[rb-general] Reproducible builds and distributed CI
Daniel Shahaf
danielsh at apache.org
Sun May 19 19:29:51 UTC 2019
Lars Wirzenius wrote on Sun, 19 May 2019 10:09 +00:00:
> This immediately brings up the question of how a controller can trust
> the output of a worker. Otherwise there's a tempatation to run workers
> that produce malicious output.
>
> I'm thinking that if there's enough workers available, the controller
> could give the same build to more than one worker, and compare the
> result. This is easy if builds are bitwise reproducible. It is not
> very easy otherwise.
Why does it matter whether the program is reproducible? If you take
a program, compile it on two different machines, and get two binaries,
those binaries will function identically, even if they aren't bit-for-bit
identical.
In a CI context, I think the interesting question is whether the worker
can be assumed to execute the script you give it as given. If it can,
then your system will work equally well on reproducible and non-reproducible
programs; if it can't, then the worker may lie (unless you use cryptography
to prevent that).
Cheers,
Daniel
More information about the rb-general
mailing list