Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Meilisearch is not reproducible #837

Closed
jelly opened this issue Jul 5, 2020 · 5 comments
Closed

Meilisearch is not reproducible #837

jelly opened this issue Jul 5, 2020 · 5 comments
Labels
enhancement New feature or improvement
Projects
Fixed issues with v0.21.0
Milestone
v0.21.0

Comments

@jelly
Copy link

jelly commented Jul 5, 2020

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

  1. Build meilisearch on two different machines and time
  2. Compare the resulting binary

Expected behavior
Meilisearch should be reproducible when building on two different times. This helps Arch Linux (and anyone who distributes a binary) proof their build servers where not backdoored by allowing users to reproduce a bit for bit identical binary locally.

Either remove the timestamp or use an env. variable SOURCE_DATE_EPOCH. I was unable to figure out where the build date comes from.

https://reproducible-builds.org/

│ │ │    0x009609e0 61746162 61736520 69732069 6e646578 atabase is index
│ │ │    0x009609f0 696e676d 65696c69 73656172 63685f68 ingmeilisearch_h
│ │ │    0x00960a00 7474703a 3a726f75 7465733a 3a737461 ttp::routes::sta
│ │ │ -  0x00960a10 7473554e 4b4e4f57 4e323032 302d3036 tsUNKNOWN2020-06
│ │ │ -  0x00960a20 2d313654 31383a31 373a3530 2e313037 -16T18:17:50.107
│ │ │ -  0x00960a30 38303539 32372b30 303a3030 302e3131 805927+00:000.11
│ │ │ +  0x00960a10 7473554e 4b4e4f57 4e323032 302d3037 tsUNKNOWN2020-07
│ │ │ +  0x00960a20 2d303554 31333a35 373a3137 2e323536 -05T13:57:17.256
│ │ │ +  0x00960a30 31303231 39322b30 303a3030 302e3131 102192+00:000.11
│ │ │    0x00960a40 2e302025 00000000 00000000 00000000 .0 %............
@jelly
Copy link
Author

jelly commented Jul 5, 2020

Ah it seems to be the Build date which is being recorded:

Jul 05 17:39:35 helium meilisearch[186840]: Build date:                "2020-07-05T15:26:42.483191829+00:00"

@MarinPostma
Copy link
Contributor

this is not the only problem there is with reproducibility: #712

@MarinPostma MarinPostma added the enhancement New feature or improvement label Jul 8, 2020
@Kerollmops
Copy link
Member

@jelly thank you for this issue, I think being able to make the builds reproducible is a good thing.

I looked into the Version route and discovered that we initialize some env variables using the vergen crate.

Then we just output those when the version route is called.

We could probably export the VERGEN_BUILD_TIMESTAMP or even check if the SOURCE_DATE_EPOCH one exist and store it instead.

@Kerollmops
Copy link
Member

@jelly I found a better solution to this problem, we should use the VERGEN_COMMIT_DATE value, this way the build will be reproducible and based on the commit metadata.

@vladdy vladdy mentioned this issue Jan 6, 2021
Closed
@shekhirin shekhirin mentioned this issue Mar 30, 2021
Merged
@curquiza curquiza added this to the v0.21.0 milestone Jun 27, 2021
@curquiza
Copy link
Member

Fixed by the integration of the new search engine in #1421

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or improvement
Projects
No open projects
Fixed issues with v0.21.0
Misc
Milestone
v0.21.0
Development

No branches or pull requests
4 participants
@jelly @Kerollmops @curquiza @MarinPostma