Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
seph
12/17/2019, 6:00 PMHuh. I thought @theopolis said I should build twice and compare checksums
s
Stefano Bonicatti
12/17/2019, 6:07 PMWell if it does it's "luck".
Meaning, for instance any usage of
___DATE______TIME_____FILE__There are ways to force known values or fixed seeds for lto (which though ok, for Linux/macOS case we are not using)
but we are not doing them
also compiling on a different different path can change the checksum
t
theopolis
12/17/2019, 10:51 PMAgree that maintaining reproducibility is hard and needs a test in the CI. We had this with Jenkins -- but we do have a reproducible build, I at least test this on Linux manually when building packages.
I might be able to improve my testing -- it might not removal all artifacts
^ it only removes the source/build directories and starts again, mostly assuring there are not dirty changes. Never used it as a way to confirm my VMs were clean of malfeasance
s
seph
12/18/2019, 12:20 AMSeems weird that my builds i.on different VMs did t march
s
Stefano Bonicatti
12/18/2019, 12:35 AMdifferent VMs how?
s
seph
12/18/2019, 12:42 AMI started 2 VMs in gcloud. Then I ran the steps in parallel. Same OS image, but otherwise, different
I’m not sure this is really actionable?
t
theopolis
12/18/2019, 6:20 PMyeah, unfortunately, not right now