Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deterministic build: Lock binary dependencies #2238

Closed
ebuchman opened this issue Aug 16, 2018 · 3 comments
Closed

Deterministic build: Lock binary dependencies #2238

ebuchman opened this issue Aug 16, 2018 · 3 comments
Assignees
@ValarDragon
Labels
C:abci Component: Application Blockchain Interface T:security Type: Security (specify priority)
Projects
Launch
Milestone
launch

Comments

@ebuchman
Copy link
Contributor

Our Makefile uses a GOTOOLS array to list the binary dependencies written in Go that can be easily fetched/built with go get, however it doesn't provide any way to specify which version of said binaries to use.

This can lead to unwanted changes due to updated binaries, eg. when updating ABCI - #2159 (comment)
@ebuchman ebuchman added this to the launch milestone Aug 16, 2018
@ebuchman ebuchman added C:abci Component: Application Blockchain Interface tools T:security Type: Security (specify priority) labels Aug 16, 2018
@ebuchman ebuchman mentioned this issue Aug 16, 2018
Merged
4 tasks
@ebuchman
Copy link
Contributor Author

What's the deal with the protobuf output there anyways, with all the XXX prefixed struct fields. Is that really what we want?

@silasdavis
Copy link
Contributor

You can remove a lot of that with gogo proto: https://github.com/gogo/protobuf/blob/master/extensions.md (search XXX).

@ebuchman ebuchman modified the milestones: launch, launch-critical Sep 13, 2018
@xla xla added this to Queued in Launch Oct 3, 2018
@ebuchman ebuchman changed the title Lock binary dependencies Deterministic build: Lock binary dependencies Oct 4, 2018
@ValarDragon ValarDragon self-assigned this Oct 4, 2018
ValarDragon added a commit that referenced this issue Oct 5, 2018
@ValarDragon
Lock binary dependencies to specific commits
0448bb9 
Pulling revisions was relegated to scripts/get_tools.sh
The solution there isn't that elegant, but it works.
A more elegant + clean solution would be using python, but
we probably don't want to introduce that as a dependency.

I think we can leave it right now as a shell file with redundant
code, and improve the build process #postlaunch.

The linters which gometalinters are versioned according to gometalinters
install.sh. Its not locking to commit (AFAIK), but I think this is fine
as that is purely dev tooling and doesn't affect the code.

Closes #2238
@ValarDragon ValarDragon mentioned this issue Oct 5, 2018
Merged
4 tasks
@ebuchman
Copy link
Contributor Author

ebuchman commented Oct 6, 2018

Closing for #2550

@ebuchman ebuchman closed this as completed Oct 6, 2018
Launch automation moved this from Queued to Done Oct 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ValarDragon ValarDragon

Labels
C:abci Component: Application Blockchain Interface T:security Type: Security (specify priority)
Projects
No open projects
Launch
  
Done
Milestone
launch
Development

No branches or pull requests
3 participants
@silasdavis @ebuchman @ValarDragon