Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Ensure reproducable Deb package #747

Merged
merged 1 commit into from
Dec 6, 2023
Merged

fix: Ensure reproducable Deb package #747

merged 1 commit into from
Dec 6, 2023

Conversation

keliramu
Copy link
Contributor

@keliramu keliramu commented Dec 5, 2023

Each time building exaclty from the same source,
ensure exaclty the same size deb package is generated.

@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Dec 5, 2023
@keliramu keliramu marked this pull request as draft December 5, 2023 14:10
@keliramu
fix: Ensure reproducable Deb package
c4959c5 
Each time building exaclty from the same source,
ensure exaclty the same size deb package is generated.

Signed-off-by: keliramu <ramunas.keliuotis@nordsec.com>
keliramu
keliramu commented Dec 5, 2023
View reviewed changes
deb/deb.go
@@ -391,14 +391,14 @@ func createFilesInsideDataTar(info *nfpm.Info, tw *tar.Writer) (md5buf bytes.Buf
Format: tar.FormatGNU,
Uname: file.FileInfo.Owner,
Gname: file.FileInfo.Group,
ModTime: file.FileInfo.MTime,
ModTime: time.Unix(0, 0),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably ModTime setting to zero should be controlled via some kind of flag or config option.

keliramu
keliramu commented Dec 5, 2023
View reviewed changes
deb/deb.go
"./md5sums": md5sums,
"./conffiles": conffiles(info),
// ensure predefined sort order of these items
filesToCreateNames := []string{
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Go map[string] does not ensure predefined sort order when iterated via for ... range ... and that is the cause of control.tar.gz is different size when executed on the same input.

@keliramu keliramu marked this pull request as ready for review December 5, 2023 14:25
@keliramu keliramu mentioned this pull request Dec 5, 2023
Closed
2 tasks
@caarlos0
Copy link
Member

caarlos0 commented Dec 6, 2023

gonna merge this and continue working on it, thanks for the PR

@caarlos0 caarlos0 merged commit 60cff80 into goreleaser:main Dec 6, 2023
1 check passed
@caarlos0 caarlos0 added this to the v2.35.0 milestone Dec 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v2.35.0
Development

Successfully merging this pull request may close these issues.
2 participants
@keliramu @caarlos0