Title
#core
s

seph

12/17/2019, 6:00 PM
Huh. I thought @theopolis said I should build twice and compare checksums
Stefano Bonicatti

Stefano Bonicatti

12/17/2019, 6:07 PM
Well if it does it's "luck". Meaning, for instance any usage of
___DATE___
___TIME___
__FILE__
, Link-Time Optimization will not get you a deterministic build
6:08 PM
There are ways to force known values or fixed seeds for lto (which though ok, for Linux/macOS case we are not using)
6:08 PM
but we are not doing them
6:09 PM
also compiling on a different different path can change the checksum
theopolis

theopolis

12/17/2019, 10:51 PM
Agree that maintaining reproducibility is hard and needs a test in the CI. We had this with Jenkins -- but we do have a reproducible build, I at least test this on Linux manually when building packages.
10:53 PM
I might be able to improve my testing -- it might not removal all artifacts
10:59 PM
^ it only removes the source/build directories and starts again, mostly assuring there are not dirty changes. Never used it as a way to confirm my VMs were clean of malfeasance
s

seph

12/18/2019, 12:20 AM
Seems weird that my builds i.on different VMs did t march
Stefano Bonicatti

Stefano Bonicatti

12/18/2019, 12:35 AM
different VMs how?
s

seph

12/18/2019, 12:42 AM
I started 2 VMs in gcloud. Then I ran the steps in parallel. Same OS image, but otherwise, different
12:53 AM
I’m not sure this is really actionable?
theopolis

theopolis

12/18/2019, 6:20 PM
yeah, unfortunately, not right now