Comments (5)
u-root as of today is nondeterministic.
Even if using one commit of u-root, dependencies could change.
What do you mean by this? u-root's dependencies are pinned, and our tests test that building the same initramfs twice at the same commit on the same machine comes out bit for bit reproducibly the same. Have we overlooked some cases?
from u-root.
@hugelgupf I do not see any pinning for random example https://github.com/u-root/u-root/blob/main/pkg/boot/kexec/kexec_load_linux.go#L12
I get that at a moment in time, if one builds the same initramfs twice it will pass the test. My point, irrelevant to subject of this ticket is if someone wants to rebuild same commit in 6 months it won't produce the same initramfs because dependencies might evolve as well since not pinned to dependencies commit, simply downloading latest available version at moment of building.
from u-root.
@hugelgupf I do see any pinning for random example https://github.com/u-root/u-root/blob/main/pkg/boot/kexec/kexec_load_linux.go#L12
I get that at a moment in time, if one builds the same initramfs twice it will pass the test. My point, irrelevant to subject of this ticket is if someone wants to rebuild same commit in 6 months it won't produce the same initramfs because dependencies might evolve as well since not pinned to dependencies commit, simply downloading latest available version at moment of building.
I see what you mean -- though that's a Go problem with Minimal Version Selection in Go modules. I hadn't realized that Go lost that with the switch from vendoring to modules. (We still have the vendor directory, so theoretically u-root hasn't lost it if you build with modules disabled.)
from u-root.
@hugelgupf I added/corrected context of OP for clarity. Reproducibility should probably be tackled in another issue.
You see the added value of packing u-root as compressed squashfs like I do?
from u-root.
Related Issues (20)
- exp/tcz : postinstall scripts are not executed (usr/local/tce.installed/*) HOT 5
- Gosh is hard to build tests for HOT 6
- wget (curl subcomponent) requires /etc/ssl certs to https HOT 1
- wget -O needs to be passed as first argument HOT 6
- The child process of a fork gets a SIGTRAP HOT 1
- Integration into other shells
- github.com/kr/pty has been replaced, use github.com/creack/pty instead HOT 1
- disappearing files HOT 2
- Files in pkg/boot/uefi/testdata trigger antivirus/malware alerts
- u-root tpm2 PCR measurements are not robust to TPM Carte Blanche
- tracer_test.go is flaky (and hard to reproduce) HOT 1
- CreateRootfs fails when copied content contains broken symlinks HOT 1
- image.Load tries using system xz binary
- UKI support HOT 2
- Implement sed command
- printf command
- Ci-Fuzz Build failing HOT 2
- SchemeWithRetries.Fetch improved timeout handling
- u-root lies about saving tmp dir HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from u-root.