Skip to content

Use a deterministic hashmap for reproducible builds #3445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Feb 17, 2023
Merged

Use a deterministic hashmap for reproducible builds #3445

merged 5 commits into from
Feb 17, 2023

Conversation

ilmanzo
Copy link
Contributor

@ilmanzo ilmanzo commented Feb 15, 2023

Changes

Replace HashMap usage in seccomp with BTreeMap to preserve order of items.
This enable reproducible builds (see issue #3439)

Reason

fixes #3439

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following
Developer Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • If a specific issue led to this PR, this PR closes the issue.
  • The description of changes is clear and encompassing.
  • Any required documentation changes (code and docs) are included in this PR.
  • API changes follow the Runbook for Firecracker API changes.
  • User-facing changes are mentioned in CHANGELOG.md.
  • All added/changed functionality is tested.
  • New TODOs link to an issue.
  • Commits meet contribution quality standards.
  • This functionality can be added in rust-vmm.

@ilmanzo ilmanzo force-pushed the reproducible_builds branch from 4d12e4c to ff2afa8 Compare February 15, 2023 16:29
@bmwiedemann bmwiedemann mentioned this pull request Feb 16, 2023
Closed
@roypat
Copy link
Contributor

roypat commented Feb 16, 2023

Good morning! Sorry for not getting back to you yesterday.

I did trigger the CI for you, and it seems there's some build/clippy failures in the unit tests. Could you have a look at those?

@ilmanzo
Use a deterministic hashmap for reproducible builds
c99d5bd 
Signed-off-by: Andrea Manzini <ilmanzo@gmail.com>
@ilmanzo ilmanzo force-pushed the reproducible_builds branch from ff2afa8 to c99d5bd Compare February 16, 2023 09:46
roypat
roypat approved these changes Feb 16, 2023
View reviewed changes
Copy link
Contributor

@roypat roypat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! The binary files produced are indeed identical across runs now:

$ for i in $(seq 100) ; do cargo run -p seccompiler -- --input-file resource/seccomp/unimplemented.json --target-arch x86_64 --output-file x > /dev/null ; md5sum x ; done | sort | uniq -c
100 ccf7c06d325fee897449f7a3a698a243  x

@roypat roypat requested a review from a team February 16, 2023 10:54
@luminitavoicu
Copy link
Contributor

I think it would be worth adding a CHANGELOG.md entry for this, @pb8o @roypat WDYT? It should be under:
## Unreleased -> ###Changed

@roypat
Copy link
Contributor

roypat commented Feb 17, 2023

Synced with @luminitavoicu off-line and decided to merge this as is. We'll have to do some changelog work before the release anyway, so we'll just add an entry when that happens

@roypat roypat merged commit 2ad11bf into firecracker-microvm:main Feb 17, 2023
roypat added a commit to roypat/firecracker that referenced this pull request Feb 17, 2023
@roypat
chore: Update CHANGELOG.md
b0e4c0e 
Added missing entries for 1.3 release
- bchalios@'s net scatter-gather improvements (firecracker-microvm#2958)
- seccompiler change to make builds reproducible (firecracker-microvm#3445)

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
roypat added a commit to roypat/firecracker that referenced this pull request Feb 17, 2023
@roypat
chore: Update CHANGELOG.md
3f1b7fe 
Added missing entries for 1.3 release
- bchalios@'s net scatter-gather improvements (firecracker-microvm#2958)
- seccompiler change to make builds reproducible (firecracker-microvm#3445)

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
roypat added a commit to roypat/firecracker that referenced this pull request Feb 17, 2023
@roypat
chore: Update CHANGELOG.md
0e3bd2e 
Added missing entries for 1.3 release
- bchalios@'s net scatter-gather improvements (firecracker-microvm#2958)
- seccompiler change to make builds reproducible (firecracker-microvm#3445)

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
luminitavoicu pushed a commit that referenced this pull request Feb 17, 2023
@roypat @luminitavoicu
chore: Update CHANGELOG.md
0fa36b3 
Added missing entries for 1.3 release
- bchalios@'s net scatter-gather improvements (#2958)
- seccompiler change to make builds reproducible (#3445)

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@kalyazin kalyazin mentioned this pull request Feb 28, 2023
Merged
jkrshnmenon pushed a commit to jkrshnmenon/firecracker that referenced this pull request Mar 7, 2023
@roypat
chore: Update CHANGELOG.md
90155db 
Added missing entries for 1.3 release
- bchalios@'s net scatter-gather improvements (firecracker-microvm#2958)
- seccompiler change to make builds reproducible (firecracker-microvm#3445)

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
JonathanWoollett-Light pushed a commit to JonathanWoollett-Light/firecracker that referenced this pull request Mar 17, 2023
@roypat @zulinx86
chore: Update CHANGELOG.md
8bf46f8 
Added missing entries for 1.3 release
- bchalios@'s net scatter-gather improvements (firecracker-microvm#2958)
- seccompiler change to make builds reproducible (firecracker-microvm#3445)

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pb8o pb8o pb8o approved these changes

@roypat roypat roypat approved these changes

Assignees

@ilmanzo ilmanzo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Improvement] Reproducible builds
4 participants
@ilmanzo @roypat @luminitavoicu @pb8o