|
| 1 | +# Rusty's Unreliable Guide to The Terrible World of Reproducible Builds |
| 2 | + |
| 3 | +1. The reproducible build system currently only supports Ubuntu 18.04.1. |
| 4 | +2. It requires manual steps. |
| 5 | +3. The input is a source zipfile, the output is a .tar.xz. |
| 6 | + |
| 7 | +## Step 1: Creating a Build Machine |
| 8 | + |
| 9 | +Download the Ubuntu Desktop ISO image for 18.04.1. I got it from |
| 10 | +http://old-releases.ubuntu.com/releases/18.04.1/ubuntu-18.04.1-desktop-amd64.iso |
| 11 | + |
| 12 | +The `sha256sum` of this file should be |
| 13 | +`5748706937539418ee5707bd538c4f5eabae485d17aa49fb13ce2c9b70532433`. |
| 14 | + |
| 15 | +Do a standard install, but make sure to *uncheck* 'Download updates |
| 16 | +while installing Ubuntu' in the installer (or simply deprive it of a |
| 17 | +network connection as I do below). I did the following to install under kvm: |
| 18 | + |
| 19 | + qemu-img create ubuntu-18.04.01.raw 10G |
| 20 | + kvm -m 2G -cdrom ~/Downloads/ubuntu-18.04.1-desktop-amd64.iso ubuntu-18.04.01.raw -nic none |
| 21 | + |
| 22 | +You can choose a 'Minimal installation': it shouldn't matter. |
| 23 | + |
| 24 | +Once the installation is over, it'll want to restart. Then make sure you |
| 25 | +disable updates: |
| 26 | + |
| 27 | +1. Left-click on the bottom left 9-dots menu |
| 28 | +2. Type "update" |
| 29 | +3. Click on the "Software & Up.." box icon. |
| 30 | +4. Click on the "Updates" tab at the top of that app. |
| 31 | +5. Uncheck "Important security updates", "Recommended updates" and |
| 32 | + "Unsupported updates". You'll have to re-enter your password. |
| 33 | +6. Hit "Close". |
| 34 | +7. If asked, hit "Reload". |
| 35 | + |
| 36 | +If you didn't have a network connection, you'll want to add one for |
| 37 | +the next steps; for me, this meant powering off the build machine and restarting: |
| 38 | + |
| 39 | + kvm -m 2G ubuntu-18.04.01.raw -nic user |
| 40 | + |
| 41 | +And then ran `sudo apt-get update` after I'd logged in. |
| 42 | + |
| 43 | +## Step 2: Create the Source Zipfile |
| 44 | + |
| 45 | +Create the source zip that the Build Machine will need, using |
| 46 | + |
| 47 | + ./tools/build-release.sh zipfile |
| 48 | + |
| 49 | +For testing (ie. when you're not on a proper released version), you |
| 50 | +can use --force-version=, --force-mtime= and even --force-unclean. |
| 51 | + |
| 52 | +The will place a file into `release/`, eg. `clightning-v0.7.0rc2.zip`. |
| 53 | + |
| 54 | +### Example |
| 55 | + |
| 56 | +If you are on the git commit v0.7.0rc2 (1dcc4823507df177bf11ca60ab7da988205139b1): |
| 57 | +``` |
| 58 | +$ sha256sum release/clightning-v0.7.0rc2.zip |
| 59 | +3c980858024b8b429333e7ee5a545c499ac6c25d0f1d11bb45fafce00c99ebba release/clightning-v0.7.0rc2.zip |
| 60 | +``` |
| 61 | + |
| 62 | +## Step 3: Put the Zipfile Onto The Build Machine |
| 63 | + |
| 64 | +You can upload it somewhere and download it into the machine, or |
| 65 | +various virtualization solutions or a USB stick for a physical machine. |
| 66 | + |
| 67 | +I simply started a server on my host, like so: |
| 68 | + |
| 69 | + cd release && python3 -m http.server --bind 127.0.0.1 8888 |
| 70 | + |
| 71 | +Inside my KVM build machine I did: |
| 72 | + |
| 73 | + wget http://10.0.2.2:8888/clightning-v0.7.0rc2.zip |
| 74 | + |
| 75 | + |
| 76 | +## Step 4: Do the Build |
| 77 | + |
| 78 | +1. `unzip clightning-v0.7.0rc2.zip` |
| 79 | +2. `cd clightning-v0.7.0rc2` |
| 80 | +3. `tools/repro-build.sh` (use the same `--force-mtime` if testing). |
| 81 | + It will download the packages needed to build, check they're identitcal to the |
| 82 | + versions we expect, install them then build the binaries and create a tar.xz file. |
| 83 | +4. The output will be in that top-level directory. |
| 84 | + |
| 85 | +### Example: |
| 86 | + |
| 87 | +If you built from our example zipfile: |
| 88 | +``` |
| 89 | +$ sha256sum clightning-v0.7.0rc2-Ubuntu-18.04.tar.xz |
| 90 | +c9b4d9530b9b41456f460c58e3ffaa779cdc1c11fb9e3eaeea0f364b62de3d96 clightning-v0.7.0rc2-Ubuntu-18.04.tar.xz |
| 91 | +``` |
| 92 | + |
| 93 | + |
| 94 | +## Step 5: Get the Built Result Off the Build Machine |
| 95 | + |
| 96 | +Again, there are many ways, but for my KVM settings the simplest was: |
| 97 | + |
| 98 | +On the host: |
| 99 | + |
| 100 | + nc -l -p 8888 > clightning-v0.7.0rc2-Ubuntu-18.04.tar.xz |
| 101 | + |
| 102 | +On the guest: |
| 103 | + |
| 104 | + nc -q0 10.0.2.2 8888 < clightning-v0.7.0rc2-Ubuntu-18.04.tar.xz |
| 105 | + |
| 106 | + |
| 107 | +## Step 5: Tell the World |
| 108 | + |
| 109 | +You can find my example artifacts on https://ozlabs.org/~rusty/clightning-repro |
| 110 | +if you want to see why your build produced a different result from mine. |
| 111 | + |
| 112 | +Happy hacking! |
| 113 | +Rusty. |
0 commit comments