Build the ring rust crate with a stable build path

Mon May 8 10:14:32 UTC 2023

hi kpcyrd,

On Mon, May 08, 2023 at 02:08:09AM +0200, kpcyrd wrote:
> I was using github actions to compile my project but had trouble matching
> the binary, even when[...]

thanks for sharing your findings here!

[...]
> This can be run without root privileges if user namespaces are enabled. The
> script sets up two directories in /mnt to provide the source code, build
> directory and $CARGO_HOME folder at stable locations.
> 
> This view on the file system is exclusive to the compiler process and
> doesn't interfere with any other processes making use of the /mnt directory,
[...]

yes, this matches what Vagrant and myself recently discussed on IRC:

for build pathes we want predictable/deterministic build pathes,
because still way to many tools embedd the build pathes in their outputs.

> This allowed me to match the binary built by github actions with one built
> in my ubuntu:22.04 container. You still need to match all compilers used or
> you may run into "GNU AS 2.38" vs "GNU AS 2.40.0" or "GCC: (Ubuntu
> 11.3.0-1ubuntu1~22.04) 11.3.0" vs "GCC: (GNU) 13.1.1 20230429". And
> obviously to change the binary output is the whole point of releasing a new
> compiler version. Linux distributions are using buildinfo files for this,
> I'm not aware of any github native solutions for this.

doesn't github now support SBOMs and shouldnt those SBOMs contain that info?

-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Dance like no one's watching. Encrypt like everyone is.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20230508/b2614903/attachment.sig>