x/build: update for new distribution archive builds #58659
Assignees
Labels
Builders
x/build issues (builders, bots, dashboards)
early-in-cycle
A change that should be done early in the 3 month dev cycle.
NeedsFix
The path to resolution is known, but the work has not been done.
release-blocker
Milestone
Comments
rsc
added
the
early-in-cycle
thanm
added
the
NeedsFix
|
Change https://go.dev/cl/470755 mentions this issue: |
|
One question is how to test that things stay reproducible. One possible answer would be to use the trusted Linux machine as source of truth but then also build everything on Windows and require getting bit-for-bit identical outputs before blessing those files as part of the release. The Windows machine does not have to be as trusted since it is only a sanity check on the trusted builder. The two OSes Windows and Linux should be sufficiently different to serve as a good check. |
gopherbot
pushed a commit
to golang/build
that referenced
this issue
Feb 23, 2023
Relui replaced release since Go 1.18 or so. We kept it around a bit longer while there were remaining Go+BoringCrypto releases that still used the release command. Those are no more, so to avoid confusion, remove cmd/release code given it's no longer maintained or supported. Updates golang/go#40279. Updates golang/go#58659. Fixes golang/go#45893. Change-Id: Id0d641bee49c9584c52e5616322f0656b89cd851 Reviewed-on: https://go-review.googlesource.com/c/build/+/470755 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Heschi Kreinick <heschi@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
|
@rsc once the CL is merged we'll prioritize this. Looking forward to it. |
|
Change https://go.dev/cl/478158 mentions this issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For #24904, I have mailed CL 470676, which adds a new
make.bash -distpackflag that generates distribution archives.On the release infrastructure side, x/build needs to start using
make.bash -distpackin Go 1.21 and later to produce the distribution archives (including the source archives), instead of the code it currently uses to generate them. The-distpackmode also writes the module files that we need to serve for GOTOOLCHAIN support (#57001). Those need to start being served from go.dev/dl like the other archives.When writing a VERSION file for Go 1.21 or later, the file should be of the form
That time stamp is used as the modification time in the archives (for reproducibility). This means something in the x/build metadata will have to record the time to use for each release and then write that time into the VERSION file.
The reproducibility work enables building distribution archives on any kind of machine. In particular it should be possible to build everything on an appropriately trusted+locked down linux/amd64 system. You use
GOOS=goos GOARCH=goarch ./make.bash -distpack.Note that if we move the generation of the linux/arm distribution archives to linux/amd64, we need to set
GOARM=6as well, to mimic the environment on linux-arm-aws. SoGOOS=linux GOARCH=arm GOARM=6 ./make.bash -distpack.It doesn't matter what goos/goarch is used to generate the source archives (you get the same result on every system, as one would expect), but it does need to be generated by
make.bash -distpackfor reproducibility.Once the release infrastructure is updated, we should issue a go1.21alpha1 (built from a master branch is fine, no need for a release branch) to exercise the infrastructure and to test that external users can reproduce the archives (#57120).
/cc @golang/release
The text was updated successfully, but these errors were encountered: