Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure that root-of-trust binary artifacts can be reproducibly built #861

Closed
tiziano88 opened this issue Apr 17, 2020 · 0 comments
Closed

Ensure that root-of-trust binary artifacts can be reproducibly built #861

tiziano88 opened this issue Apr 17, 2020 · 0 comments
Assignees
@tiziano88
Labels
P0
Milestone
Trusted Aggregator

Comments

@tiziano88
Copy link
Collaborator

By "root-of-trust binary artifacts" I mean things like the executable oak_loader binary (C++ / Rust), and any Oak Module that may be used for declassification (e.g. the aggregator module), identified by a label with the corresponding hash.
@tiziano88 tiziano88 added this to the Trusted Aggregator milestone Apr 17, 2020
@tiziano88 tiziano88 self-assigned this Apr 17, 2020
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 17, 2020
@tiziano88
Add script to generate reproducibility index file
973a2e2 
Also check that it is consistent as part of cloud build.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 17, 2020
@tiziano88
Add script to generate reproducibility index file
1954ad5 
Also check that it is consistent as part of cloud build.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 17, 2020
@tiziano88
Add script to generate reproducibility index file
1cf83a1 
Also check that it is consistent as part of cloud build.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 17, 2020
@tiziano88
Add script to generate reproducibility index file
59e5aee 
Unfortunately, the artifacts are not actually reproducibly buildable
right now, so we cannot enforce this yet, but I'm checking in the
generated file that I get on my machine, which seems to differ between
my machine and GCP.

When we figure out the source of the discrepancy, then we can enforce
that the hashes are actually checked in when changes are made to the
source.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 17, 2020
@tiziano88
Add script to generate reproducibility index file
aff745a 
Unfortunately, the artifacts are not actually reproducibly buildable
right now, so we cannot enforce this yet, but I'm checking in the
generated file that I get on my machine, which seems to differ between
my machine and GCP.

When we figure out the source of the discrepancy, then we can enforce
that the hashes are actually checked in when changes are made to the
source.

Ref project-oak#861
@tiziano88 tiziano88 mentioned this issue Apr 17, 2020
Merged
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 17, 2020
@tiziano88
Add script to generate reproducibility index file
e7db323 
Also add a cloud build step to build the Rust oak_loader binary.

Unfortunately, the artifacts are not actually reproducibly buildable
right now, so we cannot enforce this yet, but I'm checking in the
generated file that I get on my machine, which seems to differ between
my machine and GCP.

When we figure out the source of the discrepancy, then we can enforce
that the hashes are actually checked in when changes are made to the
source.

Ref project-oak#861
This was referenced Apr 17, 2020
Closed
Closed
tiziano88 added a commit that referenced this issue Apr 19, 2020
@tiziano88
Add script to generate reproducibility index file (#860)
27f7d42 
Also add a cloud build step to build the Rust oak_loader binary.

Unfortunately, the artifacts are not actually reproducibly buildable
right now, so we cannot enforce this yet, but I'm checking in the
generated file that I get on my machine, which seems to differ between
my machine and GCP.

When we figure out the source of the discrepancy, then we can enforce
that the hashes are actually checked in when changes are made to the
source.

Ref #861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 20, 2020
@tiziano88
Include Rust oak_loader in reproducibilty index
24a8258 
Fixes project-oak#862
Ref project-oak#861
@tiziano88 tiziano88 mentioned this issue Apr 20, 2020
Merged
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 20, 2020
@tiziano88
Include Rust oak_loader in reproducibilty index
b3c0785 
Fixes project-oak#862
Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 20, 2020
@tiziano88
Include Rust oak_loader in reproducibilty index
2012fea 
Fixes project-oak#862
Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 20, 2020
@tiziano88
Include Rust oak_loader in reproducibilty index
841dacf 
Fixes project-oak#862
Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 21, 2020
@tiziano88
Include Rust oak_loader in reproducibilty index
06dca4f 
Fixes project-oak#862
Ref project-oak#861
tiziano88 added a commit that referenced this issue Apr 21, 2020
@tiziano88
Include Rust oak_loader in reproducibilty index (#880)
af85a1c 
Fixes #862
Ref #861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 22, 2020
@tiziano88
Rebuild reproducibility index on GitHub Actions
e7f6a64 
Revert af85a1c since it is too annoying
to keep the index in sync at each commit.

Supersedes project-oak#895

Ref project-oak#861
@tiziano88 tiziano88 mentioned this issue Apr 22, 2020
Merged
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 22, 2020
@tiziano88
Rebuild reproducibility index on GitHub Actions
fa80f4e 
Revert af85a1c since it is too annoying
to keep the index in sync at each commit.

