-
Notifications
You must be signed in to change notification settings - Fork 82
Conversation
@@ -13,6 +13,7 @@ fi | |||
GOBUILD_TAGS="novirt noaugeas " | |||
VERSION=$($(dirname $0)/pkg-version --full) | |||
LDFLAGS="-X github.com/gluster/glusterd2/gdctx.GlusterdVersion=$VERSION" | |||
LDFLAGS+=" -B 0x$(head -c20 /dev/urandom | od -An -tx1 | tr -d ' \n')" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAICT, this would make the builds un-reproducible. As a result, maybe best to avoid doing this. More info here: https://reproducible-builds.org/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fedora requires this though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@purpleidea I was also looking for this sometime back and Go doesn't officially support reproducible builds yet.
@kshlm We should base build id based on git sha-1 eventually. https://fedoraproject.org/wiki/PackagingDrafts/Go#Build_ID
On Mon, Jul 3, 2017 at 9:55 AM, Kaushal M ***@***.***> wrote:
Fedora requires this though.
Can you provide more info about what this is and why?
|
https://fedoraproject.org/wiki/Releases/FeatureBuildId has some more info. Rpmbuild fails if the generated binaries are not tagged with a build-id. |
On Mon, Jul 3, 2017 at 10:03 AM, Kaushal M ***@***.***> wrote:
https://fedoraproject.org/wiki/Releases/FeatureBuildId has some more
info. Rpmbuild fails if the generated binaries are not tagged with a
build-id.
A buildid is fine, but it should not be random. It should probably be based
off of the git sha1 of the commit.
|
Probably. But rpms are built from tarballs, not directly from git. I don't know how I could pass a git sha1 there. |
On Mon, Jul 3, 2017 at 10:08 AM, Kaushal M ***@***.***> wrote:
Probably. But rpms are built from tarballs, not directly from git. I don't
know how I could pass a git sha1 there.
I'm not an RPM expert, so I don't know, sorry. Just saw this and figured
you'd like to know. I'd recommend pinging the RPM pro's on IRC.
|
and also change type of systemd service to the default (simple).
pushd src/%{import_path} | ||
# Install vendored packages | ||
# TODO: See if we can build with unbundled packages | ||
make vendor-install |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be as part of make dist. Good if we can avoid network calls during RPM/packaging create.
This is fine for current release, we can take care of this issue later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good idea. I'll do this next time. Makes is easier to do a release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Merging it. Basing build id on git sha-1 and making vendor install as part of make dist are the TODOs left out.
No description provided.