time; as the installer image is reproducible though, any disk image can be generated with it

@smira smira modified the milestones: v0.13, v0.14 Sep 27, 2021
@AlekSi AlekSi removed their assignment Oct 11, 2021
@smira smira modified the milestones: v0.14, v0.15 Dec 6, 2021
@flokli
Copy link
Contributor

flokli commented Feb 28, 2022
edited
Loading

disk images of various kinds are not reproducible as they contain xfs filesystems which in turn contain creation time and that depends on the host time; as the installer image is reproducible though, any disk image can be generated with it

Could all the partitions that need to exist in the image itself be ext4 (or squashfs), and you only create xfs during apply-config? That should keep the images themselves binary reproducible, if you use make_ext4fs or mksquashfs with some patches.

It seems there's not really something for xfs yet.

@smira
Copy link
Member Author

smira commented Feb 28, 2022

It might be even not xfs, but also VFAT for boot partitions. We don't see that being the problem, as the installer and imager containers are reproducible.

@flokli
Copy link
Contributor

flokli commented Feb 28, 2022 via email

@smira
Copy link
Member Author

smira commented Mar 1, 2022

thanks, we are already using that: https://github.com/talos-systems/tools/blob/master/Makefile#L38-L46

@smira
Copy link
Member Author

smira commented Mar 4, 2022

with the last pieces of work on bldr and package repositories, I think we can close this issue:

@smira smira closed this as completed Mar 4, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0
Development

No branches or pull requests
3 participants
@AlekSi @smira @flokli