Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

End to end build Dockerfile #173

Open
InnovativeInventor opened this issue Aug 11, 2020 · 6 comments
Open

End to end build Dockerfile #173

InnovativeInventor opened this issue Aug 11, 2020 · 6 comments

Comments

@InnovativeInventor
Copy link

From: ungoogled-software/ungoogled-chromium#743

I've dockerized the build process on debian (so we can pin exact hashes of the version of debian we're building on). This is intended to aid in the production of reproducible binaries.

Once this is complete, we can use GitHub Actions to build it (a neutral, trusted platform) and have volunteers verify that the GitHub Actions build matches their own local build.

Note: Currently the build only targets amd64

I'll be submitting a pull request once the build finishes (since an end-to-end dockerfile would be useful anyways to have).
@Eloston
Copy link
Member

Eloston commented Aug 11, 2020

Thanks for looking into this, but I have several questions:

  1. What Debian versions are you building on? How about Ubuntu?
  2. Why is it necessary to pin exact hashes of the Debian version we're building on? For example, Debian buster hardly ever changes so it's a pretty stable environment
  3. GitHub Actions does not work well for building Chromium (can't remember the specific issues on ungoogled-chromium). We already setup OBS to make binaries. Is there still a reason to use GitHub Actions?
  4. Are you planning to support other CPU architectures?
  5. How are you planning to integrate the Dockerfile with this repo? This repo is meant to mirror Debian's git repo for the chromium source package. I'm having troubles seeing how a Dockerfile would be appropriate here. Maybe ungoogled-software/contrib would be a better place?

@InnovativeInventor
Copy link
Author

I don't believe it is necessary to pin the exact hashes, but doing so ensures that everybody starts off with the same image, eliminating a source of non-reproducible. I have no clue what kind of optimizations the compiler does, but I felt that a reproducible build environment is a good step towards reproducible builds.

Yet another update: Can't seem to get the same .deb files -- planning on trying some other ideas from: https://reproducible-builds.org/tools/

Particularly: https://salsa.debian.org/reproducible-builds/strip-nondeterminism (add-on to debhelper)

@InnovativeInventor
Copy link
Author

InnovativeInventor commented Aug 12, 2020
edited
Loading

To answer your question, I'll get other architectures (and Ubuntu) built once I manage to figure out how to make builds reproducible. There isn't a reason to use GitHub Actions if OBS works and GitHub Actions didn't in the past.

I've opened up a PR in ungoogled-software/contrib. (ungoogled-software/contrib#2)

@thedeadliestcatch
Copy link

Has the Dockerfile ever been made available?

@iskunk
Copy link
Contributor

iskunk commented Mar 9, 2024

Has the Dockerfile ever been made available?

It's in the PR linked above your comment.

@thedeadliestcatch
Copy link

It seems like it has been stalled since 2020.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@iskunk @Eloston @InnovativeInventor @thedeadliestcatch