Supersedes project-oak#895

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 22, 2020
@tiziano88
Rebuild reproducibility index on GitHub Actions
8894e4c 
Revert af85a1c since it is too annoying
to keep the index in sync at each commit.

Supersedes project-oak#895

Ref project-oak#861
tiziano88 added a commit that referenced this issue Apr 23, 2020
@tiziano88
Rebuild reproducibility index on GitHub Actions (#896)
dd3cdbd 
Revert af85a1c since it is too annoying
to keep the index in sync at each commit.

Supersedes #895

Ref #861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 23, 2020
@tiziano88
Fix posting reproducibility index to PR
cbc78f6 
The current version does not work because when running on merge events
the PR number is not present, so we need to look it up based on commit
SHA.

Ref project-oak#861
@tiziano88 tiziano88 mentioned this issue Apr 23, 2020
Merged
tiziano88 added a commit that referenced this issue Apr 23, 2020
@tiziano88
Fix posting reproducibility index to PR (#897)
89cb694 
The current version does not work because when running on merge events
the PR number is not present, so we need to look it up based on commit
SHA.

Ref #861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 30, 2020
@tiziano88
Track reproducibility index history
bd88f95 
Use a separate branch, and a similar workflow to that used for Rust
documentation, using GitHub Actions to push changes.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 30, 2020
@tiziano88
Track reproducibility index history
ad5a1f2 
Use a separate branch, and a similar workflow to that used for Rust
documentation, using GitHub Actions to push changes.

Ref project-oak#861
@tiziano88 tiziano88 mentioned this issue Apr 30, 2020
Merged
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 30, 2020
@tiziano88
Track reproducibility index history
a367e3e 
Use a separate branch, and a similar workflow to that used for Rust
documentation, using GitHub Actions to push changes.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 30, 2020
@tiziano88
Track reproducibility index history
ff8146f 
Use a separate branch, and a similar workflow to that used for Rust
documentation, using GitHub Actions to push changes.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 30, 2020
@tiziano88
Track reproducibility index history
4f4edc3 
Use a separate branch, and a similar workflow to that used for Rust
documentation, using GitHub Actions to push changes.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 30, 2020
@tiziano88
Track reproducibility index history
003c58a 
Use a separate branch, and a similar workflow to that used for Rust
documentation, using GitHub Actions to push changes.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 30, 2020
@tiziano88
Track reproducibility index history
28b708c 
Use a separate branch, and a similar workflow to that used for Rust
documentation, using GitHub Actions to push changes.

Ref project-oak#861
tiziano88 added a commit to tiziano88/oak that referenced this issue Apr 30, 2020
@tiziano88
Track reproducibility index history
affdeb5 
Use a separate branch, and a similar workflow to that used for Rust
documentation, using GitHub Actions to push changes.

Ref project-oak#861
tiziano88 added a commit that referenced this issue May 1, 2020
@tiziano88
Track reproducibility index history (#928)
18f7bba 
Use a separate branch, and a similar workflow to that used for Rust
documentation, using GitHub Actions to push changes.

Ref #861
tiziano88 added a commit to tiziano88/oak that referenced this issue May 4, 2020
@tiziano88
Free up space in reproducibility GitHub action
9ef64ed 
This was already done in the Rust doc generation GitHub action, and
seems necessary here too now.

Ref project-oak#861
@tiziano88 tiziano88 mentioned this issue May 4, 2020
Merged
tiziano88 added a commit that referenced this issue May 4, 2020
@tiziano88
Free up space in reproducibility GitHub action (#939)
f2d197c 
This was already done in the Rust doc generation GitHub action, and
seems necessary here too now.

Ref #861
@tiziano88 tiziano88 mentioned this issue May 12, 2020
Closed
tiziano88 added a commit that referenced this issue May 26, 2020
@tiziano88
Print reproducibility index diff
84cf14d 
This should make it easier to actually understand what targets were
affected by a PR.

Ref. #861
@tiziano88 tiziano88 added the P0 label May 26, 2020
@tiziano88 tiziano88 mentioned this issue May 26, 2020
Merged
tiziano88 added a commit that referenced this issue May 27, 2020
@tiziano88
Print reproducibility index diff (#1031)
5394666 
This should make it easier to actually understand what targets were
affected by a PR.

Ref. #861
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tiziano88 tiziano88

Labels
P0
Projects
None yet
Milestone
Trusted Aggregator
Development

No branches or pull requests
1 participant
@tiziano88