Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Bug]: Reproducible UI builds #3877

Closed
TripleDogDare opened this issue Aug 17, 2022 · 1 comment
Closed

[Bug]: Reproducible UI builds #3877

TripleDogDare opened this issue Aug 17, 2022 · 1 comment
Labels
bug

Comments

@TripleDogDare
Copy link
Contributor

What happened?

UI builds are not reproducible.

There's at least two issues that I've discovered so far.

  1. gzipped files are inserting file timestamps. This can be resolved in the Makefile fairly easily.
  2. asset-manifest.json does not maintain a consistent sort order. I'll probably need to add something to ./scripts to resolve this.

Steps to reproduce

  1. make rebuild-ui
  2. find ./cmd/query/app/ui/actual/ -type f -exec sha256sum {} \; | tee ui.gz.sha256sum
  3. find ./cmd/query/app/ui/actual -type f -name '*.gz' -delete
  4. make-rebuild-ui
  5. sha256sum -c ui.gz.sha256sum

Expected behavior

sha256sum check should return OK

Relevant log output

No response

Screenshot

No response

Additional context

Other discussion at #3876

Jaeger backend version

No response

SDK

No response

Pipeline

No response

Stogage backend

No response

Operating system

No response

Deployment model

No response

Deployment configs

No response
@TripleDogDare TripleDogDare mentioned this issue Aug 17, 2022
Closed
TripleDogDare added a commit to TripleDogDare/jaeger that referenced this issue Aug 17, 2022
@TripleDogDare
Fixes reproducibility for binaries
d61944a 
Resolves Issue: jaegertracing#3877

Adds reproducibility checks to the make file and CI.
Fixes timestamps embedded in gzipped UI files.
Fixes reproducibility for asset-manifest.json before compression/embedding.

Signed-off-by: Calvin Behling <calvin.behling@gmail.com>
TripleDogDare added a commit to TripleDogDare/jaeger that referenced this issue Aug 17, 2022
@TripleDogDare
Fixes reproducibility for binaries
5cf4c89 
Resolves Issue: jaegertracing#3877

Adds reproducibility checks to the make file and CI.
Fixes timestamps embedded in gzipped UI files.
Fixes reproducibility for asset-manifest.json before compression/embedding.

This does not help with reproducibility checks across build systems. But
should help that multiple builds on the same build system are
reproducible.

Signed-off-by: Calvin Behling <calvin.behling@gmail.com>
TripleDogDare added a commit to TripleDogDare/jaeger that referenced this issue Aug 17, 2022
@TripleDogDare
Fixes reproducibility for binaries
69e0c14 
Resolves Issue: jaegertracing#3877

Adds reproducibility checks to the make file and CI.
Fixes timestamps embedded in gzipped UI files.
Fixes reproducibility for asset-manifest.json before compression/embedding.

This does not help with reproducibility checks across build systems. But
should help that multiple builds on the same build system are
reproducible.

Signed-off-by: Calvin Behling <calvin.behling@gmail.com>
@TripleDogDare TripleDogDare mentioned this issue Aug 17, 2022
Merged
TripleDogDare added a commit to TripleDogDare/jaeger that referenced this issue Sep 1, 2022
@TripleDogDare
Fixes reproducibility for binaries
ca9602e 
Resolves Issue: jaegertracing#3877

Adds reproducibility checks to the make file and CI.
Fixes timestamps embedded in gzipped UI files.
Fixes reproducibility for asset-manifest.json before compression/embedding.

This does not help with reproducibility checks across build systems. But
should help that multiple builds on the same build system are
reproducible.

Signed-off-by: Calvin Behling <calvin.behling@gmail.com>
yurishkuro pushed a commit that referenced this issue Sep 1, 2022
@TripleDogDare
Fixes reproducibility for binaries (#3880)
71f2bb9 
* Fixes reproducibility for binaries

Resolves Issue: #3877

Adds reproducibility checks to the make file and CI.
Fixes timestamps embedded in gzipped UI files.
Fixes reproducibility for asset-manifest.json before compression/embedding.

This does not help with reproducibility checks across build systems. But
should help that multiple builds on the same build system are
reproducible.

Signed-off-by: Calvin Behling <calvin.behling@gmail.com>

* Add checksums to releases

Adds checksums to the deploy directory during release. Each archive gets
a sha256sum file that describes its contents and additionally a checksum
of all the archives produced.
Removes the reproducibility check from CI.

Signed-off-by: Calvin Behling <calvin.behling@gmail.com>

* Cleanup

Use bash/shopt options in package-deploy to reduce error checking
required.
Add comments for complex find calls.
Inline checksum collection and checking for repro-check target.

Signed-off-by: Calvin Behling <calvin.behling@gmail.com>

* Change to shasum perl script

The perl package shasum is more likely to exist on development machines
than the GNU coreutils sha256sum and similar packages. Switching to the
shasum package should provide less development friction by not
introducing a new dependency.
Enable binary mode on the shasum script. GNU coreutils sha256sum uses
binary mode by default. It shouldn't make a significant difference to
users but I think it's best to just do it. This means updating the sed
script in the package-deploy script to ignore the leading asterisk on
file paths.
Added a guard to the package-deploy script around not detecting a
version name because I found that the script would silently accept an
empty string when the Makefile was invalid.

Signed-off-by: Calvin Behling <calvin.behling@gmail.com>

Signed-off-by: Calvin Behling <calvin.behling@gmail.com>
@yurishkuro
Copy link
Member

I think this is solved, if not please list additional items required.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TripleDogDare @yurishkuro