Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reproducible crate builds #8612

Closed
bk2204 opened this issue Aug 11, 2020 · 0 comments · Fixed by #8864
Closed

Reproducible crate builds #8612

bk2204 opened this issue Aug 11, 2020 · 0 comments · Fixed by #8864
Labels
A-reproducibility Area: reproducible / deterministic builds C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` Command-package

Comments

@bk2204
Copy link
Contributor

bk2204 commented Aug 11, 2020

Describe the problem you are trying to solve
I'd like to provide a way for folks who receive my crate from crates.io to have confidence that it is exactly identical to the one built from the source.

Describe the solution you'd like
I'd like to have a reproducible crate build so that running crate package on two different systems (with the same version of cargo) produces bit-for-bit identical archives. I imagine that would look like this:

  • Taking the date for every file in the archive from the SOURCE_DATE_EPOCH environment variable or the latest commit, if the working tree is unmodified and version controlled.
  • Setting the user and group IDs to 0.
  • Picking fixed values for device and inode numbers in the tar archive.

Possibly this could be controlled with a flag if having it as the default behavior isn't wanted.

Notes
More information about reproducible builds and why they're valuable can be found at https://reproducible-builds.org/. I'm happy to implement this if folks think it's a good idea.
@bk2204 bk2204 added the C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` label Aug 11, 2020
@ehuss ehuss added A-reproducibility Area: reproducible / deterministic builds Command-package labels Aug 19, 2020
@bk2204 bk2204 mentioned this issue Nov 15, 2020
Merged
@bors bors closed this as completed in 668a6c6 Nov 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-reproducibility Area: reproducible / deterministic builds C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` Command-package
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Reproducible crate builds bk2204/cargo
2 participants
@ehuss @bk2204