Huh. I thought @theopolis said I should build twice and compare checksums
s
Stefano Bonicatti
12/17/2019, 6:07 PM
Well if it does it's "luck".
Meaning, for instance any usage of
___DATE___
___TIME___
__FILE__
, Link-Time Optimization will not get you a deterministic build
There are ways to force known values or fixed seeds for lto (which though ok, for Linux/macOS case we are not using)
but we are not doing them
also compiling on a different different path can change the checksum
t
theopolis
12/17/2019, 10:51 PM
Agree that maintaining reproducibility is hard and needs a test in the CI. We had this with Jenkins -- but we do have a reproducible build, I at least test this on Linux manually when building packages.
I might be able to improve my testing -- it might not removal all artifacts
^ it only removes the source/build directories and starts again, mostly assuring there are not dirty changes. Never used it as a way to confirm my VMs were clean of malfeasance
s
seph
12/18/2019, 12:20 AM
Seems weird that my builds i.on different VMs did t march
s
Stefano Bonicatti
12/18/2019, 12:35 AM
different VMs how?
s
seph
12/18/2019, 12:42 AM
I started 2 VMs in gcloud. Then I ran the steps in parallel. Same OS image, but otherwise, different